CVE-2022-29165 Privilege escalation in ArgoCD
Issue
- A flaw was found in the ArgoCD component of Red Hat GitOps, where an unauthenticated attacker can craft a malicious JWT token while ArgoCD's anonymous access is enabled and gains full access to the ArgoCD instance. This flaw allows the attacker to impersonate any ArgoCD user or role, fully compromising the targeted cluster's confidentiality, integrity, and availability.
Environment
- Red Hat OpenShift Container Platform (RHOCP) 4
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.