Access Restriction Bypass Affecting github.com/argoproj/argo-cd/v2/server/application package, versions >=0.5.0 <2.1.14 >=2.2.0 <2.2.8 >=2.3.0 <2.3.2
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-GOLANG-GITHUBCOMARGOPROJARGOCDV2SERVERAPPLICATION-2432816
- published 24 Mar 2022
- disclosed 24 Mar 2022
- credit Unknown
Introduced: 24 Mar 2022
CVE-2022-24768 Open this link in a new tabHow to fix?
Upgrade github.com/argoproj/argo-cd/v2/server/application to version 2.1.14, 2.2.8, 2.3.2 or higher.
Overview
github.com/argoproj/argo-cd/v2/server/application is a declarative, GitOps continuous delivery tool for Kubernetes.
Affected versions of this package are vulnerable to Access Restriction Bypass. This allows an authenticated malicious user with push access to an application's source Git or Helm repository, or sync and override access the application, to potentially escalate their privileges. Once a user has that access, different exploitation levels are possible depending on their other RBAC privileges.