Security Notices

2022-03-24 ArgoCD Improper access control allows admin privilege escalation (CVE-2022-1025)

A new security vulnerability in ArgoCD was recently disclosed affecting the ArgoCD versions 0.5.0 through 2.1.12, 2.2.7 and 2.3.1.

This vulnerability allows a malicious user to potentially escalate his privileges to admin-level. With these privileges, a malicious user could perform actions they are not authorized to (modify or delete any resource on the cluster, escalate ArgoCD privileges to the admin level, etc).

How to Patch It

We have updated all our solutions to include the latest versions of ArgoCD for branch 2 (2.3.2). We suggest you upgrade your ArgoCD installation to the latest version. If, for some reason, you are unable to upgrade your installation, the impact can be mitigated by avoiding unauthorized resource inspection/tampering and privilege escalation.

You can find more information about the security issue in the official notice.

Last modification March 25, 2022