Critical Argo CD API Vulnerability Exposes Repository Credentials
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
A critical vulnerability has been discovered in Argo CD that allows API tokens with limited permissions to access sensitive repository credentials.<\/p>\n
The flaw in the project details API endpoint exposes usernames and passwords, undermining the platform\u2019s security model by granting access to secrets without explicit permissions.<\/p>\n
The vulnerability stems from an improper authorization check in the Project API, specifically the According to the vulnerability details, API tokens<\/a> with standard project-level permissions, such as those for managing applications, can retrieve all repository credentials associated with that project.<\/p>\n The expected behavior is that any request for sensitive information, like secrets, would require explicit, elevated permissions. However, the actual behavior allows tokens with basic access to fetch this data.<\/p>\n This issue is not confined to project-specific roles. Any token holding Exploitation is straightforward. An attacker in possession of a valid API token with the necessary permissions can make a simple authenticated call to the detailed project API endpoint<\/a>.<\/p>\n The resulting JSON response will incorrectly include an The consequences of this vulnerability are severe, as exposed credentials could lead to source code theft, malicious code injection into the CI\/CD pipeline, and further compromise of development infrastructure.<\/p>\n The Argo CD development team has addressed<\/a> the issue and released patches. Administrators are strongly advised to upgrade their instances to one of the following secure versions immediately to mitigate the risk:<\/p>\n Upgrading to a patched version will ensure that the API endpoint properly enforces permission checks and prevents the unauthorized disclosure of repository credentials.<\/p>\n Find this Story Interesting! Follow us on Google News<\/a>,\u00a0LinkedIn<\/a>,\u00a0and\u00a0X<\/a>\u00a0to Get More Instant Updates<\/strong>.<\/p>\n The post Critical Argo CD API Vulnerability Exposes Repository Credentials<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n\/api\/v1\/projects\/{project}\/detailed<\/code> endpoint.<\/p>\nExploitation<\/strong><\/h2>\n
project get<\/code> permissions is considered vulnerable, including those with broader global permissions like p, role\/user, projects, get, *, allow<\/code>. This widens the potential attack surface significantly, as more general-purpose tokens could be used to exploit the flaw.<\/p>\nrepositories<\/code> object containing plaintext username<\/code> and password<\/code> credentials for the repositories connected to the project. This allows an attacker to easily harvest credentials that can be used to access private source code repositories.<\/p>\n\n