CVE-2024-31989

ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache

Severity Score

9.0

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has been discovered that an unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Despite having installed the latest version of the VPC CNI plugin on the EKS cluster, it requires manual enablement through configuration to enforce network policies. This raises concerns that many clients might unknowingly have open access to their Redis servers. This vulnerability could lead to Privilege Escalation to the level of cluster controller, or to information leakage, affecting anyone who does not have strict access controls on their Redis instance. This issue has been patched in version(s) 2.8.19, 2.9.15 and 2.10.10.

Argo CD es una herramienta declarativa de entrega continua de GitOps para Kubernetes. Se ha descubierto que un pod sin privilegios en un espacio de nombres diferente en el mismo clúster podría conectarse al servidor Redis en el puerto 6379. A pesar de haber instalado la última versión del complemento VPC CNI en el clúster EKS, requiere habilitación manual a través de la configuración para aplicar políticas de red. Esto genera preocupación de que muchos clientes, sin saberlo, puedan tener acceso abierto a sus servidores Redis. Esta vulnerabilidad podría provocar una escalada de privilegios al nivel del controlador del clúster o una fuga de información, afectando a cualquiera que no tenga controles de acceso estrictos en su instancia de Redis. Este problema se solucionó en las versiones 2.8.19, 2.9.15 y 2.10.10.

A flaw was found in the ArgoCD Redis database server. This flaw allows an attacker with access to the Redis server to gain read/write access to the data in Redis. The attacker can also modify the "mfst" (manifest) key to cause ArgoCD to execute any deployment, potentially leveraging ArgoCD's high privileges to take over the cluster.

*Credits: N/A

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

Poc

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-04-08 CVE Reserved
2024-05-21 CVE Published
2024-05-22 EPSS Updated
2024-07-17 First Exploit
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-327: Use of a Broken or Risky Cryptographic Algorithm
CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation

CAPEC

References (12)

URL	Tag	Source
https://github.com/argoproj/argo-cd/commit/2de0ceade243039c120c28374016c04ff9590d1d	X_refsource_misc
https://github.com/argoproj/argo-cd/commit/35a7d6c7fa1534aceba763d6a68697f36c12e678	X_refsource_misc
https://github.com/argoproj/argo-cd/commit/4e2fe302c3352a0012ecbe7f03476b0e07f7fc6c	X_refsource_misc
https://github.com/argoproj/argo-cd/commit/53570cbd143bced49d4376d6e31bd9c7bd2659ff	X_refsource_misc
https://github.com/argoproj/argo-cd/commit/6ef7b62a0f67e74b4aac2aee31c98ae49dd95d12	X_refsource_misc
https://github.com/argoproj/argo-cd/commit/9552034a80070a93a161bfa330359585f3b85f07	X_refsource_misc
https://github.com/argoproj/argo-cd/commit/bdd889d43969ba738ddd15e1f674d27964048994	X_refsource_misc
https://github.com/argoproj/argo-cd/commit/f1a449e83ee73f8f14d441563b6a31b504f8d8b0	X_refsource_misc
https://github.com/argoproj/argo-cd/security/advisories/GHSA-9766-5277-j5hr	X_refsource_confirm

URL	Date	SRC
https://github.com/vt0x78/CVE-2024-31989	2024-07-17

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-31989	2024-05-29
https://bugzilla.redhat.com/show_bug.cgi?id=2280218	2024-05-29

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Argoproj Search vendor "Argoproj"		Argo-cd Search vendor "Argoproj" for product "Argo-cd"				< 2.8.19 Search vendor "Argoproj" for product "Argo-cd" and version " < 2.8.19"		en		Affected
Argoproj Search vendor "Argoproj"		Argo-cd Search vendor "Argoproj" for product "Argo-cd"				>= 2.9.0 < 2.9.15 Search vendor "Argoproj" for product "Argo-cd" and version " >= 2.9.0 < 2.9.15"		en		Affected
Argoproj Search vendor "Argoproj"		Argo-cd Search vendor "Argoproj" for product "Argo-cd"				>= 2.10.0 < 2.10.10 Search vendor "Argoproj" for product "Argo-cd" and version " >= 2.10.0 < 2.10.10"		en		Affected
Argoproj Search vendor "Argoproj"		Argo-cd Search vendor "Argoproj" for product "Argo-cd"				>= 2.11.0 < 2.11.1 Search vendor "Argoproj" for product "Argo-cd" and version " >= 2.11.0 < 2.11.1"		en		Affected
Argoproj Search vendor "Argoproj"		Argo-cd Search vendor "Argoproj" for product "Argo-cd"				<= 1.8.7 Search vendor "Argoproj" for product "Argo-cd" and version " <= 1.8.7"		en		Affected