CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40584 – Denial of Service to Argo CD repo-server
https://notcve.org/view.php?id=CVE-2023-40584
Argo CD is a declarative continuous deployment for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, the said component extracts a user-controlled tar.gz file without validating the size of its inner files. As a result, a malicious, low-privileged user can send a malicious tar.gz file that exploits this vulnerability to the repo-server, thereby harming the system's functionality and availability. Additionally, the repo-server is susceptible to another vulnerability due to the fact that it does not check the extracted file permissions before attempting to delete them. • https://github.com/argoproj/argo-cd/commit/b8f92c4ff226346624f43de3f25d81dac6386674 https://github.com/argoproj/argo-cd/security/advisories/GHSA-g687-f2gx-6wm8 https://access.redhat.com/security/cve/CVE-2023-40584 https://bugzilla.redhat.com/show_bug.cgi?id=2236530 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.9EPSS: 0%CPEs: 3EXPL: 1CVE-2023-40029 – Cluster secret might leak in cluster details page in Argo CD
https://notcve.org/view.php?id=CVE-2023-40029
Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored in`kubectl.kubernetes.io/last-applied-configuration` annotation. pull request #7139 introduced the ability to manage cluster labels and annotations. Since clusters are stored as secrets it also exposes the `kubectl.kubernetes.io/last-applied-configuration` annotation which includes full secret body. In order to view the cluster annotations via the Argo CD API, the user must have `clusters, get` RBAC access. • https://github.com/argoproj/argo-cd/commit/4b2e5b06bff2ffd8ed1970654ddd8e55fc4a41c4 https://github.com/argoproj/argo-cd/pull/7139 https://github.com/argoproj/argo-cd/security/advisories/GHSA-fwr2-64vr-xv9m https://access.redhat.com/security/cve/CVE-2023-40029 https://bugzilla.redhat.com/show_bug.cgi?id=2233203 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •