Open-source Kubernetes tool Argo CD has a high-severity path traversal flaw: Patch now

A zero-day vulnerability in open-source Kubernetes development tool Argo lets malicious people steal passwords from git-crypt and other sensitive information by simply uploading a crafted Helm chart.

Charts are the actual packaging format of ubiquitous tool-for-managing-Kubernetes applications Helm.

The vuln, tracked as CVE-2022-24438, exists in Argo CD, a widely used open-source continuous delivery tool for Kubernetes. Patched versions available from the project’s maintainers are 2.19, 2.2.4 and 2.3.0.

Read more…
Source: The Register