Upwind takes over ArgoCD and an EKS Cluster Using Only A Simple CSRF Vulnerability

In recent weeks, Upwind’s research team dug into Argo CD, our research revealed two batches of vulnerabilities, specifically critical security vulnerabilities in Argo CD, including Cross-Site Request Forgery (CSRF) impacting GET, POST, and PUT requests, and Remote Code Execution (RCE) capabilities.  These vulnerabilities opened doors to unauthorized exposure and manipulation of sensitive data within Kubernetes […]