Upwind Discovers New ArgoCD CVE-2024-37152 & Takes Over a Kubernetes Cluster
The Upwind research team is constantly monitoring the evolving threat landscape for emerging threats and vulnerabilities, and we recently discovered a new Unauthenticated Access vulnerability in ArgoCD – CVE-2024-37152. While this is only a moderate CVE, our research team found it as part of a toxic combination that included internet exposure. This combination permitted unauthorized […]
Upwind takes over ArgoCD and an EKS Cluster Using Only A Simple CSRF Vulnerability
In recent weeks, Upwind’s research team dug into Argo CD, our research revealed two batches of vulnerabilities, specifically critical security vulnerabilities in Argo CD, including Cross-Site Request Forgery (CSRF) impacting GET, POST, and PUT requests, and Remote Code Execution (RCE) capabilities. These vulnerabilities opened doors to unauthorized exposure and manipulation of sensitive data within Kubernetes […]
