Get ready for a revelation! We are about to unveil a new vulnerability with a critical score of 9.1, targeting Kubernetes clusters equipped with Argo CD, a widely-used GitOps continuous delivery tool embraced by major companies such as TikTok, Spotify, and Mercedes-Benz.
This vulnerability exploits the Argo CD server's elevated permissions, exposing an attack vector for malicious actors to escalate their privileges from an initial foothold in the cluster to gain complete control over Kubernetes cluster! By manipulating data within Argo CD's Redis caching server, attackers can deploy malicious pods, access sensitive information, and erase evidence of their activities. This abstract outlines the vulnerability's technical details, impact, and mitigation strategies, underscoring the critical need for robust security measures in Kubernetes environments utilizing GitOps.