SB2022051901 - Multiple vulnerabilities in Argo CD
Published: May 19, 2022 Updated: May 19, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Authentication Bypass by Spoofing (CVE-ID: CVE-2022-29165)
The vulnerability allows a remote attacker to compromise the affected application.
The vulnerability exists due to an error in the authentication process. A remote non-authenticated attacker can send a specifically crafted JSON Web Token (JWT) along with the request and impersonate any Argo CD user or role, including the admin user.
Successful exploitation of the vulnerability requires that anonymous access to the Argo CD instance is enabled.
2) Spoofing attack (CVE-ID: CVE-2022-24905)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can trick the victim to visit a specially crafted link and spoof messages on the login screen when SSO is enabled.
3) UNIX symbolic link following (CVE-ID: CVE-2022-24904)
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to a symlink following issue. A remote user with repository write access can create a specially crafted symbolic link to a critical file and leak sensitive files from Argo CD's repo-server, such as manifests and JSON files.
Remediation
Install update from vendor's website.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2081686
- https://github.com/argoproj/argo-cd/security/advisories/GHSA-r642-gv9p-2wjj
- https://bugzilla.redhat.com/show_bug.cgi?id=2081689
- https://github.com/argoproj/argo-cd/security/advisories/GHSA-xmg8-99r8-jc2j
- https://bugzilla.redhat.com/show_bug.cgi?id=2081691
- https://github.com/argoproj/argo-cd/security/advisories/GHSA-6gcg-hp2x-q54h