A zero-day vulnerability in open-source Kubernetes development tool Argo lets malicious people steal passwords from git-crypt and other sensitive information by simply uploading a crafted Helm chart.
Charts are the actual packaging format of ubiquitous tool-for-managing-Kubernetes applications Helm.
The vuln, tracked as CVE-2022-24438, exists in Argo CD, a widely used open-source continuous delivery tool for Kubernetes. Patched versions available from the project’s maintainers are 2.19, 2.2.4 and 2.3.0.
Read more…
Source: The Register