← volver
CVE-2024-36106

Argo CD allows authenticated users to enumerate clusters by name

CVSS 4.3 MEDIUMEPSS 0.4%CWE-209
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 4.3EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
06 jun 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It’s possible for authenticated users to enumerate clusters by name by inspecting error messages. It’s also possible to enumerate the names of projects with project-scoped clusters if you know the names of the clusters. This vulnerability is fixed in 2.11.3, 2.10.12, and 2.9.17.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Productos afectados
argoproj · argo-cd

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/argoproj/argo-cd/commit/c2647055c261a550e5da075793260f6524e65ad9https://github.com/argoproj/argo-cd/security/advisories/GHSA-3cqf-953p-h5cp