Attacking Argo CD with Argo CD (and then Defending) - Michael Crenshaw, Intuit
![CNCF [Cloud Native Computing Foundation]](http://yt3.ggpht.com/txe66EjpkDQQlx_4jDV0yA0PPsww0rqQrFhMpDqagLWN2-EUBBO65IuIyy5tEFVmpI4_RRduzXc=s48-c-k-c0x00ffffff-no-rj)
ฝัง
- เผยแพร่เมื่อ 12 ก.ย. 2024
- Attacking Argo CD with Argo CD (and then Defending) - Michael Crenshaw, Intuit
Argo CD manages Kubernetes resources, and Argo CD is itself a set of Kubernetes resources. This talk will show how a lax RBAC configuration could allow users to escalate their privileges by using Argo CD to modify Argo CD. We’ll start with a trivial attack and then incrementally restrict Argo CD RBAC and Project restrictions until no attack is possible. This talk will demonstrate the process that every Argo CD admin should follow when setting up their Argo CD RBAC and Project settings.
Very informational, I was happy to learn about these vulnerabilities
Great talk. 29:02 As you mentioned kyverno has some policies for validating ArgoCD Applications and AppProjects, and it would be easy to add more.