REDHAT-BUG-2167819
First published: Tue Feb 07 2023(Updated: )
All Argo CD versions starting with v2.3.0-rc1 are vulnerable to an improper authorization bug which allows users who have the ability to update at least one cluster secret to update any cluster secret.The attacker could use this access to escalate privileges (potentially controlling Kubernetes resources) or to break Argo CD functionality (by preventing connections to external clusters).
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Argo CD | >=v2.3.0-rc1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of REDHAT-BUG-2167819?
REDHAT-BUG-2167819 is classified as a critical vulnerability due to improper authorization leading to potential privilege escalation.
How do I fix REDHAT-BUG-2167819?
To fix REDHAT-BUG-2167819, update Argo CD to the latest version that addresses this vulnerability.
What versions of Argo CD are affected by REDHAT-BUG-2167819?
All Argo CD versions starting from v2.3.0-rc1 are vulnerable to REDHAT-BUG-2167819.
What can an attacker do with the vulnerability in REDHAT-BUG-2167819?
An attacker can exploit the vulnerability in REDHAT-BUG-2167819 to escalate privileges and potentially control Kubernetes resources.
Who is impacted by REDHAT-BUG-2167819?
Any user or team utilizing vulnerable versions of Argo CD that allow secret updates is impacted by REDHAT-BUG-2167819.
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-23947
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/argo
- canonical/argo cd