CVE-2022-24348

Description from NVD

Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file.

Information Acquisition Date:2022-02-28T16:40Z
CVSS 2.0: 4.0 MEDIUM CVSS 3.x: 7.7 HIGH

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

▼ CVSS2 Vec AV:N/AC:L/Au:S/C:P/I:N/A:N

NVD References

 https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/
     source:MISC
     tags:Exploit    Third Party Advisory    
 https://github.com/argoproj/argo-cd/security/advisories/GHSA-63qx-x74g-jcr7
     source:CONFIRM
     tags:Exploit    Third Party Advisory    

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag:

List of frequently cited URLs

URLNum of Times Referred to
https://ift2374
https://alerts.vulmon.com/?utm_source=twitter&utm_medium=so...174
https://cvetrends.com49
https://thehackernews.com/2022/02/new-argo-cd-bug-could-let...10
https://apiiro.com/blog/malicious-kubernetes-helm-charts-ca...5
https://www.armosec.io/blog/cve-2022-24348-argo-kubernetes5
https://opsmtrs.com/3fde7yI4
https://twitter.com/TheHackersNews/status/14902008527572910093
https://threatpost.com/argo-cd-security-bug-kubernetes-clou...3

Information from Twitter

User URL Info Source Date
Typhon666_death https://www.armosec.io/blog/cve-2022-24348-argo-kubernetes Source Typhon666_death 1517469229557379072 2022/04/22
ApiiroSecurity https://hubs.ly/Q01bhsFz0 Source ApiiroSecurity   1525625327145594880 2022/05/15
tiffanyfayj https://twitter.com/tiffanyfayj/status/1526125349381234688/... Source tiffanyfayj      1526125349381234688 2022/05/16
VulmonFeeds https://alerts.vulmon.com/?utm_source=twitter&utm_medium=so... Source VulmonFeeds      1528356287586750465 2022/05/22
GeekmomK https://ed.gr/dv2e1 Source GeekmomK         1532399210250780674 2022/06/03

List of frequently cited URLs

URLNum of Times Referred to
ift2374
alerts.vulmon.com174
cvetrends.com49
thehackernews.com10
apiiro.com5
www.armosec.io5
opsmtrs.com4
twitter.com3
threatpost.com3

Information from Twitter

User URL Info Source
Typhon666_death armosec.io Show Tweet
ApiiroSecurity hubs.ly Show Tweet
tiffanyfayj twitter.com Show Tweet
VulmonFeeds alerts.vulmon.com Show Tweet
GeekmomK ed.gr Show Tweet
GitHub Search Results: Up to 10
NameURL
No Data
GitHub Search Results: Up to 10
NameURL
No Data
2022/06/03 Score : 1
Added Har-sia Database : 2022/02/04
Last Modified : 2022/06/03
Highest Scored Date : 2022/02/07
Highest Score : 40