SB2022051901 - Multiple vulnerabilities in Argo CD
Published: May 19, 2022 Updated: May 2, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 vulnerabilities.
1) Authentication Bypass by Spoofing (CVE-ID: CVE-2022-29165)
CWE-ID: CWE-290 - Authentication Bypass by Spoofing
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to compromise the affected application.
The vulnerability exists due to an error in the authentication process. A remote non-authenticated attacker can send a specifically crafted JSON Web Token (JWT) along with the request and impersonate any Argo CD user or role, including the admin user.
Successful exploitation of the vulnerability requires that anonymous access to the Argo CD instance is enabled.
2) Spoofing attack (CVE-ID: CVE-2022-24905)
CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can trick the victim to visit a specially crafted link and spoof messages on the login screen when SSO is enabled.
3) UNIX symbolic link following (CVE-ID: CVE-2022-24904)
CWE-ID: CWE-61 - UNIX Symbolic Link (Symlink) Following
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to a symlink following issue. A remote user with repository write access can create a specially crafted symbolic link to a critical file and leak sensitive files from Argo CD's repo-server, such as manifests and JSON files.
Remediation
Install update from vendor's website.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2081686
- https://github.com/argoproj/argo-cd/security/advisories/GHSA-r642-gv9p-2wjj
- https://bugzilla.redhat.com/show_bug.cgi?id=2081689
- https://github.com/argoproj/argo-cd/security/advisories/GHSA-xmg8-99r8-jc2j
- https://bugzilla.redhat.com/show_bug.cgi?id=2081691
- https://github.com/argoproj/argo-cd/security/advisories/GHSA-6gcg-hp2x-q54h