1. CVE-Search
  2. CVE-2023-23947
ID CVE-2023-23947
Summary Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All Argo CD versions starting with 2.3.0-rc1 and prior to 2.3.17, 2.4.23 2.5.11, and 2.6.2 are vulnerable to an improper authorization bug which allows users who have the ability to update at least one cluster secret to update any cluster secret. The attacker could use this access to escalate privileges (potentially controlling Kubernetes resources) or to break Argo CD functionality (by preventing connections to external clusters). A patch for this vulnerability has been released in Argo CD versions 2.6.2, 2.5.11, 2.4.23, and 2.3.17. Two workarounds are available. Either modify the RBAC configuration to completely revoke all `clusters, update` access, or use the `destinations` and `clusterResourceWhitelist` fields to apply similar restrictions as the `namespaces` and `clusterResources` fields.
References
Vulnerable Configurations
  • cpe:2.3:a:linuxfoundation:argo-cd:2.6.0:-:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.6.0:-:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.6.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.6.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.6.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.6.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.6.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.6.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.6.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.6.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.5.0:-:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.5.0:-:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.5.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.5.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.5.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.5.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.5.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.5.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.5.8:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.5.8:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.5.9:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.5.9:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.5.10:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.5.10:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.4.0:-:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.4.0:-:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.4.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.4.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.4.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.4.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.4.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.4.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.4.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.4.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.4.0:rc5:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.4.0:rc5:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.4.9:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.4.10:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.4.11:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.4.11:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.4.12:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.4.12:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.4.13:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.4.13:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.4.14:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.4.14:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.4.15:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.4.15:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.4.16:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.4.16:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.4.17:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.4.17:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.4.18:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.4.18:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.4.19:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.4.19:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.4.20:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.4.20:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.4.21:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.4.21:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.4.22:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.4.22:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.3.0:-:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.3.0:-:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.3.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.3.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.3.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.3.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.3.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.3.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.3.0:rc5:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.3.0:rc5:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.3.11:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.3.11:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.3.12:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.3.12:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.3.13:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.3.13:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.3.14:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.3.14:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.3.15:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.3.15:*:*:*:*:*:*:*
  • cpe:2.3:a:linuxfoundation:argo-cd:2.3.16:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:argo-cd:2.3.16:*:*:*:*:*:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE CWE-863
CAPEC
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 27-02-2023 - 18:00
Published 16-02-2023 - 18:15
Last modified 27-02-2023 - 18:00
Back to Top