Apiiro Discovers 0-Day Software Supply Chain Vulnerability in Argo CD

TEL AVIV and NEW YORK, Feb. 4, 2022 /PRNewswire/ — Apiiro, the leader in Cloud-Native Application Security, today announced a major software supply chain zero-day vulnerability in Argo CD, the popular open source Continuous Delivery platform. The vulnerability enables attackers to access sensitive information such as secrets, passwords, and API keys, which can be used to escalate privileges and gain access to additional systems and resources.

The vulnerability (CVE-2022-24348), with a CVSS score of 7.7, allows malicious actors to load a Kubernetes Helm Chart YAML file to the vulnerability and “hop” from their application ecosystem to other applications’ data outside of the user’s scope. The actors can then read and exfiltrate data residing in other applications.

The impact of the vulnerability is two-fold:

  • First, contents read from other files present on the reposerver may contain sensitive information.
  • Second, an attacker can use secrets, tokens, and keys often found in application files to escalate privileges or gain a foothold on additional systems.

“Supply chain attacks will continue to accelerate and it’s essential that Security researchers focus on securing the modern, cloud-native SDLC,” commented Moshe Zioni, Apiiro’s VP of Security Research.

Apiiro worked closely with the Argo CD team, which resolved the vulnerability and alerted their users to upgrade immediately to the newly-released versions 2.1.9 and 2.2.4.

Additional technical details can be found here.

About Apiiro

Apiiro helps security and development teams proactively remediate risk before releasing to the cloud. Apiiro is re-inventing risk remediation for Cloud-Native applications. Backed by Greylock and Kleiner Perkins.


Kelly Hall

Offleash PR for Apiiro 

[email protected]


Cision View original content:


Global Weapons Carriage & Release System Market (2021 to 2026) – Advanced Weapon Launchers Presents Opportunities

Kintent🇷’s Trust Management Platform Expands to Automate Adherence to Privacy Standards such as GDPR, CCPA, ISO 27701 & SOC 2’s Privacy Principle