CVE-2024-22424

Summary

CVE-2024-22424 is a cross-server request forgery (CSRF) vulnerability affecting Argo CD, a popular continuous delivery tool for Kubernetes, prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15. The vulnerability allows an attacker, who can manipulate a webpage on the same parent domain as Argo CD, to trick authenticated users into loading the malicious page. This results in the attacker being able to call Argo CD API endpoints on behalf of the victim, potentially leading to the execution of malicious code. Argo CD uses the "Lax" SameSite cookie policy, but it fails to prevent attacks when the destination is a parent domain of the Argo CD API. The vulnerability can be exploited even on internal subdomains, as the "Lax" SameSite policy does not prevent the browser from sending the auth cookie in such cases. The patch for this vulnerability, available in versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15, introduces a breaking API change, requiring non-GET requests to specify application/json as their Content-Type. Users are advised to upgrade to the patched versions as soon as possible. There are no known workarounds for this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.