Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern. This vulnerability is fixed in 2.11.3, 2.10.12, and 2.9.17.
Metrics
Affected Vendors & Products
References
History
Wed, 18 Sep 2024 13:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Argoproj
Argoproj argo Cd |
|
CPEs | cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:* | |
Vendors & Products |
Argoproj
Argoproj argo Cd |
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-06-06T15:33:29.843Z
Updated: 2024-08-02T03:50:55.946Z
Reserved: 2024-06-03T17:29:38.328Z
Link: CVE-2024-37152
Vulnrichment
Updated: 2024-08-02T03:50:55.946Z
NVD
Status : Modified
Published: 2024-06-06T16:15:13.190
Modified: 2024-11-21T09:23:18.570
Link: CVE-2024-37152
Redhat