cvedb.io
CVE-2022-24731
MEDIUM · CVSS 6.8
EPSS exploitation probability: 0%
Published 2022-03-23T21:15:08.083 · Last modified 2026-06-17T04:32:23.490

Summary

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.5.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal vulnerability, allowing a malicious user with read/write access to leak sensitive files from Argo CD's repo-server. A malicious Argo CD user who has been granted `create` or `update` access to Applications can leak the contents of any text file on the repo-server. By crafting a malicious Helm chart and using it in an Application, the attacker can retrieve the sensitive file's contents either as part of the generated manifests or in an error message. The attacker would have to know or guess the location of the target file. Sensitive files which could be leaked include files from another Application's sour

Affected products

argoproj — argo_cd

Does this affect you?

Add your gear to cvedb and we'll alert you only when argoproj ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.