Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces which allows attackers to use the UI to edit resources which should only be mutable via gitops. This vulenrability is fixed in 2.10.7, 2.9.12, and 2.8.16.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-04-15T19:52:55.718Z
Updated: 2024-08-02T01:59:50.786Z
Reserved: 2024-04-08T13:48:37.491Z
Link: CVE-2024-31990
Vulnrichment
Updated: 2024-04-23T18:46:13.817Z
NVD
Status : Awaiting Analysis
Published: 2024-04-15T20:15:11.127
Modified: 2024-11-21T09:14:17.697
Link: CVE-2024-31990
Redhat