Security researchers Epiro Zero-Day has discovered a significant software supply chain vulnerability in the popular open source continuous delivery platform, Argo CD.
Used by thousands of organizations worldwide, the Argo CD is a tool that reads the environment configuration (written as a helm chart, file customized, jsonnet or plain YAML file) from the Git repository and applies it to the Kubernetes namespace. The platform can handle the execution and monitoring of application deployments after integration.
Error (CVE-2022-24348) Allows attackers to access and extract sensitive information such as passwords and API keys.
“A 0-day vulnerability, discovered by Apiiro’s security research team, allows malicious actors to load a Kubernetes Helm Chart YAML file for vulnerabilities and ‘hop’ data from their application ecosystem to other application data beyond the user’s reach,” the researchers wrote.
Exploitation of errors can lead to increased privileges, disclosure of sensitive information, lateral movement attacks, and more.
The attack begins when the threat actor creates a malicious Cubernets helm chart একটি a YAML file that embeds various fields to create a declaration of the resources and configuration needed to place an application.
Using the helm chart, the attacker creates a dummy configuration to exploit the vulnerabilities of the parsing confusion to access limited information.
Finally, the attacker extracts sensitive data such as API keys and passwords that can be used to carry out follow-up attacks and to facilitate lateral movement inside the victim’s network.
Apiiro announced the attack on the Argo CD on January 30, 2022. After discussing the level of vulnerability and impact, the seller created a patch to fix the problem. Suggestions and patches are released Thursday.
Apiiro’s research team praised Argo CD’s response to the incident and “professional handling of the case.”
“We’re seeing an ever-evolving threat that continues unabated to zero-day and familiar, software supply chain software such as Argo CD,” commented Yaniev Bar-Dian, CEO and co-founder. Vulcan Cyber.
He adds: “Over the years, known, persistent vulnerabilities have contributed more to cyber risk than any other factor. But hackers are always looking for the least effective way to achieve their goals. “
