The popular continuous-delivery platform has a path-traversal bug (CVE-2022-24348) that could allow cyber-attackers to hop from one application ecosystem to another.
A high-severity security vulnerability in Argo CD can enable attackers to access targets’ application-development environments, paving the way for stealing passwords, API keys, tokens and other sensitive information.
Argo CD is a continuous-delivery platform deployed as a Kubernetes controller in the cloud, and it’s used to deploy applications, then continuously monitor them in real time as they run.
The bug is a path-traversal issue, according to Apiiro’s security-research team, which occurs when adversaries are able to access files and directories that are stored outside their permissioned purview. It carries a score of 7.7 out of 10 o the CVSS vulnerability-severity scale.