关联漏洞
标题:Argo CD 安全漏洞 (CVE-2024-31989)Description:Argo CD是一个应用软件。用于Kubernetes的声明性GitOps连续交付工具。它持续监控正在运行的应用程序并将当前的实时状态与所需的目标状态(例如 Git 仓库中的配置)进行比较,在 Git 仓库更改时自动同步和部署应用程序。 Argo CD存在安全漏洞,该漏洞源于在Redis缓存中使用有风险或缺失的加密算法。
Description
Exploit for CVE-2024-31989.
介绍
# CVE-2024-31989
# CVE-Exploit for Argo CD
This repository contains an exploit for CVE-2024-31989 that targets a Redis instance without a password in Argo CD.
## Description
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. This exploit leverages a vulnerability in Argo CD where a Redis instance is deployed without a password.
## Installation
1. Clone the repository:
```sh
git clone https://github.com/vt0x78/CVE-2024-31989.git
cd CVE-2024-31989
go build -o <name>
or just download the binary in releases.
##### *Usage*
./K8sHijack -key \<path to key name\> -pod \<path to pod manifest to deploy\>
# Reference Article
For a detailed explanation of this exploit and its implications, please refer to my article \<url\>.
文件快照
[4.0K] /data/pocs/d5540cd7b16c99784c39937361be9d9701bc649f
├── [7.4K] go.mod
├── [ 69K] go.sum
├── [6.1K] main.go
├── [ 619] pod-example.txt
└── [ 770] README.md
0 directories, 5 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。