CVE-2022-24348 PoC — GitHub argo-cd 路径遍历漏洞

Source

https://github.com/jkroepke/CVE-2022-24348-2

Associated Vulnerability

Title:GitHub argo-cd 路径遍历漏洞 (CVE-2022-24348)
Description:GitHub argo-cd是（Github）开源的一个应用软件。用于Kubernetes的声明性GitOps连续交付工具。 GitHub argo-cd 存在路径遍历漏洞，该漏洞源于repository.go中的helmTemplate中的错误，攻击者利用该漏洞可能能够发现存储在YAML文件中的凭证。

Description

Find similar issues like CVE-2022-24348

File Snapshot


 [4.0K]  /data/pocs/ce95da0ff35e3a83062fd20b464fc10754452cd9
├── [ 327]  applications.yaml
└── [4.0K]  charts
    ├── [4.0K]  helm-file-get
    │   ├── [  91]  Chart.yaml
    │   ├── [4.0K]  files
    │   │   └── [4.0K]  etc
    │   │       └── [  10]  hosts -> /etc/hosts
    │   ├── [4.0K]  templates
    │   │   └── [ 123]  configmap.yaml
    │   └── [  24]  values.yaml
    └── [4.0K]  helm-file-get-wrapper
        ├── [ 237]  Chart.lock
        ├── [4.0K]  charts
        │   └── [ 892]  helm-file-get-0.2.0.tgz
        ├── [ 216]  Chart.yaml
        ├── [4.0K]  templates
        └── [   0]  values.yaml

8 directories, 9 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!