Artificial Intelligence | News | Insights | AiThority
[bsfp-cryptocurrency style=”widget-18″ align=”marquee” columns=”6″ coins=”selected” coins-count=”6″ coins-selected=”BTC,ETH,XRP,LTC,EOS,ADA,XLM,NEO,LTC,EOS,XEM,DASH,USDT,BNB,QTUM,XVG,ONT,ZEC,STEEM” currency=”USD” title=”Cryptocurrency Widget” show_title=”0″ icon=”” scheme=”light” bs-show-desktop=”1″ bs-show-tablet=”1″ bs-show-phone=”1″ custom-css-class=”” custom-id=”” css=”.vc_custom_1523079266073{margin-bottom: 0px !important;padding-top: 0px !important;padding-bottom: 0px !important;}”]

Apiiro Discovers 0-Day Software Supply Chain Vulnerability in Argo CD

Apiiro, the leader in Cloud-Native Application Security, announced a major software supply chain zero-day vulnerability in Argo CD, the popular open source Continuous Delivery platform. The vulnerability enables attackers to access sensitive information such as secrets, passwords, and API keys, which can be used to escalate privileges and gain access to additional systems and resources.

The vulnerability, with a CVSS score of 7.7, allows malicious actors to load a Kubernetes Helm Chart YAML file to the vulnerability and “hop” from their application ecosystem to other applications’ data outside of the user’s scope. The actors can then read and exfiltrate data residing in other applications.

Recommended AI News: Connected2Fiber is Now Connectbase

The impact of the vulnerability is two-fold:

Related Posts
1 of 40,641
  • First, contents read from other files present on the reposerver may contain sensitive information.
  • Second, an attacker can use secrets, tokens, and keys often found in application files to escalate privileges or gain a foothold on additional systems.

“Supply chain attacks will continue to accelerate and it’s essential that Security researchers focus on securing the modern, cloud-native SDLC,” commented Moshe Zioni, Apiiro’s VP of Security Research.

Recommended AI News: CoreWeave Partners with EleutherAI & NovelAI to Make Open-source AI more accessible

[To share your insights with us, please write to sghosh@martechseries.com]

Comments are closed.