The Argo CD team discovered a high-severity vulnerability, CVE-2022-24348, which allows attackers to steal sensitive information from deployments by exploiting a directory/path traversal vulnerability in the Helm chart repository. The vulnerability affects versions 0.5.0 through 2.1.12, 2.2.7, and 2.3.1 of Argo CD. To fix this issue, users are advised to upgrade immediately to the latest versions, specifically 2.3.2, 2.2.8, or 2.1.14. The vulnerability highlights the importance of securing software supply chains against supply chain attacks, where attackers try to infiltrate software as it's being constructed rather than after its release. To mitigate this risk, developers can implement practices such as small, easy-to-review commits, treating all SDLC systems like production, not using shared credentials, and knowing their supply chain. Implementing a secure supply chain is critical, including private, managed repositories with vetted and signed artifacts, software bill of materials (SBoM), and tools like Snyk to automate security testing and compliance.