Dissecting the 0-Day Supply Chain Vulnerability in Argo CD
CNCF [Cloud Native Computing Foundation] via YouTube
AI, Data Science & Cloud Certificates from Google, IBM & Meta
Get 20% off all career paths from fullstack to AI
Overview
Build a Learning Habit
Download Class Central's free printable study calendar
Download for Free
Explore the intricacies of a critical 0-day supply chain vulnerability discovered in Argo CD in this 28-minute conference talk by Moshe Zioni from Apiiro. Delve into the details of CVE-2022-24348, including the attacker's potential methods for bypassing Argo CD's security measures to exploit the vulnerability and access sensitive information. Learn about the research process that led to this discovery, understand the importance of this vulnerability within the ecosystem, and gain insights into effective remediation steps. Follow the speaker's journey from initial research to uncovering security checks, parsing issues, and extended attack scenarios. Conclude with a comprehensive summary of file permissions and key takeaways to enhance your understanding of supply chain security in cloud-native environments.
Syllabus
Introduction
Agenda
Basics
Why
Research Routine
Parsing
Developer Thread
Security Checks
Read the Documentation
Extended Attacks
Remediation
File Permissions
Summary Conclusion
Special Thanks
Taught by
CNCF [Cloud Native Computing Foundation]