CVE-2022-24348

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-24348

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24348.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-24348

Aliases

Related

GHSA-63qx-x74g-jcr7

Published

2022-02-04T21:15:08.103Z

Modified

2026-02-11T13:23:36.801502Z

Severity

7.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file.

References

Affected packages

Git / github.com/argoproj/argo-cd

Affected ranges

Type: GIT
Repo: https://github.com/argoproj/argo-cd
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5c51d5dae0a8c8940979db3eff5cc6be7bff9250

Introduced

6da92a8e8103ce4145bb0fe2b7e952be79c9ff0a

Fixed

78d749ec88bea5a5e851fc48b9404fdf067192b6

Affected versions

v2.*

v2.2.0

v2.2.1

v2.2.2

v2.2.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24348.json"