8.2

CVE-2024-13484

A flaw was found in openshift-gitops-operator-container. The openshift.io/cluster-monitoring label is applied to all namespaces that deploy an ArgoCD CR instance, allowing the namespace to create a rogue PrometheusRule. This issue can have adverse effects on the platform monitoring stack, as the rule is rolled out cluster-wide when the label is applied.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://github.com/redhat-developer/gitops-operator
Package gitops-operator
Default Statusunaffected
Version < 1.13
Version 0
Status affected
VendorRed Hat
Product Red Hat OpenShift GitOps 1.14
Default Statusaffected
Version < *
Version v1.14.4-1
Status unaffected
VendorRed Hat
Product Red Hat OpenShift GitOps 1.14
Default Statusaffected
Version < *
Version v1.14.4-1
Status unaffected
VendorRed Hat
Product Red Hat OpenShift GitOps 1.14
Default Statusaffected
Version < *
Version v1.14.4-1
Status unaffected
VendorRed Hat
Product Red Hat OpenShift GitOps 1.14
Default Statusaffected
Version < *
Version v1.14.4-1
Status unaffected
VendorRed Hat
Product Red Hat OpenShift GitOps 1.14
Default Statusaffected
Version < *
Version v1.14.4-1
Status unaffected
VendorRed Hat
Product Red Hat OpenShift GitOps 1.14
Default Statusaffected
Version < *
Version v1.14.4-1
Status unaffected
VendorRed Hat
Product Red Hat OpenShift GitOps 1.14
Default Statusaffected
Version < *
Version v1.14.4-1
Status unaffected
VendorRed Hat
Product Red Hat OpenShift GitOps 1.14
Default Statusaffected
Version < *
Version v1.14.4-1
Status unaffected
VendorRed Hat
Product Red Hat OpenShift GitOps 1.14
Default Statusaffected
Version < *
Version v1.14.4-1
Status unaffected
VendorRed Hat
Product Red Hat OpenShift GitOps 1.14
Default Statusaffected
Version < *
Version v1.14.4-1
Status unaffected
VendorRed Hat
Product Red Hat OpenShift GitOps 1.15
Default Statusaffected
Version < *
Version v1.15.2-4
Status unaffected
VendorRed Hat
Product Red Hat OpenShift GitOps 1.15
Default Statusaffected
Version < *
Version v1.15.2-4
Status unaffected
VendorRed Hat
Product Red Hat OpenShift GitOps 1.15
Default Statusaffected
Version < *
Version v1.15.2-1
Status unaffected
VendorRed Hat
Product Red Hat OpenShift GitOps 1.15
Default Statusaffected
Version < *
Version v1.15.2-4
Status unaffected
VendorRed Hat
Product Red Hat OpenShift GitOps 1.15
Default Statusaffected
Version < *
Version v1.15.2-4
Status unaffected
VendorRed Hat
Product Red Hat OpenShift GitOps 1.15
Default Statusaffected
Version < *
Version v1.15.2-4
Status unaffected
VendorRed Hat
Product Red Hat OpenShift GitOps 1.15
Default Statusaffected
Version < *
Version v1.15.2-4
Status unaffected
VendorRed Hat
Product Red Hat OpenShift GitOps 1.15
Default Statusaffected
Version < *
Version v1.15.2-4
Status unaffected
VendorRed Hat
Product Red Hat OpenShift GitOps 1.15
Default Statusaffected
Version < *
Version v1.15.2-4
Status unaffected
VendorRed Hat
Product Red Hat OpenShift GitOps 1.15
Default Statusaffected
Version < *
Version v1.15.2-4
Status unaffected
VendorRed Hat
Product Red Hat OpenShift GitOps 1.16
Default Statusaffected
Version < *
Version sha256:4c56abf35c11af85501a8c4a2ec30b1f1efd28eee8af6d62e417846a40cde72e
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.05% 0.141
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
secalert@redhat.com 8.2 1.5 6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.