Press-Releases

Apiiro Discovers 0-Day Software Supply Chain Vulnerability in Argo CD

Photo of PR Newswire PR Newswire Send an email 2022-02-04Last Updated: 2022-02-04
1 minute read

[ad_2]

TEL AVIV and NEW YORK, Feb. 4, 2022 /PRNewswire/ — Apiiro, the leader in Cloud-Native Application Security, today announced a major software supply chain zero-day vulnerability in Argo CD, the popular open source Continuous Delivery platform. The vulnerability enables attackers to access sensitive information such as secrets, passwords, and API keys, which can be used to escalate privileges and gain access to additional systems and resources.

The vulnerability (CVE-2022-24348), with a CVSS score of 7.7, allows malicious actors to load a Kubernetes Helm Chart YAML file to the vulnerability and “hop” from their application ecosystem to other applications’ data outside of the user’s scope. The actors can then read and exfiltrate data residing in other applications.

The impact of the vulnerability is two-fold:

  • First, contents read from other files present on the reposerver may contain sensitive information.
  • Second, an attacker can use secrets, tokens, and keys often found in application files to escalate privileges or gain a foothold on additional systems.

“Supply chain attacks will continue to accelerate and it’s essential that Security researchers focus on securing the modern, cloud-native SDLC,” commented Moshe Zioni, Apiiro’s VP of Security Research.

Apiiro worked closely with the Argo CD team, which resolved the vulnerability and alerted their users to upgrade immediately to the newly-released versions 2.1.9 and 2.2.4.

Additional technical details can be found here.

About Apiiro

Apiiro helps security and development teams proactively remediate risk before releasing to the cloud. Apiiro is re-inventing risk remediation for Cloud-Native applications. Backed by Greylock and Kleiner Perkins. www.apiiro.com

Contact:

Kelly Hall

Offleash PR for Apiiro 

apiiro@offleashpr.com

 

Cision View original content:https://www.prnewswire.com/news-releases/apiiro-discovers-0-day-software-supply-chain-vulnerability-in-argo-cd-301475771.html

SOURCE Apiiro



Source link
[ad_2]
The content is by PR Newswire. Headlines of Today Media is not responsible for the content provided or any links related to this content. Headlines of Today Media is not responsible for the correctness, topicality or the quality of the content.

[ad_2]

Photo of PR Newswire PR Newswire Send an email 2022-02-04Last Updated: 2022-02-04
1 minute read
Back to top button