Argo CD Bug Allows Hackers to Steal Kubernetes Apps' Secret Info

Argo CD Bug Allows Hackers to Steal Kubernetes Apps' Secret Info

Short News:- 

The Argo continuous deployment (CD) tool for Kubernetes users is being urged to push out updates. A zero-day vulnerability that could allow an attacker to extract sensitive information such as passwords and API keys from the system has been assigned the CVE-2022-24348 (CVSS score: 7.7). Apiiro, a cloud security firm, discovered and reported the bug on January 30, 2022s.

Detailed News:- 

Argo continuous deployment (CD) tool for Kubernetes users are being urged to push out updates following the discovery of a zero-day vulnerability that could allow an attacker to extract sensitive information such as passwords and API keys from the system.

All versions are affected by the vulnerability, which has been assigned the CVE-2022-24348 (CVSS score: 7.7). It has been fixed in versions 2.3.0, 2.2.4, and 2.1.9. Apiiro, a cloud security firm, has been credited with discovering and reporting the bug on January 30, 2022s, according to a press release.

Constant deployment (also known as continuous delivery) is a process that automatically deploys all code changes to the testing and/or production environments after they have been tested and merged into a common repository.

Argo CD is officially used by 191 organizations, including Alibaba Group, BMW Group, Deloitte, Gojek, IBM, Intuit, LexisNexis, Red Hat, Skyscanner, Swisscom, and Ticketmaster. Argo CD is available for download from the Argo CD website.

Apiiro's VP of security research, Moshe Zioni, explained that this vulnerability "allows malicious actors to load a Kubernetes Helm Chart YAML file to the vulnerability and "hop" from their application ecosystem to other applications' data outside of the user's scope," according to Apiiro.

Using a malicious Kubernetes Helm Chart YAML file, a package manager that specifies a collection of Kubernetes resources required to deploy an application, bad actors can exploit the vulnerability on a target system, allowing the retrieval of confidential information from other apps to be obtained by the attacker.

Successful exploitation of the defect could result in severe consequences ranging from privilege escalation and sensitive information disclosure to lateral movement attacks and the exfiltration of tokens from other applications, to name a few possibilities.

The software supply chain has emerged as a major security threat in the wake of recent attacks that targeted SolarWinds, Kaseya, and Log4j, among other platforms. Intezer disclosed in July 2021 that attackers are taking advantage of incorrectly configured Argo Workflows instances to drop crypto miners in Kubernetes (K8s) clusters.