Elad Pticha
Elad Pticha is a passionate security researcher with a focus on software supply chain and API security. Elad specializes in finding vulnerabilities in SDLC-related software. In his free time, Elad loves to code, hunt for vulnerable technologies, and use his skills to help companies mitigate their security risks. Before his current work at Cycode, Elad dedicated his time to finding critical vulnerabilities in web applications, IoT devices, and pretty much anything with an IP address, but his recent focus has shifted towards software supply chain security vulnerabilities. Elad is committed to staying up-to-date with the latest security trends and technologies and always seeking new challenges to tackle.
Session
Get ready for a revelation! We are about to unveil a new vulnerability with a critical score of 9.1, targeting Kubernetes clusters equipped with Argo CD, a widely-used GitOps continuous delivery tool embraced by major companies such as TikTok, Spotify, and Mercedes-Benz.
This vulnerability exploits the Argo CD server's elevated permissions, exposing an attack vector for malicious actors to escalate their privileges from an initial foothold in the cluster to gain complete control over Kubernetes cluster! By manipulating data within Argo CD's Redis caching server, attackers can deploy malicious pods, access sensitive information, and erase evidence of their activities. This abstract outlines the vulnerability's technical details, impact, and mitigation strategies, underscoring the critical need for robust security measures in Kubernetes environments utilizing GitOps.