CVE-2022-24730 – Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server

https://notcve.org/view.php?id=CVE-2022-24730

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.3.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal bug, compounded by an improper access control bug, allowing a malicious user with read-only repository access to leak sensitive files from Argo CD's repo-server. A malicious Argo CD user who has been granted `get` access for a repository containing a Helm chart can craft an API request to the `/api/v1/repositories/{repo_url}/appdetails` endpoint to leak the contents of out-of-bounds files from the repo-server. The malicious payload would reference an out-of-bounds file, and the contents of that file would be returned as part of the response. Contents from a non-YAML file may be returned as part of an error message. • https://github.com/argoproj/argo-cd/security/advisories/GHSA-r9cr-hvjj-496v https://access.redhat.com/security/cve/CVE-2022-24730 https://bugzilla.redhat.com/show_bug.cgi?id=2062751 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control CWE-863: Incorrect Authorization •