{"id":45162,"date":"2022-02-04T21:34:00","date_gmt":"2022-02-04T21:34:00","guid":{"rendered":"http:\/\/3a258378-c738-4d7d-8fa1-923124e666ca"},"modified":"2022-02-04T21:34:00","modified_gmt":"2022-02-04T21:34:00","slug":"argo-cd-releases-patch-for-zero-day-vulnerability","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/argo-cd-releases-patch-for-zero-day-vulnerability\/","title":{"rendered":"Argo CD releases patch for zero-day vulnerability"},"content":{"rendered":"

Argo CD released<\/a> a patch this week for a zero-day vulnerability enabling attackers to access sensitive information like passwords and API keys.<\/p>\n

The vulnerability was discovered by Apiiro’s Security Research team and explained<\/a> in a blog post released alongside the patch. <\/p>\n

Argo CD is a popular open source Continuous Delivery platform, and the vulnerability — tagged as CVE-2022-24348<\/a> with a CVSS score of 7.7 — “allows malicious actors to load a Kubernetes Helm Chart YAML file to the vulnerability and ‘hop’ from their application ecosystem to other applications’ data outside of the user’s scope.” <\/p>\n

\n

ZDNet Recommends<\/span> <\/h3>\n
\"The<\/span> <\/a> <\/div>\n

The best security key <\/a> <\/p>\n

While robust passwords help you secure your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.<\/p>\n

Read More<\/a> <\/p>\n<\/p><\/div>\n

The actors can then read and exfiltrate data residing in other applications, according to Apiiro. <\/p>\n

On GitHub, the company said all versions of Argo CD are vulnerable to the path traversal bug and noted that it is “possible to craft special Helm chart packages containing value files that are actually symbolic links, pointing to arbitrary files outside the repository’s root directory.”<\/p>\n

“If an attacker with permissions to create or update Applications knows or can guess the full path to a file containing valid YAML, they can create a malicious Helm chart to consume that YAML as values files, thereby gaining access to data they would otherwise have no access to,” Argo CD explained.<\/p>\n

“The impact can especially become critical in environments that make use of encrypted value files (e.g. using plugins with git-crypt or SOPS) containing sensitive or confidential data, and decrypt these secrets to disk before rendering the Helm chart. Also, because any error message from helm template is passed back to the user, and these error messages are quite verbose, enumeration of files on the repository server’s file system is possible.”<\/p>\n

\"cve-image-2048x1392.png\"<\/span>