Multiple vulnerabilities in Argo CD



Published: 2022-05-19 | Updated: 2022-05-19
Risk High
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2022-29165
CVE-2022-24905
CVE-2022-24904
CWE-ID CWE-290
CWE-451
CWE-61
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Argo CD
Web applications / Modules and components for CMS

Vendor Argo

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

Updated: 19.05.2022

Updated list of affected versions, added links to vendor's advisories. For vulnerability #VU63411 updated CVSS score and description.

1) Authentication Bypass by Spoofing

EUVDB-ID: #VU63413

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29165

CWE-ID: CWE-290 - Authentication Bypass by Spoofing

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected application.

The vulnerability exists due to an error in the authentication process. A remote non-authenticated attacker can send a specifically crafted JSON Web Token (JWT) along with the request and impersonate any Argo CD user or role, including the admin user.

Successful exploitation of the vulnerability requires that anonymous access to the Argo CD instance is enabled.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Argo CD: 1.4.0 - 2.3.3

External links

http://bugzilla.redhat.com/show_bug.cgi?id=2081686
http://github.com/argoproj/argo-cd/security/advisories/GHSA-r642-gv9p-2wjj


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Spoofing attack

EUVDB-ID: #VU63412

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-24905

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can trick the victim to visit a specially crafted link and spoof messages on the login screen when SSO is enabled.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Argo CD: 0.6.1 - 2.3.3

External links

http://bugzilla.redhat.com/show_bug.cgi?id=2081689
http://github.com/argoproj/argo-cd/security/advisories/GHSA-xmg8-99r8-jc2j


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) UNIX symbolic link following

EUVDB-ID: #VU63411

Risk: Low

CVSSv3.1: 3.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-24904

CWE-ID: CWE-61 - UNIX Symbolic Link (Symlink) Following

Exploit availability: No

Description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue. A remote user with repository write access can create a specially crafted symbolic link to a critical file and leak sensitive files from Argo CD's repo-server, such as manifests and JSON files.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Argo CD: 0.7.0 - 2.3.3

External links

http://bugzilla.redhat.com/show_bug.cgi?id=2081691
http://github.com/argoproj/argo-cd/security/advisories/GHSA-6gcg-hp2x-q54h


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###