Risk | High |
Patch available | YES |
Number of vulnerabilities | 3 |
CVE-ID | CVE-2022-29165 CVE-2022-24905 CVE-2022-24904 |
CWE-ID | CWE-290 CWE-451 CWE-61 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Argo CD Web applications / Modules and components for CMS |
Vendor | Argo |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
Updated: 19.05.2022
Updated list of affected versions, added links to vendor's advisories. For vulnerability #VU63411 updated CVSS score and description.
EUVDB-ID: #VU63413
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-29165
CWE-ID:
CWE-290 - Authentication Bypass by Spoofing
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected application.
The vulnerability exists due to an error in the authentication process. A remote non-authenticated attacker can send a specifically crafted JSON Web Token (JWT) along with the request and impersonate any Argo CD user or role, including the admin user.
Successful exploitation of the vulnerability requires that anonymous access to the Argo CD instance is enabled.
Install updates from vendor's website.
Vulnerable software versionsArgo CD: 1.4.0 - 2.3.3
External linkshttp://bugzilla.redhat.com/show_bug.cgi?id=2081686
http://github.com/argoproj/argo-cd/security/advisories/GHSA-r642-gv9p-2wjj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU63412
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-24905
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can trick the victim to visit a specially crafted link and spoof messages on the login screen when SSO is enabled.
Install updates from vendor's website.
Vulnerable software versionsArgo CD: 0.6.1 - 2.3.3
External linkshttp://bugzilla.redhat.com/show_bug.cgi?id=2081689
http://github.com/argoproj/argo-cd/security/advisories/GHSA-xmg8-99r8-jc2j
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU63411
Risk: Low
CVSSv3.1: 3.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-24904
CWE-ID:
CWE-61 - UNIX Symbolic Link (Symlink) Following
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to a symlink following issue. A remote user with repository write access can create a specially crafted symbolic link to a critical file and leak sensitive files from Argo CD's repo-server, such as manifests and JSON files.
MitigationInstall updates from vendor's website.
Vulnerable software versionsArgo CD: 0.7.0 - 2.3.3
External linkshttp://bugzilla.redhat.com/show_bug.cgi?id=2081691
http://github.com/argoproj/argo-cd/security/advisories/GHSA-6gcg-hp2x-q54h
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.