There was no trigger for this vulnerability and it was identified through static analysis. Argo CD versions 2.1.9 and 2.2.x before 2.2.4 are vulnerable. It is highly recommended for all users to upgrade as soon as possible. Red Hat would like to thank David Dias of IBM for reporting this issue. Argo CD versions 2.1.9 and 2.2.x before 2.2.4 are vulnerable. It is highly recommended for all users to upgrade as soon as possible. Red Hat would like to thank David Dias of IBM for reporting this issue. Red Hat Enterprise Linux 6 and 7 Argo CD versions 2.1.9 and 2.2.x before 2.2.4 are vulnerable. It is highly recommended for all users to upgrade as soon as possible. Red Hat would like to thank David Dias of IBM for reporting this issue. Red Hat Enterprise Linux 6 and 7 are no longer supported. Red Hat recommends that customers migrate these platforms to Red Hat Enterprise Linux 5, 6, or 7. For more information on upgrading, see https://access.redhat.com/articles/1092
Solution
A fix is available and should be applied to Argo CD versions 2.1.9 and 2.2.x before 2.2.4
Red Hat Enterprise Linux 6 and 7
Products and versions affected by CVE-2022-24348
The affected versions of Argo CD are version 2.1.9 and 2.2.x before 2.2.4. Red Hat recommends that customers upgrade to 2.2.4 or later versions as soon as possible.
Credit
The vulnerability CVE-2022-24348 was found by static analysis and reported to Red Hat by David Dias of IBM.
Outsourcing: 5 Reasons Why Outsourcing is a Good Strategy
Red Hat Enterprise Linux 5
, 6, and 7
Red Hat Enterprise Linux 5, 6, and 7 are no longer supported. Red Hat recommends that customers migrate these platforms to Red Hat Enterprise Linux 5, 6, or 7. For more information on upgrading, see https://access.redhat.com/articles/1092
Timeline
Published on: 02/04/2022 21:15:00 UTC
Last modified on: 02/09/2022 13:53:00 UTC