CVE-2022-24731

Name of the Vulnerable Software and Affected Versions Argo CD versions 1.5.0 through 2.1.10 Argo CD versions 2.2.0 through 2.2.5 Argo CD versions 2.3.0 and earlier, excluding 2.3.0

Description A path traversal vulnerability in Argo CD allows a malicious user with read/write access to leak sensitive files from Argo CD's repo-server. A malicious Argo CD user who has been granted create or update access to Applications can leak the contents of any text file on the repo-server. By crafting a malicious Helm chart and using it in an Application, the attacker can retrieve the sensitive file's contents either as part of the generated manifests or in an error message. The attacker would have to know or guess the location of the target file. Sensitive files which could be leaked include files from another Application's source repositories or any secrets which have been mounted as files on the repo-server.

Recommendations For Argo CD versions 1.5.0 through 2.1.10, update to version 2.1.11 or later. For Argo CD versions 2.2.0 through 2.2.5, update to version 2.2.6 or later. For Argo CD versions prior to 2.3.0, update to version 2.3.0 or later. As a temporary workaround, consider avoiding storing secrets in git, avoiding mounting secrets as files on the repo-server, avoiding decrypting secrets into files on the repo-server, and carefully limiting who can create or update Applications.