Major Vulnerability Found in Argo CD
Security researchers at Apiiro have discovered a significant software supply chain zero-day vulnerability in the popular open-source continuous delivery platform, Argo CD.
Used by thousands of organizations globally, Argo CD is a tool that reads environment configurations (written as a helm chart, kustomize files, jsonnet or plain YAML files) from git repositories and applies it Kubernetes namespaces. The platform can manage the execution and monitoring of application deployment post-integration.
The flaw (CVE-2022-24348) lets attackers access and exfiltrate sensitive information such as passwords and API keys.
“A 0-day vulnerability, discovered by Apiiro’s Security Research team, allows malicious actors to load a Kubernetes Helm Chart YAML file to the vulnerability and ‘hop’ from their application ecosystem to other applications’ data outside of the user’s scope,” wrote researchers.
Exploitation of the flaw can lead to privilege escalation, sensitive information disclosure, lateral movement attacks and more.
The attack begins with the threat actor constructing a malicious Kubernetes Helm Chart-a YAML file that embeds different fields to form a declaration of resources and configurations needed in order for deploying an application.
Using the Helm Chart, the attacker builds a dummy configuration to exploit a parsing confusion vulnerability to access restricted information.
Finally, the attacker extracts sensitive data such as API keys and passwords that can be leveraged to carry up follow-up attacks and facilitate lateral movement inside the victim’s network.
Apiiro reported the attack to Argo CD on January 30 2022. After discussing the vulnerability’s extent and impact, the vendor created a patch to fix the problem. Advisories and the patch were released on Thursday.
Apiiro’s research team praised Argo CD’s incident response and “professional handling of the case.”
“We are seeing more advanced persistent threats that leverage zero day and known, unmitigated vulnerabilities in software supply chain software such as Argo CD,” commented Yaniv Bar-Dayan, CEO and co-founder at Vulcan Cyber.
He added: “For years, known, unmitigated vulnerabilities have contributed more than any other factor to mounting cyber risk. But hackers are always looking for the most-effective path of least resistance to attain their objectives.”
More Stories
Live Video of Promachoteuthis Squid
The first live video of the Promachoteuthis squid, filmed at a newly discovered seamount off the coast of Chile. Blog...
YubiKey Side-Channel Attack
There is a side-channel attack against YubiKey access tokens that allows someone to clone a device. It’s a complicated attack,...
Spyware Vendors’ Nebulous Ecosystem Helps Them Evade Sanctions
The secret web of at least 435 entities across 42 countries making up the spyware landscape facilitates unpunished security and...
US and Allies Accuse Russian Military of Destructive Cyber-Attacks
The joint government advisory highlighted the cyber activities of Unit 29155, which has launched destructive cyber-attacks against critical infrastructure globally...
PyPI Revival Hijack Puts Thousands of Applications at Risk
Revival Hijack Python Package Index supply chain attack threatens 22,000 packages through malicious downloads Read More
Security Budgets Come Under Pressure as “Hypergrowth” Ends
Despite rising threats researchers find a third of firms see flat or falling security budgets and hiring slows Read More