Argo CD is among the most popular Kubernetes continuous deployment technologies. Besides being easy to operate, it has a lot of power too. Kubernetes GitOps is the first tool that comes to mind. For cluster bootstrapping, Argo CD uses the App of Apps pattern.
Instead of manually developing each Argo CD app, we can make it programmatically and automatically. The idea is simple: make a single Argo CD application that looks for a git repo directory and puts all of the Argo CD application configuration files there. As a result, whenever an application definition file is created on the git repo location, the Argo CD application is immediately produced. Inspiringly, any Kubernetes object, including Argo CD, can be generated or handled.
Apiiro's Security Research team discovered a vulnerability scanning supply chain 0-day vulnerability (CVE-2022-24348) in Argo CD, another famous open source Continuous Delivery platform, which allows attackers to access sensitive data like secrets, passwords, and API keys.
Argo CD organizes and instigates the operation and monitoring of post-integration application deployment. A user can create a new deployment pipeline by specifying an Archive or a Kubernetes Helm Chart file which contains:
- The metadata and data required to deploy the correct Kubernetes setup.
- The ability to update the cloud setup dynamically as the manifest is changed.
A Helm Infographic is a YAML document that has multiple fields which constitute a declaration of assets and configurations required for an application to be deployed. File names and indirect paths to self-contained software sections in other files are one form of value that can be found in the application in question.
In reality, Argo CD contributors predicted as this type of exploitation will be available in 2019 and designed a dedicated framework to facilitate it.
The vulnerability has two consequences:
First, the direct consequences of reading contents from other files on the repository, which may contain sensitive data. The aforementioned can have a significant influence on a company.
Second, because application files typically contain a variety of transitive values of secrets, tokens, and environmentally sensitive settings, the attacker can effectively use this to expand the campaign by moving laterally through different services and escalating the privileges to gain more ground on the system and target organization's resources.
Argo CD-reposerver is a central server or pod where repositories are saved; apart from file architecture, there is no robust segmentation, hence the anti-path-traversal technique is a crucial component of file security. The mechanism's inner workings are mostly contained in a single source code file called util/security/path traversal.go, which details the systematic cleanup of origin path input.