{"vulnerability": "CVE-2022-24348", "sightings": [{"uuid": "85db0585-f561-4f4d-9190-23be005d3b16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24348", "type": "seen", "source": "https://gist.github.com/AyushyaChitransh/3b69f94e19b188ba41ee0c49a282e64c", "content": "", "creation_timestamp": "2025-03-13T20:14:03.000000Z"}, {"uuid": "99ed102d-943d-4c8e-9048-51346a35b51e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24348", "type": "seen", "source": "https://t.me/cKure/8719", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 Zero-Day: Users of the Argo continuous deployment (CD) tool for Kubernetes are being urged to push through updates after a zero-day vulnerability was found that could allow an attacker to extract sensitive information such as passwords and API keys. The flaw, tagged as CVE-2022-24348 (CVSS score: 7.7), affects all versions and has been addressed in versions 2.3.0, 2.2.4, and 2.1.9.", "creation_timestamp": "2022-02-06T14:46:31.000000Z"}, {"uuid": "36291ca1-53c9-4b78-9b08-0f952e499afa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24348", "type": "seen", "source": "https://t.me/cibsecurity/36862", "content": "\u274c Argo CD Security Bug Opens Kubernetes Cloud Apps to Attackers \u274c\n\nThe popular continuous-delivery platform has a path-traversal bug (CVE-2022-24348) that could allow cyberattackers to hop from one application ecosystem to another.\n\n\ud83d\udcd6 Read\n\nvia \"Threat Post\".", "creation_timestamp": "2022-02-04T19:47:38.000000Z"}, {"uuid": "6e19a463-ef90-4fe1-a2e2-8276c347fdad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24348", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1488", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-24348 Test\nURL\uff1ahttps://github.com/mochizuki875/helm-sample", "creation_timestamp": "2022-02-10T09:57:42.000000Z"}, {"uuid": "d9a15f00-e51f-403d-8a85-41c16990df82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24348", "type": "exploited", "source": "https://t.me/thehackernews/1860", "content": "A new vulnerability (CVE-2022-24348) has been discovered in Argo CD, which is used by thousands of organizations globally, could let hackers steal sensitive information such as secrets, passwords, and API keys from Kubernetes apps.\n\nDetails: https://thehackernews.com/2022/02/new-argo-cd-bug-could-let-hackers-steal.html", "creation_timestamp": "2022-02-06T06:49:12.000000Z"}, {"uuid": "17859613-64d5-4507-8d60-b05388c06766", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24348", "type": "seen", "source": "https://t.me/cibsecurity/36888", "content": "\u203c CVE-2022-24348 \u203c\n\nArgo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-05T00:31:17.000000Z"}, {"uuid": "ceccac1b-7829-41eb-ade3-2bc0f87258d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24348", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5367", "content": "#Threat_Research\n1. CVE-2022-24348:\nCharts can be used to steal sensitive information from Argo CD deployments\nhttps://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments\n2. Shadow Credentials\nhttps://pentestlab.blog/2022/02/07/shadow-credentials", "creation_timestamp": "2022-02-08T11:01:01.000000Z"}]}