Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Report: Cluster Separation Violation in ArgoCD Installation Process #6036

Open
oreenlivnicode opened this issue Nov 8, 2024 · 0 comments
Open

Security Report: Cluster Separation Violation in ArgoCD Installation Process #6036

oreenlivnicode opened this issue Nov 8, 2024 · 0 comments
Labels
bug

Comments

@oreenlivnicode
Copy link

Describe the bug

The ArgoCD application is currently managed within the same cluster as the staging and production environments, which violates GitOps security practices regarding cluster separation. This configuration is unsafe and could potentially allow attackers to compromise the GitOps system through a compromised pod in one of the applications. Additionally, it may be misleading for users who fork the repository and use it out-of-the-box, as they could unknowingly adopt this insecure setup. We appreciate your attention to this matter and look forward to any improvements that can be made.

Paths with Observed Behavior

We observed this behavior in the following paths:

Jenkins Classic Notebook
Jenkins Readme

To reproduce

Follow the installation instructions to set up ArgoCD within the same namespace for both staging and production environments. This creates an insecure setup:

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

Create ArgoCD projects for staging and production within the same namespace:

argocd app create seldon-staging \
    --repo https://github.com/$GITHUB_ORG/$REPONAME \
    --path staging \
    --dest-namespace staging
argocd app create seldon-production \
    --repo https://github.com/$GITHUB_ORG/$REPONAME \
    --path production \
    --dest-namespace production

Expected behavior

ArgoCD should be deployed in its own cluster, managing applications in separate clusters for both staging and production environments. This separation is crucial because it minimizes the risk of privilege escalation and unauthorized access, protecting the integrity of each environment. Failing to follow this best practice can lead to vulnerabilities that compromise the entire system, as highlighted in our article on revealing a critical vulnerability in Argo CD.

The same is documented on ArgoCD Official Documentation

P.S

Thank you for taking the time to address this important issue. If there is anything else I can assist you with, please feel free to reach out. Your efforts to enhance the security of the Seldon Core project are greatly appreciated!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@oreenlivnicode