Privilege escalation and path traversal vulnerabilities affect Argo CD, the GitOps continuous delivery tool for Kubernetes

Cybersecurity specialists report the detection of some security flaws in Argo CD, a declarative continuous delivery tool for Kubernetes following the GitOps pattern of using Git repositories as a source source to define the desired state of the application. According to the report, successful exploitation of these flaws would allow threat actors to deploy multiple hacking tasks.

Below are brief reports of the detected failures, in addition to their respective tracking keys and scores assigned according to the Common Vulnerability Scoring System (CVSS).

CVE-2022-24768/CVE-2022-1025: Inadequate access restrictions would allow remote authenticated users with access to an application’s source Helm or git repository or sync</code> and <code>override access to obtain administrative privileges.

This vulnerability received a CVSS score of 8.6/10 and resides in the following Argo CD versions: 2.1.0 – 2.1.13, 2.3.0 – 2.3.1, 2.2.0 – 2.2.7, 2.0.0 – 2.0.5, 1.7.0 – 1.7.14, 1.8.0 – 1.8.7, 1.6.0 – 1.6.2, 1.5.0 – 1.5.8, 1.4.0 – 1.4.3, 1.3.0 – 1.3.6, 1.2.0 – 1.2.5, 1.1.0 – 1.1.2, 1.0.0 – 1.0.2, 0.7.0 – 0.7.2, 0.6.0 – 0.6.2, 0.5.0 – 0.5.4.

CVE-2022-24730: An input validation error when processing directory traversal streams on the endpoint /api/v1/repositories/{repo_url}/appdetails would allow remote users to send specially crafted HTTP requests and read arbitrary files on the system.

The vulnerability received a CVSS score of 5.7/10 and resides in the following Argo CD versions: 1.5.0 – 1.5.8, 1.6.0 – 1.6.2, 1.7.0 – 1.7.14, 1.8.0 – 1.8.7, 2.2.0 – 2.2.5, 2.1.0 – 2.1.10 and 2.0.0 – 2.0.5.

CVE-2022-24731: On the other hand, an input validation error when processing path traversal streams in the Helm chart would allow remote administrators to send HTTP requests specially designed to read arbitrary files on the system.

The flaw received a CVSS score of 4.6/10 and resides in the following versions of Argo CD: 1.5.0 – 1.5.8, 1.6.0 – 1.6.2, 1.7.0 – 1.7.14, 1.8.0 – 1.8.7, 2.2.0 – 2.2.5, 2.1.0 – 2.1.10 and 2.0.0 – 2.0.5.

While these flaws can be exploited remotely by authenticated threat actors, so far no active exploitation attempts related to these flaws have been detected. Still, users of affected deployments are encouraged to apply the available patches as soon as possible.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.