Directory Traversal Vulnerability in Argo CD Allows Unauthorized Access to Helm Charts

Directory Traversal Vulnerability in Argo CD Allows Unauthorized Access to Helm Charts

CVE-2022-24348 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file.

Learn more about our Web Application Penetration Testing UK.