Closed Shahard2 closed 2 years ago
ArgoCD version 2.2.5 is already patched as you can see from the CVE link. There is a published blog post about it: https://blog.argoproj.io/argo-cd-deals-with-our-first-zero-day-cve-86e8fb158e8f
Can you pls verify with Wiz how they are updating their report?
Im closing this issue for now.
Hey Guys, We're using ArgoCD Version 2.2.5
Our Wiz security system have alert with this vulnerability:
Description
The control detects resources vulnerable to CVE-2022-24348. The vulnerability allows creating a malicious Helm chart to consume YAML files, thereby gaining access to data they would otherwise have no access to. For more information, see our in-product advisory: https://docs.wiz.io/wiz-docs/docs/wiz-adv-2022-005