CVE-2023-40025

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting from version 2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The most straightforward scenario is when a user opens the terminal view and leaves it open for an extended period. This allows the user to view sensitive information even when they should have been logged out already. A patch for this vulnerability has been released in the following Argo CD versions: 2.6.14, 2.7.12 and 2.8.1.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/argoproj/argo-cd/commit/e047efa8f9518c54d00d2e4493b64bc4dba98478	Patch
https://github.com/argoproj/argo-cd/security/advisories/GHSA-c8xw-vjgf-94hr	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:linuxfoundation:argo-cd::::::::
	cpe:2.3:a:linuxfoundation:argo-cd:2.7.11:::::::*
	cpe:2.3:a:linuxfoundation:argo-cd:2.8.0:::::::*

History

30 Aug 2023, 17:28

Type	Values Removed	Values Added
First Time		Linuxfoundation argo-cd Linuxfoundation
CPE		cpe:2.3:a:linuxfoundation:argo-cd:::::::: cpe:2.3:a:linuxfoundation:argo-cd:2.8.0:::::::* cpe:2.3:a:linuxfoundation:argo-cd:2.7.11:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.1
References	~~(MISC) https://github.com/argoproj/argo-cd/security/advisories/GHSA-c8xw-vjgf-94hr -~~	(MISC) https://github.com/argoproj/argo-cd/security/advisories/GHSA-c8xw-vjgf-94hr - Exploit, Vendor Advisory
References	~~(MISC) https://github.com/argoproj/argo-cd/commit/e047efa8f9518c54d00d2e4493b64bc4dba98478 -~~	(MISC) https://github.com/argoproj/argo-cd/commit/e047efa8f9518c54d00d2e4493b64bc4dba98478 - Patch

23 Aug 2023, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-08-23 20:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-40025

Mitre link : CVE-2023-40025

CVE.ORG link : CVE-2023-40025

JSON object : View

Products Affected

linuxfoundation

argo-cd

CWE

CWE-613

Insufficient Session Expiration

{"id": "CVE-2023-40025", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.2}]}, "published": "2023-08-23T20:15:08.840", "references": [{"url": "https://github.com/argoproj/argo-cd/commit/e047efa8f9518c54d00d2e4493b64bc4dba98478", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-c8xw-vjgf-94hr", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-613"}]}], "descriptions": [{"lang": "en", "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting from version 2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The most straightforward scenario is when a user opens the terminal view and leaves it open for an extended period. This allows the user to view sensitive information even when they should have been logged out already. A patch for this vulnerability has been released in the following Argo CD versions: 2.6.14, 2.7.12 and 2.8.1.\n"}], "lastModified": "2023-08-30T17:28:42.677", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:argo-cd:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA7B1FF7-B408-4641-831A-85D0093D6B0A", "versionEndIncluding": "2.6.13", "versionStartIncluding": "2.6.0"}, {"criteria": "cpe:2.3:a:linuxfoundation:argo-cd:2.7.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "397E918F-3D4B-4C32-A4BE-2650327521E2"}, {"criteria": "cpe:2.3:a:linuxfoundation:argo-cd:2.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "746A10AE-5AA1-487B-A2E8-F1E9F5F7550A"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}