CVE-2022-1025

CVSS V2 High 9 CVSS V3 High 8.8
Description
All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level.
Overview
  • CVE ID
  • CVE-2022-1025
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2022-07-12T21:15:09
  • Last Modified Date
  • 2023-02-12T22:15:22
Weakness Enumerations
CWE URL
CWE-1220 http://cwe.mitre.org/data/definitions/1220.html
CWE-863 http://cwe.mitre.org/data/definitions/863.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:linuxfoundation:argo-cd:*:*:*:*:*:*:*:* 1 OR 0.5.0 2.1.12
cpe:2.3:a:linuxfoundation:argo-cd:*:*:*:*:*:*:*:* 1 OR 2.2.0 2.2.7
cpe:2.3:a:linuxfoundation:argo-cd:*:*:*:*:*:*:*:* 1 OR 2.3.0 2.3.1
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:S/C:C/I:C/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • SINGLE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 9
  • Severity
  • HIGH
  • Exploitability Score
  • 8
  • Impact Score
  • 10
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • LOW
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 8.8
  • Base Severity
  • HIGH
  • Exploitability Score
  • 2.8
  • Impact Score
  • 5.9
References
Reference URL Reference Tags
https://access.redhat.com/errata/RHSA-2022:1039
https://access.redhat.com/errata/RHSA-2022:1040
https://access.redhat.com/errata/RHSA-2022:1041
https://access.redhat.com/errata/RHSA-2022:1042
https://access.redhat.com/security/cve/CVE-2022-1025
https://bugzilla.redhat.com/show_bug.cgi?id=2064682
https://github.com/argoproj/argo-cd/security/advisories/GHSA-2f5v-8r3f-8pww Exploit Third Party Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-1025
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1025
History
Created Old Value New Value Data Type Notes
2022-07-12 22:00:33 Added to TrackCVE
2023-02-02 22:14:04 2023-02-02T21:22:00 CVE Modified Date updated
2023-02-02 22:14:04 Analyzed Modified Vulnerability Status updated
2023-02-02 22:14:04 All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level. A privilege escalation flaw was found in ArgoCD. This flaw allows a malicious user who has push access to an application's source git or Helm repository, or sync and override access, to perform actions they are not authorized to do. For example, if the attacker has `update` or `delete` access, they can modify or delete any resource on the destination cluster and escalate ArgoCD privileges to the admin level. If the attacker has `get` access, they can view and list actions for any resource on the destination cluster except secrets and view the logs of any pods on the destination cluster. If the attacker has action/{some action or *} access on the application, they can run an action for any resource that supports the allowed action on the application's destination cluster. Description updated
2023-02-02 22:14:05 References updated
2023-02-12 22:18:05 2023-02-12T22:15:22 CVE Modified Date updated
2023-02-12 22:18:05 Weakness Enumeration update
2023-02-12 22:18:05 A privilege escalation flaw was found in ArgoCD. This flaw allows a malicious user who has push access to an application's source git or Helm repository, or sync and override access, to perform actions they are not authorized to do. For example, if the attacker has `update` or `delete` access, they can modify or delete any resource on the destination cluster and escalate ArgoCD privileges to the admin level. If the attacker has `get` access, they can view and list actions for any resource on the destination cluster except secrets and view the logs of any pods on the destination cluster. If the attacker has action/{some action or *} access on the application, they can run an action for any resource that supports the allowed action on the application's destination cluster. All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level. Description updated