Argo Events Privileged Access Vulnerability via EventSource and Sensor Custom Resources

A vulnerability in Argo Events allows users with permission to create or modify EventSource and Sensor custom resources to gain privileged access to the host system and Kubernetes cluster. This issue arises from the ability to customize the orchestrated pod's specification, including sensitive properties such as the security context, volume mounts, and commands executed within the container. Exploitation of this vulnerability could lead to unauthorized access to cluster resources and host-level privileges, bypassing standard security models and controls.

Impact

Exploitation of this vulnerability can break tenant isolation in multi-tenant clusters, allowing non-admin users to gain access to host and cluster resources, potentially compromising the host system and accessing data from other tenants.

Reproduction

To reproduce this vulnerability, create an EventSource or Sensor custom resource with a specified container template that includes privileged settings, such as a security context allowing elevated permissions. An example payload is available in the advisory details.

Remediation

Users can upgrade to Argo Events version 1.9.6 or later, where this vulnerability has been patched.