What is CVE-2022-24730?

CVE-2022-24730 is a high-severity vulnerability in Argoproj Argo-cd, classified under Path Traversal. CVSS score: 7.7/10. Published 2022-03-23.

How severe is CVE-2022-24730?

High severity. CVSS v3 base score is 7.7 out of 10.

Is CVE-2022-24730 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Argoproj Argo-cd

CVE-2022-24730

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.3.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal bug, compounded by an improper access control bug…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.003 (51.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.7 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N.

Affected products

Argoproj Argo-cd — versions >= 1.3.0, < 2.1.11, >= 2.2.0, < 2.2.6, >= 2.3.0-rc1, < 2.3.0

Weakness classification (CWE)

Public proof-of-concept exploits

References

github.com/argoproj/argo-cd/security/advisories/GHSA-r9cr-hvjj-496v (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2022-24730?: CVE-2022-24730 is a high-severity vulnerability in Argoproj Argo-cd, classified under Path Traversal. CVSS score: 7.7/10. Published 2022-03-23.
How severe is CVE-2022-24730?: High severity. CVSS v3 base score is 7.7 out of 10.
Is CVE-2022-24730 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.