BOOK THIS SPACE FOR AD
ARTICLE AD6. February 2022
This article has been indexed from
CySecurity News – Latest Information Security and Hacking Incidents
Argo CD is among the most popular Kubernetes continuous deployment technologies. Besides being easy to operate, it has a lot of power too. Kubernetes GitOps is the first tool that comes to mind. For cluster bootstrapping, Argo CD uses the App of Apps pattern.
Instead of manually developing each Argo CD app, we can make it programmatically and automatically. The idea is simple: make a single Argo CD application that looks for a git repo directory and puts all of the Argo CD application configuration files there. As a result, whenever an application definition file is created on the git repo location, the Argo CD application is immediately produced. Inspiringly, any Kubernetes object, including Argo CD, can be generated or handled.
Apiiro’s Security Research team discovered a vulnerability scanning supply chain 0-day vulnerability (CVE-2022-24348) in Argo CD, another famous open source Continuous Delivery platform, which allows attackers to access sensitive data like secrets, passwords, and API keys.
Argo CD organizes and instigates the operation and monitoring of post-integration application deployment. A user can create a new deployment pipeline by specifying an Archive or a Kubernetes Helm Chart file which contains:
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article:
By continuing to use the site, you agree to the use of cookies. more information