Path traversal allows leaking out-of-bound files from Argo CD repo-server

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.5.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal vulnerability, allowing a malicious user with read/write access to leak sensitive files from Argo CD's repo-server. A malicious Argo CD user who has been granted `create` or `update` access to Applications can leak the contents of any text file on the repo-server. By crafting a malicious Helm chart and using it in an Application, the attacker can retrieve the sensitive file's contents either as part of the generated manifests or in an error message. The attacker would have to know or guess the location of the target file. Sensitive files which could be leaked include files from another Application's source repositories or any secrets which have been mounted as files on the repo-server. This vulnerability is patched in Argo CD versions 2.1.11, 2.2.6, and 2.3.0. The problem can be mitigated by avoiding storing secrets in git, avoiding mounting secrets as files on the repo-server, avoiding decrypting secrets into files on the repo-server, and carefully limiting who can `create` or `update` Applications.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

对路径名的限制不恰当(路径遍历)

GitHub argo-cd 访问控制错误漏洞

GitHub argo-cd是 （Github）开源的一个应用软件。用于Kubernetes的声明性GitOps连续交付工具。 GitHub argo-cd 存在访问控制错误漏洞，该漏洞源于ArgoCD存在路径遍历缺陷。攻击者利用该漏洞制作特制的 Helm 图表来泄漏存储库服务器上任何文本文件的内容，此类文本文件包含敏感信息，从而损害数据机密性。

N/A

N/A