C-0081 - CVE-2022-24348-argocddirtraversal
Framework
ArmoBest, AllControls
Severity
Medium
Description of the the issue
CVE-2022-24348 is a major software supply chain 0-day vulnerability in the popular open source CD platform Argo CD. Exploiting it enables attackers to obtain sensitive information like credentials, secrets, API keys from other applications on the platform. This in turn can lead to privilege escalation, lateral movements and information disclosure.
Related resources
Deployment
What does this control test
Checking Linux kernel version of the Node objects, if it is above 5.1 or below 5.16.2 it fires an alert
Remediation
Update your ArgoCD deployment to fixed versions (v2.1.9,v2.2.4 or v2.3.0)
Example
Updated 3 days ago