Explore a critical vulnerability in Kubernetes clusters using Argo CD, a popular GitOps continuous delivery tool, in this 36-minute conference talk from BSidesLV. Discover how attackers can exploit Argo CD server's elevated permissions to escalate privileges and gain full control over the cluster. Learn about the manipulation of Redis caching server data to deploy malicious pods, access sensitive information, and cover tracks. Understand the technical details, impact, and mitigation strategies for this high-severity vulnerability affecting major companies like TikTok, Spotify, and Mercedes-Benz. Gain insights into the importance of robust security measures in Kubernetes environments utilizing GitOps from speakers Oreen Livni Shein and Elad Pticha.
Argo CD and GitOps Security: Exploiting Redis Vulnerability in Kubernetes Clusters
Overview
Syllabus
Breaking Ground, Tue, Aug 6, 12:30 - Tue, Aug 6, CDT
Taught by
BSidesLV
Related Courses
-
Getting Started with Argo CD
-
Argo CD Essential Guide for End Users with Practice
-
Pipeline Pandemonium - Hijacking Cloud Security Through CI/CD Vulnerabilities
-
How GitOps with Argo CD Transforms Software Delivery
-
Argo CD Core - A Pure GitOps Agent for Kubernetes
-
GitOps Powered Kubernetes Testing With Testkube + Argo CD
