Dissecting the 0-Day Supply Chain Vulnerability in Argo CD
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Explore the intricacies of a critical 0-day supply chain vulnerability discovered in Argo CD in this 28-minute conference talk by Moshe Zioni from Apiiro. Delve into the details of CVE-2022-24348, including the attacker's potential methods for bypassing Argo CD's security measures to exploit the vulnerability and access sensitive information. Learn about the research process that led to this discovery, understand the importance of this vulnerability within the ecosystem, and gain insights into effective remediation steps. Follow the speaker's journey from initial research to uncovering security checks, parsing issues, and extended attack scenarios. Conclude with a comprehensive summary of file permissions and key takeaways to enhance your understanding of supply chain security in cloud-native environments.
Syllabus
Introduction
Agenda
Basics
Why
Research Routine
Parsing
Developer Thread
Security Checks
Read the Documentation
Extended Attacks
Remediation
File Permissions
Summary Conclusion
Special Thanks
Taught by
CNCF [Cloud Native Computing Foundation]