Description
Argo CD Helm Chart before 10.0.0 fails to install network policies by default, allowing any pod on a cluster to access repo-server and other Argo APIs. Attackers can exploit this unrestricted network access through combined attacks to achieve cluster compromise and remote code execution.
Problem types
Initialization of a Resource with an Insecure Default
Product status
Any version before 10.0.0
10.0.0 (semver)
Credits
hugo-syn
paulb-syn
References
github.com/...o-helm/security/advisories/GHSA-47m3-95c7-g2g8 (GitHub Security Advisory (GHSA-47m3-95c7-g2g8))
www.vulncheck.com/...d-helm-chart-missing-network-policy-rce (VulnCheck Advisory: Argo CD Helm Chart < 10.0.0 Missing Network Policy RCE)