Home Latest Cyber Security News | Network Security Hacking Serious Argo CD Vulnerability Could Allow Admin Access To The Attackers
Latest Cyber Security News | Network Security HackingNewsVulnerabilities

Serious Argo CD Vulnerability Could Allow Admin Access To The Attackers

by Abeerah Hashim
written by Abeerah Hashim
Palo Alto Networks Pan-OS zero-day vulnerability under active attack

A major security vulnerability existed in the Kubernetes continuous delivery tool Argo CD. Exploiting this bug could let an attacker gain elevated privileges, including admin access, on the target instance.

Argo CD Privilege Escalation Vulnerability Discovered

According to a GitHub advisory, a privilege escalation vulnerability threatened the security of Argo CD instances.

As stated, an unauthenticated adversary could exploit the flaw to gain elevated privileges to the target Argo CD instance. Exploiting the bug, however, required anonymous access to be enabled. That means the instances with anonymous access disabled (the default setting) remained unaffected.

Regarding the vulnerability, the advisory states,

A critical vulnerability has been discovered in Argo CD which would allow unauthenticated users to impersonate as any Argo CD user or role, including the admin user, by sending a specifically crafted JSON Web Token (JWT) along with the request.

An attacker could impersonate any user role to trigger the bug, including the built-in admin role. Upon gaining elevated privileges, such as admin access, the attacker could perform unauthorized activities, like creating, manipulating, or deleting any resource on the cluster. Similarly, the attacker could also steal sensitive data by deploying malicious workloads.

Patch Released

The vulnerability first caught the attention of two security researchers, Mark Pim and Andrzej Hajto, who then reported the matter to the maintainers.

Following this discovery, Argo CD maintainers patched the bug and released fixes with Argo CD versions 2.3.4, 2.2.9, and 2.1.15. Therefore, users can simply update to the patched versions to remain safe from potential exploits.

However, in cases where immediate updates aren’t possible, the maintainers recommend disabling anonymous access. Again, though, users who have not changed the default configuration do not need to worry since anonymous access is disabled by default. But users who enabled this option should disable it again until updating their Argo CD instances.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Multiple Vulnerabilities Found In Forminator WordPress Plugin

Palo Alto Networks Patched A Pan-OS Vulnerability Under...

Apple Removed Numerous Apps From China App Store

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...