SB2022030706 - Multiple vulnerabilities in Argo CD

Description

This security bulletin contains information about 2 vulnerabilities.

1) Type Confusion (CVE-ID: CVE-2021-23820)

CWE-ID: CWE-843 - Type confusion

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error. A remote attacker can pass specially crafted data to the application, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

2) Relative Path Traversal (CVE-ID: CVE-2023-40026)

CWE-ID: CWE-23 - Relative Path Traversal

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to relative path traversal in the Argo CD repo-server Helm chart handling when processing a specially crafted Helm file. A remote user can reference external Helm charts handled by the same repo-server to disclose sensitive information.

The issue can expose values or files from other existing Helm charts regardless of permissions because Helm chart paths were predictable.

Remediation

Install update from vendor's website.

References

• https://github.com/argoproj/argo-cd/releases/tag/v2.3.0
• https://github.com/argoproj/argo-cd/security/advisories/GHSA-6jqw-jwf5-rp8h
• https://github.com/argoproj/argo-cd/security/advisories/GHSA-63qx-x74g-jcr7