The maintainers of Argo CD, the continuous delivery tool for Kubernetes, have patched a critical vulnerability that enabled attackers to forge JSON Web Tokens (JWTs) and become administrators.
The privilege escalation flaw arises because the open source GitOps platform erroneously trusts invalid JSON Web Tokens (JWTs) if anonymous access is enabled.
Fortunately for users, although the bug has been given the highest possible severity rating – a CVSS score of 10 – anonymous access is deactivated by default.
Cluster control
If unauthenticated miscreants send a specifically crafted JWT to vulnerable installations they can “gain the same privileges on the cluster as the Argo CD instance, which is cluster admin in a default installation”, according to a security advisory on GitHub.
“This will allow the attacker to create, manipulate, and delete any resource on the cluster.”
Moreover, they could “exfiltrate data by deploying malicious workloads with elevated privileges, thus bypassing any redaction of sensitive data otherwise enforced by the Argo CD API”.
This means that even if an admin role is deactivated, it proves to be no barrier to attackers escalating to admin.
Software updates
The flaw affects versions 1.4.0 up to and including 2.1.14, 2.2.8, and 2.3.3, and has been addressed in patched versions 2.3.4, 2.2.9, and 2.1.15.
Anonymous access should be deactivated until users can apply the update, suggests the advisory.
Nevertheless, users have been urged to update their systems “as soon as possible, regardless of whether or not anonymous access is enabled in your instance”.
A user can establish whether anonymous access is enabled by querying the argocd-cm ConfigMap in the installation namespace.
The vulnerability was discovered by Mark Pim and Andrzej Hajto of G-Research, a London-based tech firm.
The updates also addressed a moderate severity (CVSS 4.3) bug allowing a malicious user with repository write access to leak sensitive files from Argo CD’s repo server.
The vulnerability was apparently first discovered as part of a Trail of Bits audit published in March, and independently rediscovered by software engineer Michael Crenshaw before a patch arrived.
