Tag: argoCD

Upwind Discovers New ArgoCD CVE-2024-37152 & Takes Over a Kubernetes Cluster

A cartoon monkey wearing headphones peeks out from a large blue box with the Kubernetes logo. The box is moving through a cloudy sky, while the word Upwind appears in the top right corner.

The Upwind research team is constantly monitoring the evolving threat landscape for emerging threats and vulnerabilities, and we recently discovered a new Unauthenticated Access vulnerability in ArgoCD – CVE-2024-37152. While this is only a moderate CVE, our research team found it as part of a toxic combination that included internet exposure. This combination permitted unauthorized […]

Upwind takes over ArgoCD and an EKS Cluster Using Only A Simple CSRF Vulnerability

Illustration of a smiling cartoon character with headphones emerging from a hole in sandy terrain, resembling a computer vulnerability. Text reads ArgoCD Vulnerability with a subtitle about exploiting a CSRF vulnerability to take over ArgoCD and EKS clusters.

In recent weeks, Upwind’s research team dug into Argo CD, our research revealed two batches of vulnerabilities, specifically critical security vulnerabilities in Argo CD, including Cross-Site Request Forgery (CSRF) impacting GET, POST, and PUT requests, and Remote Code Execution (RCE) capabilities.  These vulnerabilities opened doors to unauthorized exposure and manipulation of sensitive data within Kubernetes […]

Stay in touch

Product

CNAPP
Vulnerability Management
CSPM
Container Security
CWPP
CDR
API Security
Identity Security

General

About
Contact
Careers
Feed
Events
Case Studies
Get A Demo
Glossary

Social

Twitter
LinkedIn
Facebook

Resources

Documentation

Privacy Policy
Terms of Use

© 2025, Upwind Security