Описание
Argo CD is a declarative continuous deployment framework for Kubernetes. In Argo CD versions prior to 2.3 (starting at least in v0.1.0, but likely in any version using Helm before 2.3), using a specifically-crafted Helm file could reference external Helm charts handled by the same repo-server to leak values, or files from the referenced Helm Chart. This was possible because Helm paths were predictable. The vulnerability worked by adding a Helm chart that referenced Helm resources from predictable paths. Because the paths of Helm charts were predictable and available on an instance of repo-server, it was possible to reference and then render the values and resources from other existing Helm charts regardless of permissions. While generally, secrets are not stored in these files, it was nevertheless possible to reference any values from these charts. This issue was fixed in Argo CD 2.3 and subsequent versions by randomizing Helm paths. User's still using Argo CD 2.3 or below are advised to update to a supported version. If this is not possible, disabling Helm chart rendering, or using an additional repo-server for each Helm chart would prevent possible exploitation.
A flaw was found in Argo CD. For any version using Helm, using a specially crafted Helm file could reference external Helm charts handled by the same repo-server to leak values or files from the referenced Helm Chart. This issue is possible because the Helm paths were predictable.
Меры по смягчению последствий
Disabling Helm chart rendering, or using an additional repo-server for each Helm chart would prevent possible exploitation.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Advanced Cluster Management for Kubernetes 2 | acm-cluster-templates-operator-container | Not affected | ||
| Red Hat Openshift Data Foundation 4 | odf4/odr-rhel8-operator | Not affected | ||
| Red Hat OpenShift GitOps | openshift-gitops-1/argocd-rhel8 | Not affected | ||
| Red Hat OpenShift GitOps | openshift-gitops-1/gitops-rhel8 | Not affected | ||
| Red Hat OpenShift GitOps | openshift-gitops-1/gitops-rhel8-operator | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5 Medium
CVSS3
Связанные уязвимости
Argo CD is a declarative continuous deployment framework for Kubernetes. In Argo CD versions prior to 2.3 (starting at least in v0.1.0, but likely in any version using Helm before 2.3), using a specifically-crafted Helm file could reference external Helm charts handled by the same repo-server to leak values, or files from the referenced Helm Chart. This was possible because Helm paths were predictable. The vulnerability worked by adding a Helm chart that referenced Helm resources from predictable paths. Because the paths of Helm charts were predictable and available on an instance of repo-server, it was possible to reference and then render the values and resources from other existing Helm charts regardless of permissions. While generally, secrets are not stored in these files, it was nevertheless possible to reference any values from these charts. This issue was fixed in Argo CD 2.3 and subsequent versions by randomizing Helm paths. User's still using Argo CD 2.3 or below are advised
Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server
EPSS
5 Medium
CVSS3