CVE-2024-37152

CVSS V2 None CVSS V3 None

Description

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern. This vulnerability is fixed in 2.11.3, 2.10.12, and 2.9.17.

Overview

CVE ID
CVE-2024-37152

Assigner
GitHub_M

Vulnerability Status
PUBLISHED

Published Version
2024-06-06T15:33:29.843Z

Last Modified Date
2024-06-10T13:59:44.786Z

Weakness Enumerations

CWE	URL
CWE-287	http://cwe.mitre.org/data/definitions/287.html
CWE-306	http://cwe.mitre.org/data/definitions/306.html

References

Reference URL	Reference Tags
https://github.com/argoproj/argo-cd/security/advisories/GHSA-87p9-x75h-p4j2	x_refsource_CONFIRM
https://github.com/argoproj/argo-cd/commit/256d90178b11b04bc8174d08d7b663a2a7b1771b	x_refsource_MISC

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-37152
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37152

History

Created	Old Value	New Value	Data Type	Notes
2024-06-26 01:20:54				Added to TrackCVE