Lucene search
Bean-zhangH1:1916583HistoryMar 24, 2023 - 8:50 a.m.
Internet Bug Bounty: Authenticated but unauthorized users may enumerate Application names via the API
2023-03-2408:50:46
bean-zhang
hackerone.com
$2400
26
argo cd
information disclosure
unauthorized users
api bug
social engineering
EPSS
0.001
Percentile
30.9%
All versions of Argo CD starting with v0.5.0 are vulnerable to an information disclosure bug allowing unauthorized users to enumerate application names by inspecting API error messages.
STEPS:
- Login argocd with a user who has not application module’s priviledge.
- The user request ‘api/v1/application/**/logs’ restful api to download a log file.
- The log file’s content lead a information disclosure bug, which allowing unauthorized users to enumerate application names by inspecting API error messages. The error messages like ‘error gettingg applicaiton by name: ** not found’.
Impact
An attacker could use the discovered application names as the starting point of another attack. For example, the attacker might use their knowledge of an application name to convince an administrator to grant higher privileges (social engineering).
Related
prion
prion
Design/Logic Flaw
2023-03-27 14:15:00
cvelist
cvelist
CVE-2022-41354
2023-03-27 00:00:00
github
github
redhatcve
redhatcve
CVE-2022-41354
2023-03-23 16:43:04
redhat
redhat
(RHSA-2023:1452) Moderate: Red Hat OpenShift GitOps security update
2023-03-23 18:38:57
(RHSA-2023:1454) Moderate: Red Hat OpenShift GitOps security update
2023-03-23 19:09:39
(RHSA-2023:1453) Moderate: Red Hat OpenShift GitOps security update
2023-03-23 18:44:48
osv
osv
CVE-2022-41354
2023-03-27 14:15:07
nvd
nvd
CVE-2022-41354
2023-03-27 14:15:07
veracode
veracode
Information Disclosure
2023-03-24 04:26:50
cve
cve
CVE-2022-41354
2023-03-27 14:15:07