Description

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It’s possible for authenticated users to enumerate clusters by name by inspecting error messages. It’s also possible to enumerate the names of projects with project-scoped clusters if you know the names of the clusters. This vulnerability is fixed in 2.11.3, 2.10.12, and 2.9.17.

INFO

Published Date :

2024-06-06T15:09:36.474Z

Last Modified :

2024-09-03T15:39:17.996Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-36106 vulnerability.

Vendors Products
Argoproj
  • Argo Cd
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-36106.

URL Resource
https://github.com/argoproj/argo-cd/commit/c2647055c261a550e5da075793260f6524e65ad9 cve-icon cve-icon cve-icon
https://github.com/argoproj/argo-cd/security/advisories/GHSA-3cqf-953p-h5cp cve-icon cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-36106 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-36106 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact