Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

CNCF [Cloud Native Computing Foundation]

Dissecting the 0-Day Supply Chain Vulnerability in Argo CD

CNCF [Cloud Native Computing Foundation] via YouTube

Overview

Explore the intricacies of a critical 0-day supply chain vulnerability discovered in Argo CD in this 28-minute conference talk by Moshe Zioni from Apiiro. Delve into the details of CVE-2022-24348, including the attacker's potential methods for bypassing Argo CD's security measures to exploit the vulnerability and access sensitive information. Learn about the research process that led to this discovery, understand the importance of this vulnerability within the ecosystem, and gain insights into effective remediation steps. Follow the speaker's journey from initial research to uncovering security checks, parsing issues, and extended attack scenarios. Conclude with a comprehensive summary of file permissions and key takeaways to enhance your understanding of supply chain security in cloud-native environments.

Syllabus

Introduction
Agenda
Basics
Why
Research Routine
Parsing
Developer Thread
Security Checks
Read the Documentation
Extended Attacks
Remediation
File Permissions
Summary Conclusion
Special Thanks

Taught by

CNCF [Cloud Native Computing Foundation]

Reviews

Start your review of Dissecting the 0-Day Supply Chain Vulnerability in Argo CD

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.