C-0081 - CVE-2022-24348-argocddirtraversal
Description of the the issue
CVE-2022-24348 is a major software supply chain 0-day vulnerability in the popular open source CD platform Argo CD. Exploiting it enables attackers to obtain sensitive information like credentials, secrets, API keys from other applications on the platform. This in turn can lead to privilege escalation, lateral movements and information disclosure.
What does this control test
Checking Linux kernel version of the Node objects, if it is above 5.1 or below 5.16.2 it fires an alert
Update your ArgoCD deployment to fixed versions (v2.1.9,v2.2.4 or v2.3.0)
Updated 10 days ago