Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It’s possible for authenticated users to enumerate clusters by name by inspecting error messages. It’s also possible to enumerate the names of projects with project-scoped clusters if you know the names of the clusters. This vulnerability is fixed in 2.11.3, 2.10.12, and 2.9.17.
References
Configurations
Configuration 1 (hide)
|
History
07 Aug 2024, 13:57
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/argoproj/argo-cd/commit/c2647055c261a550e5da075793260f6524e65ad9 - Patch | |
References | () https://github.com/argoproj/argo-cd/security/advisories/GHSA-3cqf-953p-h5cp - Vendor Advisory | |
CPE | cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:* | |
First Time |
Argoproj
Argoproj argo Cd |
07 Jun 2024, 14:56
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
06 Jun 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-06 15:15
Updated : 2024-08-07 13:57
NVD link : CVE-2024-36106
Mitre link : CVE-2024-36106
CVE.ORG link : CVE-2024-36106
JSON object : View
Products Affected
argoproj
- argo_cd
CWE
CWE-209
Generation of Error Message Containing Sensitive Information