Bug 2081686 (CVE-2022-29165) - CVE-2022-29165 argocd: ArgoCD will blindly trust JWT claims if anonymous access is enabled
Summary: CVE-2022-29165 argocd: ArgoCD will blindly trust JWT claims if anonymous acce...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-29165
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2081692
TreeView+ depends on / blocked
 
Reported: 2022-05-04 11:37 UTC by Avinash Hanwate
Modified: 2022-07-07 15:58 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the ArgoCD component of Red Hat GitOps, where an unauthenticated attacker can craft a malicious JWT token while ArgoCD's anonymous access is enabled and gains full access to the ArgoCD instance. This flaw allows the attacker to impersonate any ArgoCD user or role, fully compromising the targeted cluster's confidentiality, integrity, and availability.
Clone Of:
Environment:
Last Closed: 2022-05-19 02:37:11 UTC

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:4671 0 None None None 2022-05-18 19:43:24 UTC
Red Hat Product Errata RHSA-2022:4690 0 None None None 2022-05-18 21:22:01 UTC
Red Hat Product Errata RHSA-2022:4691 0 None None None 2022-05-18 22:05:09 UTC
Red Hat Product Errata RHSA-2022:4692 0 None None None 2022-05-18 22:05:33 UTC

Description Avinash Hanwate 2022-05-04 11:37:31 UTC 
A critical vulnerability has been discovered in Argo CD which would allow unauthenticated users to impersonate any Argo CD user or role, including
the admin user, by sending a specifically crafted JSON Web Token (JWT) along with the request. In order for this vulnerability to be exploited,
anonymous access to the Argo CD instance must have been enabled.
Comment 15 errata-xmlrpc 2022-05-18 19:43:21 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift GitOps 1.3

Via RHSA-2022:4671 https://access.redhat.com/errata/RHSA-2022:4671
Comment 16 errata-xmlrpc 2022-05-18 21:21:59 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift GitOps 1.5

Via RHSA-2022:4690 https://access.redhat.com/errata/RHSA-2022:4690
Comment 17 errata-xmlrpc 2022-05-18 22:05:07 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift GitOps 1.3

Via RHSA-2022:4691 https://access.redhat.com/errata/RHSA-2022:4691
Comment 18 errata-xmlrpc 2022-05-18 22:05:31 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift GitOps 1.4

Via RHSA-2022:4692 https://access.redhat.com/errata/RHSA-2022:4692
Comment 19 Product Security DevOps Team 2022-05-19 02:37:09 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-29165
Note You need to log in before you can comment on or make changes to this bug.