Authentication Bypass by Spoofing in Argo CD

#VU63413 Authentication Bypass by Spoofing in Argo CD

Published: 2022-05-19 | Updated: 2022-05-19

Vulnerability identifier: #VU63413

Vulnerability risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29165

CWE-ID: CWE-290

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Argo CD
Web applications / Modules and components for CMS

Vendor: Argo

Description

The vulnerability allows a remote attacker to compromise the affected application.

The vulnerability exists due to an error in the authentication process. A remote non-authenticated attacker can send a specifically crafted JSON Web Token (JWT) along with the request and impersonate any Argo CD user or role, including the admin user.

Successful exploitation of the vulnerability requires that anonymous access to the Argo CD instance is enabled.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Argo CD: 2.3.0 - 2.3.3, 2.2.0 - 2.2.8, 2.1.0 - 2.1.14, 2.0.0 - 2.0.5, 1.8.0 - 1.8.7, 1.7.0 - 1.7.14, 1.6.0 - 1.6.2, 1.5.0 - 1.5.8, 1.4.0 - 1.4.3

External links
http://bugzilla.redhat.com/show_bug.cgi?id=2081686
http://github.com/argoproj/argo-cd/security/advisories/GHSA-r642-gv9p-2wjj

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Argo CD