Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-40029

Published: 07/09/2023 Updated: 27/10/2023
CVSS v3 Base Score: 9.6 | Impact Score: 5.8 | Exploitability Score: 3.1
VMScore: 0
Subscribe to Linuxfoundation

Vulnerability Summary

Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored in`kubectl.kubernetes.io/last-applied-configuration` annotation. pull request #7139 introduced the ability to manage cluster labels and annotations. Since clusters are stored as secrets it also exposes the `kubectl.kubernetes.io/last-applied-configuration` annotation which includes full secret body. In order to view the cluster annotations via the Argo CD API, the user must have `clusters, get` RBAC access. **Note:** In many cases, cluster secrets do not contain any actually-secret information. But sometimes, as in bearer-token auth, the contents might be very sensitive. The bug has been patched in versions 2.8.3, 2.7.14, and 2.6.15. Users are advised to upgrade. Users unable to upgrade should update/deploy cluster secret with `server-side-apply` flag which does not use or rely on `kubectl.kubernetes.io/last-applied-configuration` annotation. Note: annotation for existing secrets will require manual removal.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linuxfoundation argo continuous delivery

Vendor Advisories

Red Hat: Critical: Red Hat OpenShift GitOps security update
Synopsis Critical: Red Hat OpenShift GitOps security update Type/Severity Security Advisory: Critical Topic An update is now available for Red Hat OpenShift GitOps 19Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity ...
Red Hat: Critical: Red Hat OpenShift GitOps security update
Synopsis Critical: Red Hat OpenShift GitOps security update Type/Severity Security Advisory: Critical Topic An update is now available for Red Hat OpenShift GitOps 18Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity ...
Red Hat:
Description<!---->A flaw was found in the ArgoCD package, used by Red Hat GitOps, that allows cluster secrets to be managed declaratively using the `kubectl apply` functionality, resulting in the full secret body being stored in `kubectlkubernetesio/last-applied-configuration` annotation Since ArgoCD has included the ability to manage cluster la ...

References

CWE-532https://github.com/argoproj/argo-cd/pull/7139https://github.com/argoproj/argo-cd/commit/4b2e5b06bff2ffd8ed1970654ddd8e55fc4a41c4https://github.com/argoproj/argo-cd/security/advisories/GHSA-fwr2-64vr-xv9mhttps://access.redhat.com/errata/RHSA-2023:5029https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2023-40029
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925CVE-2023-41826LFICVE-2022-22364CVE-2024-2887command injectionremote code executionCVE-2024-34446CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook