Bug 2062755 (CVE-2022-24731)
Summary: | CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | scorneli, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | argocd 2.3.0, argocd 2.2.6, argocd 2.1.11 | Doc Type: | If docs needed, set a value |
Doc Text: |
A path traversal flaw was found in ArgoCD. This flaw allows an attacker who has been granted create or update access to applications to leak the contents of any text file on the repo-server by crafting a malicious Helm chart. Such text files could include sensitive information that the attacker should not have access to, compromising data confidentiality.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2022-03-24 00:01:54 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 2062752 |
Description
Marian Rehak
2022-03-10 14:14:18 UTC
This issue has been addressed in the following products: Red Hat OpenShift GitOps 1.3 Via RHSA-2022:1040 https://access.redhat.com/errata/RHSA-2022:1040 This issue has been addressed in the following products: Red Hat OpenShift GitOps 1.4 Via RHSA-2022:1041 https://access.redhat.com/errata/RHSA-2022:1041 This issue has been addressed in the following products: Red Hat OpenShift GitOps 1.2 Via RHSA-2022:1039 https://access.redhat.com/errata/RHSA-2022:1039 This issue has been addressed in the following products: Red Hat OpenShift GitOps 1.3 Via RHSA-2022:1042 https://access.redhat.com/errata/RHSA-2022:1042 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-24731 |