CVE-2024-31989

CRITICAL

Argo CD < 2.8.19 - Unauthenticated Privilege Escalation via Redis Server Access

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-31989. PoCs published by vt0x78.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2024-31989, targeting Argo CD's Redis instance without password authentication. The exploit manipulates cached manifest responses to inject malicious pod manifests, leveraging Redis cache poisoning.

Description

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has been discovered that an unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Despite having installed the latest version of the VPC CNI plugin on the EKS cluster, it requires manual enablement through configuration to enforce network policies. This raises concerns that many clients might unknowingly have open access to their Redis servers. This vulnerability could lead to Privilege Escalation to the level of cluster controller, or to information leakage, affecting anyone who does not have strict access controls on their Redis instance. This issue has been patched in version(s) 2.8.19, 2.9.15 and 2.10.10.

Exploits (1)

nomisec WORKING POC 3 stars

by vt0x78 · poc

https://github.com/vt0x78/CVE-2024-31989

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2024-31989, targeting Argo CD's Redis instance without password authentication. The exploit manipulates cached manifest responses to inject malicious pod manifests, leveraging Redis cache poisoning.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Argo CD (version not specified)

No auth needed

Prerequisites: Access to Redis instance without password · Valid Redis key and malicious pod manifest

MITRE ATT&CK