leoluz
commented
2 years ago ArgoCD version 2.2.5 is already patched as you can see from the CVE link. There is a published blog post about it: https://blog.argoproj.io/argo-cd-deals-with-our-first-zero-day-cve-86e8fb158e8f
Can you pls verify with Wiz how they are updating their report?
Hey Guys, We're using ArgoCD Version 2.2.5
Our Wiz security system have alert with this vulnerability:
Description
The control detects resources vulnerable to CVE-2022-24348. The vulnerability allows creating a malicious Helm chart to consume YAML files, thereby gaining access to data they would otherwise have no access to. For more information, see our in-product advisory: https://docs.wiz.io/wiz-docs/docs/wiz-adv-2022-005