Executive Summary

Informations
Name CVE-2022-29165 First vendor Publication 2022-05-20
Vendor Cve Last vendor Modification 2022-06-02

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Overall CVSS Score 10
Base Score 10 Environmental Score 10
impact SubScore 6 Temporal Score 10
Exploitabality Sub Score 3.9
 
Attack Vector Network Attack Complexity Low
Privileges Required None User Interaction None
Scope Changed Confidentiality Impact High
Integrity Impact High Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2.3.4 which would allow unauthenticated users to impersonate as any Argo CD user or role, including the `admin` user, by sending a specifically crafted JSON Web Token (JWT) along with the request. In order for this vulnerability to be exploited, anonymous access to the Argo CD instance must have been enabled. In a default Argo CD installation, anonymous access is disabled. The vulnerability can be exploited to impersonate as any user or role, including the built-in `admin` account regardless of whether it is enabled or disabled. Also, the attacker does not need an account on the Argo CD instance in order to exploit this. If anonymous access to the instance is enabled, an attacker can escalate their privileges, effectively allowing them to gain the same privileges on the cluster as the Argo CD instance, which is cluster admin in a default installation. This will allow the attacker to create, manipulate and delete any resource on the cluster. They may also exfiltrate data by deploying malicious workloads with elevated privileges, thus bypassing any redaction of sensitive data otherwise enforced by the Argo CD API. A patch for this vulnerability has been released in Argo CD versions 2.3.4, 2.2.9, and 2.1.15. As a workaround, one may disable anonymous access, but upgrading to a patched version is preferable.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29165

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-290 Authentication Bypass by Spoofing

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 6

Sources (Detail)

Source Url
CONFIRM https://github.com/argoproj/argo-cd/security/advisories/GHSA-r642-gv9p-2wjj
MISC https://github.com/argoproj/argo-cd/releases/tag/v2.1.15
https://github.com/argoproj/argo-cd/releases/tag/v2.2.9
https://github.com/argoproj/argo-cd/releases/tag/v2.3.4

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2022-07-08 02:07:26
  • Multiple Updates
2022-06-02 21:27:14
  • Multiple Updates
2022-05-20 21:27:12
  • First insertion