오픈 소스 Kubernetes 도구 Argo CD에 높은 심각도 결함이 있습니다. | 공격자에게 Kubernetes 클라우드 앱을 개방하는 Argo CD 보안 버그

는 클라우드의 kubernetes 컨트롤러로 배포된 연속 배달 플랫폼이며 응용 프로그램을 배포한 다음 실행시 실시간으로 지속적으로 모니터링하는 데 사용됩니다.

• Cloud Security Firm Apiiro는 Argo URI 파서 "로

• Argo CD의 높은 심각도 보안 취약점은 공격자가 대상의 응용 프로그램 개발 환경에 액세스하여 암호, API 키, 토큰 및 기타 중요한 정보를 훔치는 방법을 포장할 수 있습니다.

• 공격자는 악의적인 kubernetes helm 차트 YAML 파일을 ARGO CD 시스템에 넣은 다음 자체 응용 프로그램 생태계에서 "홉"으로 사용하여 다른 응용 프로그램의 데이터에 액세스하여 BUG (CVE-2022-24348)를 악용할 수 있습니다.

• Argo CD는 인기있는 오픈 소스 연속 배달 플랫폼이며 CVSS 점수가 7.7의 CVE-2022-24348로 태그가 지정된 취약점입니다.

Open-source Kubernetes tool Argo CD has high-severity flaw • The Register [www.theregister.com]

Argo CD Security Bug Opens Kubernetes Cloud Apps to Attackers [threatpost.com]

Argo CD releases patch for zero-day vulnerability [www.zdnet.com]

Major vulnerability found in open source dev tool for Kubernetes [venturebeat.com]

Argo CD vulnerability leaks sensitive info from Kubernetes apps [www.bleepingcomputer.com]

newest replies popular replies

Open Wiki - Feel free to edit it. -

2/6 '22 answered

Open-source Kubernetes tool Argo CD has a high-severity path traversal flaw: Patch now https://t.co/TifOM2lLXm pic.twitter.com/0fargxYPJZ
— Simplifying I.T.,LLC (@ITSimplifying) February 4, 2022

あらあら // Open-source Kubernetes tool Argo CD has high-severity flaw • The Register https://t.co/DFJCtli3vx
— guitarrapc_tech (@guitarrapc_tech) February 5, 2022

「オープンソースのKubernetesツールArgoCDには、重大度の高いパストラバーサルの欠陥があります。今すぐパッチを適用してください」https://t.co/92xiDazjQC
— キタきつね (@foxbook) February 4, 2022

Argo CD Security Bug Opens Kubernetes Cloud Apps to Attackers https://t.co/T7IPLWAdDK #databreach #cybersecurity #cybercrime #privacy #cyberattack #datasecurity #malware #shoebhakim #breach #sqlattack : LawhakAI
— LawHak (@lawyhak) February 5, 2022

Argo CD releases patch for zero-day vulnerability. By @ZDNet #Kubernetes #CyberSecurity #IoT #infosec #zeroday #MWC22
Cc: @digitalcloudgal @fogle_shane @TylerCohenWood @Shi4Tech @avrohomg @pettet50 @BillMew @techpearce2 @archonsec @robmay70 @gvalan https://t.co/A4fECtf3uw pic.twitter.com/nrYPaIA0vU
— Fabrizio Bustamante #MWC22 (@Fabriziobustama) February 5, 2022

#cybersecurity https://t.co/Q9jnQ1Xyyl Major vulnerability found in open source dev tool for Kubernetes
— InfoSecStuff (@infosecstuff) February 4, 2022

#CyberSec : Researchers disclose a zero day vulnerability in #ArgoCD, an #opensource #developer tool for #Kubernetes, which carries a 'high' severity rating ?#CyberSecurity https://t.co/R3zBhWO2mC
— ESENS (@EsensConsulting) February 4, 2022

Argo CD vulnerability leaks sensitive info from Kubernetes apps https://t.co/zJIam7SoUp
— Nicolas Krassas (@Dinosn) February 4, 2022

Argo CD vulnerability leaks sensitive info from Kubernetes apps https://t.co/uvVz5bRLjl
— The Cyber Security Hub™ (@TheCyberSecHub) February 4, 2022

permanent link

Open Wiki - Feel free to edit it. -

2/6 '22 answered

#ICYMI(2/3):Researchers disclosed a zero-day vulnerability in #opensource developer tool for #Kubernetes, which carries a “high” severity rating.
*The vulnerability was uncovered by the research team..#ISRAEL #STARTUP https://t.co/Qgmzhe7qAv #orchestration pic.twitter.com/6Xy0jvwLld
— STARTinfoUP (@moueller1961) February 6, 2022

permanent link

Reply with curations

Related

Featured