Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters
ID: 8a9f171e-1bec-5036-bca1-adb689993f3b
STIX ID: report--8a9f171e-1bec-5036-bca1-adb689993f3b
Feed Name: The Hacker News
Argo CD's repo-server contains an unpatched unauthenticated remote code execution flaw: an attacker who can reach the repo-server's internal gRPC port can set kustomize's --helm-command to a malicious script in an attacker-controlled Git repo, causing arbitrary command execution. Synacktiv demonstrated escalation to full cluster takeover by stealing a Redis password and poisoning the deployment cache; no patch or CVE has been issued and the default Helm chart disables Kubernetes network policies, so the recommended mitigation is to enable network isolation for repo-server and Redis.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
