8.2

CVE-2024-13484

A flaw was found in openshift-gitops-operator-container. The openshift.io/cluster-monitoring label is applied to all namespaces that deploy an ArgoCD CR instance, allowing the namespace to create a rogue PrometheusRule. This issue can have adverse effects on the platform monitoring stack, as the rule is rolled out cluster-wide when the label is applied.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://github.com/redhat-developer/gitops-operator
Paket gitops-operator
Default Statusunaffected
Version < 1.13
Version 0
Status affected
HerstellerRed Hat
Produkt Red Hat OpenShift GitOps 1.14
Default Statusaffected
Version < *
Version v1.14.4-1
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift GitOps 1.14
Default Statusaffected
Version < *
Version v1.14.4-1
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift GitOps 1.14
Default Statusaffected
Version < *
Version v1.14.4-1
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift GitOps 1.14
Default Statusaffected
Version < *
Version v1.14.4-1
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift GitOps 1.14
Default Statusaffected
Version < *
Version v1.14.4-1
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift GitOps 1.14
Default Statusaffected
Version < *
Version v1.14.4-1
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift GitOps 1.14
Default Statusaffected
Version < *
Version v1.14.4-1
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift GitOps 1.14
Default Statusaffected
Version < *
Version v1.14.4-1
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift GitOps 1.14
Default Statusaffected
Version < *
Version v1.14.4-1
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift GitOps 1.14
Default Statusaffected
Version < *
Version v1.14.4-1
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift GitOps 1.15
Default Statusaffected
Version < *
Version v1.15.2-4
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift GitOps 1.15
Default Statusaffected
Version < *
Version v1.15.2-4
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift GitOps 1.15
Default Statusaffected
Version < *
Version v1.15.2-1
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift GitOps 1.15
Default Statusaffected
Version < *
Version v1.15.2-4
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift GitOps 1.15
Default Statusaffected
Version < *
Version v1.15.2-4
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift GitOps 1.15
Default Statusaffected
Version < *
Version v1.15.2-4
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift GitOps 1.15
Default Statusaffected
Version < *
Version v1.15.2-4
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift GitOps 1.15
Default Statusaffected
Version < *
Version v1.15.2-4
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift GitOps 1.15
Default Statusaffected
Version < *
Version v1.15.2-4
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift GitOps 1.15
Default Statusaffected
Version < *
Version v1.15.2-4
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift GitOps 1.16
Default Statusaffected
Version < *
Version sha256:81ea9837bfd653a2e965e7d545afede7d4bee6bf9cc658b7c81aceb6ee097b05
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.06% 0.179
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 8.2 1.5 6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.