#VU63411 UNIX symbolic link following in Argo CD - CVE-2022-24904

Cybersecurity Help s.r.o.

Published: 2022-05-19 | Updated: 2022-05-19

Vulnerability identifier: #VU63411

Vulnerability risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-24904

CWE-ID: CWE-61

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Argo CD
Web applications / Modules and components for CMS

Vendor: Argo

Description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue. A remote user with repository write access can create a specially crafted symbolic link to a critical file and leak sensitive files from Argo CD's repo-server, such as manifests and JSON files.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Argo CD: 0.7.0 - 0.7.2, 0.8.0 - 0.8.2, 0.9.0 - 0.9.2, 0.10.0 - 0.12.3, 1.0.0 - 1.0.2, 1.1.0 - 1.1.2, 1.2.0 - 1.2.5, 1.3.0 - 1.3.6, 1.4.0 - 1.4.3, 1.5.0 - 1.5.8, 1.6.0 - 1.6.2, 1.7.0 - 1.7.14, 1.8.0 - 1.8.7, 2.0.0 - 2.0.5, 2.1.0 - 2.1.14, 2.2.0 - 2.2.8, 2.3.0 - 2.3.3

External links
https://bugzilla.redhat.com/show_bug.cgi?id=2081691
https://github.com/argoproj/argo-cd/security/advisories/GHSA-6gcg-hp2x-q54h

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Argo CD