GitOops… I Did It Again! Protecting Your GitOps System from Being Used for Privilege Escalation - Oreen Livni & Elad Pticha, Cycode

less than 1 minute read

Abstract

From data theft to privilege escalation in the Kubernetes cluster, you don’t want to be the one telling your boss that your GitOps system has been compromised. This talk covers the security of GitOps tools, highlighting common misconfiguration pitfalls and how to avoid them. We will share the story of CVE-2024-31989, a critical vulnerability we discovered in the popular tool Argo. When installed with the default configuration, this vulnerability allowed privilege escalation from any access point to the cluster (such as a webshell) to complete cluster takeover. We will discuss common insecure configurations like this and provide examples from popular open-source projects to explain how your organization can protect itself from these risks. Attendees will receive a guide and practical tools to protect their GitOps systems against such threats.

Sched URL

Video

Share on

Twitter Facebook LinkedIn

About

Conferences

GitOops… I Did It Again! Protecting Your GitOps System from Being Used for Privilege Escalation - Oreen Livni & Elad Pticha, Cycode

Abstract

Video

Share on

You May Also Enjoy

Why Perfect Compliance Is the Enemy of Good Kubernetes Security - Michele Chubirka, Google

The Policy Engines Showdown - Gabriel L. Manor, Permit.io; Andres Aguiar, Okta; Omri Gazitt, Aserto; Pauline Jamin, Agicap; Tyler Schade, Geico; Joy Scharmen, StrongDM

Seccomp and eBPF; What’s the Difference? Why Do I Need to Know? - Natalia Reka Ivanko & Duffie Cooley, Isovalent @ Cisco

SPIFFE the Easy Way: Universal X509 and JWT Identities Using cert-manager - Tim Ramlot & Ashley Davis, Venafi