Description

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. This report details a security vulnerability in Argo CD, where an unauthenticated attacker can send a specially crafted large JSON payload to the /api/webhook endpoint, causing excessive memory allocation that leads to service disruption by triggering an Out Of Memory (OOM) kill. The issue poses a high risk to the availability of Argo CD deployments. This vulnerability is fixed in 2.11.6, 2.10.15, and 2.9.20.

INFO

Published Date :

2024-07-22T17:22:55.732Z

Last Modified :

2024-08-02T04:33:11.910Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-40634 vulnerability.

Vendors Products
Argoproj
  • Argo-cd
  • Argo Cd
Redhat
  • Openshift Gitops
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-40634.

URL Resource
https://github.com/argoproj/argo-cd/commit/46c0c0b64deaab1ece70cb701030b76668ad0cdc cve-icon cve-icon
https://github.com/argoproj/argo-cd/commit/540e3a57b90eb3655db54793332fac86bcc38b36 cve-icon cve-icon
https://github.com/argoproj/argo-cd/commit/d881ee78949e23160a0b280bb159e4d3d625a4df cve-icon cve-icon
https://github.com/argoproj/argo-cd/security/advisories/GHSA-jmvp-698c-4x3w cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-40634 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-40634 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact