CVE-2024-41666

Описание

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD has a Web-based terminal that allows users to get a shell inside a running pod, just as they would with kubectl exec. Starting in version 2.6.0, when the administrator enables this function and grants permission to the user p, role:myrole, exec, create, */*, allow, even if the user revokes this permission, the user can still perform operations in the container, as long as the user keeps the terminal view open for a long time. Although the token expiration and revocation of the user are fixed, however, the fix does not address the situation of revocation of only user p, role:myrole, exec, create, */*, allow permissions, which may still lead to the leakage of sensitive information. A patch for this vulnerability has been released in Argo CD versions 2.11.7, 2.10.16, and 2.9.21.

A vulnerability was found in ArgoCD's web-based terminal. This issue may allow a user to continue sending WebSocket messages and access sensitive information even after their p, role:myrole, exec, create, /, and allow permissions are revoked. The terminal session remains active as long as it is kept open, enabling unauthorized operations within the container, allowing an attacker to maintain the terminal session to gain access and view sensitive data despite revoked permissions.