Improper Link Resolution Before File Access ('Link Following')
CVE-2022-31036
Summary
Argo CD is vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A malicious Argo CD user with write access for a repository which is (or may be) used in a Helm-type Application may commit a symlink which points to an out-of-bounds file. If the target file is a valid YAML file, the attacker can read the contents of that file. Sensitive files which could be leaked include manifest files from other Applications' source repositories (potentially decrypted files, if you are using a decryption plugin) or any YAML-formatted secrets which have been mounted as files on the repo-server. This issue affects versions 1.3.0-rc1 through 2.1.15, 2.2.0-rc1 through 2.2.9, 2.3.0-rc1 through 2.3.4, and 2.4.0-rc1 through 2.4.0.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- LOW
- LOW
- NONE
CWE-59 - Improper Link Resolution Before File Access
'Improper link resolution before file access' occurs when software accesses a file resource but fails to verify that the file isn't a link or shortcut to another file. An attacker can potentially gain access to arbitrary files and from there the impact can vary, depending on the application, from sensitive data exposure to remote code execution.
References
Advisory Timeline
- Published
