CVE-2022-24348 Argo CD 2.1.9 and 2.2.4 has an issue in repository.go that allows for directory traversal.

CVE-2022-24348 Argo CD 2.1.9 and 2.2.4 has an issue in repository.go that allows for directory traversal.

There was no trigger for this vulnerability and it was identified through static analysis. Argo CD versions 2.1.9 and 2.2.x before 2.2.4 are vulnerable. It is highly recommended for all users to upgrade as soon as possible. Red Hat would like to thank David Dias of IBM for reporting this issue. Argo CD versions 2.1.9 and 2.2.x before 2.2.4 are vulnerable. It is highly recommended for all users to upgrade as soon as possible. Red Hat would like to thank David Dias of IBM for reporting this issue. Red Hat Enterprise Linux 6 and 7 Argo CD versions 2.1.9 and 2.2.x before 2.2.4 are vulnerable. It is highly recommended for all users to upgrade as soon as possible. Red Hat would like to thank David Dias of IBM for reporting this issue. Red Hat Enterprise Linux 6 and 7 are no longer supported. Red Hat recommends that customers migrate these platforms to Red Hat Enterprise Linux 5, 6, or 7. For more information on upgrading, see https://access.redhat.com/articles/1092

Solution

A fix is available and should be applied to Argo CD versions 2.1.9 and 2.2.x before 2.2.4
Red Hat Enterprise Linux 6 and 7

Products and versions affected by CVE-2022-24348

The affected versions of Argo CD are version 2.1.9 and 2.2.x before 2.2.4. Red Hat recommends that customers upgrade to 2.2.4 or later versions as soon as possible.

Credit

The vulnerability CVE-2022-24348 was found by static analysis and reported to Red Hat by David Dias of IBM.

Outsourcing: 5 Reasons Why Outsourcing is a Good Strategy

Red Hat Enterprise Linux 5

, 6, and 7
Red Hat Enterprise Linux 5, 6, and 7 are no longer supported. Red Hat recommends that customers migrate these platforms to Red Hat Enterprise Linux 5, 6, or 7. For more information on upgrading, see https://access.redhat.com/articles/1092

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe