Lucene search
CzchenH1:1847140HistoryJan 25, 2023 - 7:04 p.m.
Internet Bug Bounty: Argo CD reconciles apps outside configured namespaces when sharding is enabled
2023-01-2519:04:04
czchen
hackerone.com
$2000
172
internet bug bounty
argo cd
apps-in-any-namespace
sharding
vulnerability
kubernetes
bugbounty
permission
EPSS
0.001
Percentile
43.2%
The Application CRD outside configured namespace in Argo CD will be reconciled.
The following is how to reproduce the vulnerability:
- Enable
apps-in-any-namespaceandshardingfeatures. - Create an Application CRD in namespace not configured in Argo CD.
- Update the Application CRD, and Argo CD will reconcile the Application CRD, despite not in configured namespace.
Impact
Attacker can use Argo CD permission to deploy resources in Kubernetes.
Related
redhatcve
redhatcve
CVE-2023-22736
2023-01-25 19:05:58
github
github
osv
osv
Controller reconciles apps outside configured namespaces when sharding is enabled
2023-01-25 19:39:03
CVE-2023-22736
2023-01-26 21:18:13
cve
cve
CVE-2023-22736
2023-01-26 21:18:13
prion
prion
Authorization
2023-01-26 21:18:00
cvelist
cvelist
nvd
nvd
CVE-2023-22736
2023-01-26 21:18:13
veracode
veracode
Authorization Bypass
2023-01-31 03:07:46
wallarmlab
wallarmlab
Octopus Strike! Three Argo CD API Exploits In Two Weeks
2023-02-11 16:07:05
redhat
redhat
(RHSA-2023:0467) Important: Red Hat OpenShift GitOps security update
2023-01-25 20:30:21