CVE-2024-41666 - Vulnerability Details

Link	Providers
https://drive.google.com/file/d/1Fynj5Sho8Lf8CETqsNXZyPKlTDdmgJuN/view?usp=sharing
https://github.com/argoproj/argo-cd/commit/05edb2a9ca48f0f10608c1b49fbb0cf7164f6476
https://github.com/argoproj/argo-cd/commit/e96f32d233504101ddac028a5bf8117433d333d6
https://github.com/argoproj/argo-cd/commit/ef535230d8bd8ad7b18aab1ea1063e9751d348c4
https://github.com/argoproj/argo-cd/security/advisories/GHSA-v8wx-v5jq-qhhw
https://nvd.nist.gov/vuln/detail/CVE-2024-41666
https://www.cve.org/CVERecord?id=CVE-2024-41666

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41666", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-07-18T15:21:47.484Z", "datePublished": "2024-07-24T17:16:37.730Z", "dateUpdated": "2024-08-12T21:02:57.505Z"}, "containers": {"cna": {"title": "The Argo CD web terminal session does not handle the revocation of user permissions properly.", "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "lang": "en", "description": "CWE-269: Improper Privilege Management", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-v8wx-v5jq-qhhw", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-v8wx-v5jq-qhhw"}, {"name": "https://github.com/argoproj/argo-cd/commit/05edb2a9ca48f0f10608c1b49fbb0cf7164f6476", "tags": ["x_refsource_MISC"], "url": "https://github.com/argoproj/argo-cd/commit/05edb2a9ca48f0f10608c1b49fbb0cf7164f6476"}, {"name": "https://github.com/argoproj/argo-cd/commit/e96f32d233504101ddac028a5bf8117433d333d6", "tags": ["x_refsource_MISC"], "url": "https://github.com/argoproj/argo-cd/commit/e96f32d233504101ddac028a5bf8117433d333d6"}, {"name": "https://github.com/argoproj/argo-cd/commit/ef535230d8bd8ad7b18aab1ea1063e9751d348c4", "tags": ["x_refsource_MISC"], "url": "https://github.com/argoproj/argo-cd/commit/ef535230d8bd8ad7b18aab1ea1063e9751d348c4"}, {"name": "https://drive.google.com/file/d/1Fynj5Sho8Lf8CETqsNXZyPKlTDdmgJuN/view?usp=sharing", "tags": ["x_refsource_MISC"], "url": "https://drive.google.com/file/d/1Fynj5Sho8Lf8CETqsNXZyPKlTDdmgJuN/view?usp=sharing"}], "affected": [{"vendor": "argoproj", "product": "argo-cd", "versions": [{"version": ">= 2.6.0, < 2.9.21", "status": "affected"}, {"version": ">= 2.10.0, < 2.10.16", "status": "affected"}, {"version": ">= 2.11.0, < 2.11.7", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-07-24T17:16:37.730Z"}, "descriptions": [{"lang": "en", "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD has a Web-based terminal that allows users to get a shell inside a running pod, just as they would with kubectl exec. Starting in version 2.6.0, when the administrator enables this function and grants permission to the user `p, role:myrole, exec, create, */*, allow`, even if the user revokes this permission, the user can still perform operations in the container, as long as the user keeps the terminal view open for a long time. Although the token expiration and revocation of the user are fixed, however, the fix does not address the situation of revocation of only user `p, role:myrole, exec, create, */*, allow` permissions, which may still lead to the leakage of sensitive information. A patch for this vulnerability has been released in Argo CD versions 2.11.7, 2.10.16, and 2.9.21."}], "source": {"advisory": "GHSA-v8wx-v5jq-qhhw", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "argoproj", "product": "argo-cd", "cpes": ["cpe:2.3:a:argoproj:argo-cd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.6.0", "status": "affected", "lessThan": "2.9.21", "versionType": "custom"}, {"version": "2.10.0", "status": "affected", "lessThan": "2.10.16", "versionType": "custom"}, {"version": "2.11.0", "status": "affected", "lessThan": "2.11.7", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-24T18:05:21.749595Z", "id": "CVE-2024-41666", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-12T21:02:57.505Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:46:52.923Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-v8wx-v5jq-qhhw", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-v8wx-v5jq-qhhw"}, {"name": "https://github.com/argoproj/argo-cd/commit/05edb2a9ca48f0f10608c1b49fbb0cf7164f6476", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/argoproj/argo-cd/commit/05edb2a9ca48f0f10608c1b49fbb0cf7164f6476"}, {"name": "https://github.com/argoproj/argo-cd/commit/e96f32d233504101ddac028a5bf8117433d333d6", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/argoproj/argo-cd/commit/e96f32d233504101ddac028a5bf8117433d333d6"}, {"name": "https://github.com/argoproj/argo-cd/commit/ef535230d8bd8ad7b18aab1ea1063e9751d348c4", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/argoproj/argo-cd/commit/ef535230d8bd8ad7b18aab1ea1063e9751d348c4"}, {"name": "https://drive.google.com/file/d/1Fynj5Sho8Lf8CETqsNXZyPKlTDdmgJuN/view?usp=sharing", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://drive.google.com/file/d/1Fynj5Sho8Lf8CETqsNXZyPKlTDdmgJuN/view?usp=sharing"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-v8wx-v5jq-qhhw", "name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-v8wx-v5jq-qhhw", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/argoproj/argo-cd/commit/05edb2a9ca48f0f10608c1b49fbb0cf7164f6476", "name": "https://github.com/argoproj/argo-cd/commit/05edb2a9ca48f0f10608c1b49fbb0cf7164f6476", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/argoproj/argo-cd/commit/e96f32d233504101ddac028a5bf8117433d333d6", "name": "https://github.com/argoproj/argo-cd/commit/e96f32d233504101ddac028a5bf8117433d333d6", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/argoproj/argo-cd/commit/ef535230d8bd8ad7b18aab1ea1063e9751d348c4", "name": "https://github.com/argoproj/argo-cd/commit/ef535230d8bd8ad7b18aab1ea1063e9751d348c4", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://drive.google.com/file/d/1Fynj5Sho8Lf8CETqsNXZyPKlTDdmgJuN/view?usp=sharing", "name": "https://drive.google.com/file/d/1Fynj5Sho8Lf8CETqsNXZyPKlTDdmgJuN/view?usp=sharing", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:46:52.923Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41666", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-24T18:05:21.749595Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:argoproj:argo-cd:*:*:*:*:*:*:*:*"], "vendor": "argoproj", "product": "argo-cd", "versions": [{"status": "affected", "version": "2.6.0", "lessThan": "2.9.21", "versionType": "custom"}, {"status": "affected", "version": "2.10.0", "lessThan": "2.10.16", "versionType": "custom"}, {"status": "affected", "version": "2.11.0", "lessThan": "2.11.7", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-24T18:07:31.640Z"}}], "cna": {"title": "The Argo CD web terminal session does not handle the revocation of user permissions properly.", "source": {"advisory": "GHSA-v8wx-v5jq-qhhw", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "argoproj", "product": "argo-cd", "versions": [{"status": "affected", "version": ">= 2.6.0, < 2.9.21"}, {"status": "affected", "version": ">= 2.10.0, < 2.10.16"}, {"status": "affected", "version": ">= 2.11.0, < 2.11.7"}]}], "references": [{"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-v8wx-v5jq-qhhw", "name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-v8wx-v5jq-qhhw", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/argoproj/argo-cd/commit/05edb2a9ca48f0f10608c1b49fbb0cf7164f6476", "name": "https://github.com/argoproj/argo-cd/commit/05edb2a9ca48f0f10608c1b49fbb0cf7164f6476", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/argoproj/argo-cd/commit/e96f32d233504101ddac028a5bf8117433d333d6", "name": "https://github.com/argoproj/argo-cd/commit/e96f32d233504101ddac028a5bf8117433d333d6", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/argoproj/argo-cd/commit/ef535230d8bd8ad7b18aab1ea1063e9751d348c4", "name": "https://github.com/argoproj/argo-cd/commit/ef535230d8bd8ad7b18aab1ea1063e9751d348c4", "tags": ["x_refsource_MISC"]}, {"url": "https://drive.google.com/file/d/1Fynj5Sho8Lf8CETqsNXZyPKlTDdmgJuN/view?usp=sharing", "name": "https://drive.google.com/file/d/1Fynj5Sho8Lf8CETqsNXZyPKlTDdmgJuN/view?usp=sharing", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD has a Web-based terminal that allows users to get a shell inside a running pod, just as they would with kubectl exec. Starting in version 2.6.0, when the administrator enables this function and grants permission to the user `p, role:myrole, exec, create, */*, allow`, even if the user revokes this permission, the user can still perform operations in the container, as long as the user keeps the terminal view open for a long time. Although the token expiration and revocation of the user are fixed, however, the fix does not address the situation of revocation of only user `p, role:myrole, exec, create, */*, allow` permissions, which may still lead to the leakage of sensitive information. A patch for this vulnerability has been released in Argo CD versions 2.11.7, 2.10.16, and 2.9.21."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269: Improper Privilege Management"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-07-24T17:16:37.730Z"}}}, "cveMetadata": {"cveId": "CVE-2024-41666", "state": "PUBLISHED", "dateUpdated": "2024-08-12T21:02:57.505Z", "dateReserved": "2024-07-18T15:21:47.484Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-07-24T17:16:37.730Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD has a Web-based terminal that allows users to get a shell inside a running pod, just as they would with kubectl exec. Starting in version 2.6.0, when the administrator enables this function and grants permission to the user `p, role:myrole, exec, create, */*, allow`, even if the user revokes this permission, the user can still perform operations in the container, as long as the user keeps the terminal view open for a long time. Although the token expiration and revocation of the user are fixed, however, the fix does not address the situation of revocation of only user `p, role:myrole, exec, create, */*, allow` permissions, which may still lead to the leakage of sensitive information. A patch for this vulnerability has been released in Argo CD versions 2.11.7, 2.10.16, and 2.9.21."}, {"lang": "es", "value": "Argo CD es una herramienta declarativa de entrega continua de GitOps para Kubernetes. Argo CD tiene una terminal basada en web que permite a los usuarios obtener un shell dentro de un pod en ejecuci\u00f3n, tal como lo har\u00edan con kubectl exec. A partir de la versi\u00f3n 2.6.0, cuando el administrador habilita esta funci\u00f3n y otorga permiso al usuario `p, role:myrole, exec, create, */*, enable`, incluso si el usuario revoca este permiso, el usuario a\u00fan puede realizar operaciones en el contenedor, siempre y cuando el usuario mantenga abierta la vista del terminal durante mucho tiempo. Aunque la caducidad del token y la revocaci\u00f3n del usuario est\u00e1n arregladas, la soluci\u00f3n no aborda la situaci\u00f3n de revocaci\u00f3n de permisos \u00fanicamente del usuario `p, role:myrole, exec, create, */*, enable`, lo que a\u00fan puede conducir a la filtraci\u00f3n de informaci\u00f3n sensible. Se lanz\u00f3 un parche para esta vulnerabilidad en las versiones 2.11.7, 2.10.16 y 2.9.21 de Argo CD."}], "id": "CVE-2024-41666", "lastModified": "2024-11-21T09:32:56.193", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.4, "source": "[email protected]", "type": "Secondary"}]}, "published": "2024-07-24T18:15:05.090", "references": [{"source": "[email protected]", "url": "https://drive.google.com/file/d/1Fynj5Sho8Lf8CETqsNXZyPKlTDdmgJuN/view?usp=sharing"}, {"source": "[email protected]", "url": "https://github.com/argoproj/argo-cd/commit/05edb2a9ca48f0f10608c1b49fbb0cf7164f6476"}, {"source": "[email protected]", "url": "https://github.com/argoproj/argo-cd/commit/e96f32d233504101ddac028a5bf8117433d333d6"}, {"source": "[email protected]", "url": "https://github.com/argoproj/argo-cd/commit/ef535230d8bd8ad7b18aab1ea1063e9751d348c4"}, {"source": "[email protected]", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-v8wx-v5jq-qhhw"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://drive.google.com/file/d/1Fynj5Sho8Lf8CETqsNXZyPKlTDdmgJuN/view?usp=sharing"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/argoproj/argo-cd/commit/05edb2a9ca48f0f10608c1b49fbb0cf7164f6476"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/argoproj/argo-cd/commit/e96f32d233504101ddac028a5bf8117433d333d6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/argoproj/argo-cd/commit/ef535230d8bd8ad7b18aab1ea1063e9751d348c4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-v8wx-v5jq-qhhw"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "[email protected]", "type": "Secondary"}]}

{"bugzilla": {"description": "argocd: The Argo CD web terminal session does not handle the revocation of user permissions properly.", "id": "2299725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299725"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-269", "details": ["Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD has a Web-based terminal that allows users to get a shell inside a running pod, just as they would with kubectl exec. Starting in version 2.6.0, when the administrator enables this function and grants permission to the user `p, role:myrole, exec, create, */*, allow`, even if the user revokes this permission, the user can still perform operations in the container, as long as the user keeps the terminal view open for a long time. Although the token expiration and revocation of the user are fixed, however, the fix does not address the situation of revocation of only user `p, role:myrole, exec, create, */*, allow` permissions, which may still lead to the leakage of sensitive information. A patch for this vulnerability has been released in Argo CD versions 2.11.7, 2.10.16, and 2.9.21.", "A vulnerability was found in ArgoCD's web-based terminal. This issue may allow a user to continue sending WebSocket messages and access sensitive information even after their p, role:myrole, exec, create, */*, and allow permissions are revoked. The terminal session remains active as long as it is kept open, enabling unauthorized operations within the container, allowing an attacker to maintain the terminal session to gain access and view sensitive data despite revoked permissions."], "name": "CVE-2024-41666", "package_state": [{"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Affected", "package_name": "openshift-gitops-1/argocd-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Affected", "package_name": "openshift-gitops-1/gitops-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Affected", "package_name": "openshift-gitops-argocd-rhel9-container", "product_name": "Red Hat OpenShift GitOps"}], "public_date": "2024-07-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-41666\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-41666\nhttps://drive.google.com/file/d/1Fynj5Sho8Lf8CETqsNXZyPKlTDdmgJuN/view?usp=sharing\nhttps://github.com/argoproj/argo-cd/commit/05edb2a9ca48f0f10608c1b49fbb0cf7164f6476\nhttps://github.com/argoproj/argo-cd/commit/e96f32d233504101ddac028a5bf8117433d333d6\nhttps://github.com/argoproj/argo-cd/commit/ef535230d8bd8ad7b18aab1ea1063e9751d348c4\nhttps://github.com/argoproj/argo-cd/security/advisories/GHSA-v8wx-v5jq-qhhw"], "threat_severity": "Moderate"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object