Unpatched Argo CD Repo-Server Flaw Allows Unauthenticated Code Execution and Cluster Takeover
An unpatched flaw in the Argo CD repo-server component allows an unauthenticated attacker to execute code by abusing the kustomize functionality, potentially leading to a full Kubernetes cluster takeover. This vulnerability highlights a critical need for network isolation via Kubernetes network policies to secure critical components like the repo-server and Redis.
Argo CD, a widely used tool for deploying software to Kubernetes, has an unpatched flaw in its repo-server component that lets an unauthenticated attacker run code, provided they can reach the component's internal network port.
Synacktiv, which found the bug, says it can lead to a full cluster takeover. There is no fix and no CVE. The firm says it reported the flaw to Argo CD's maintainers in
*** END OF TRANSMISSION ***