4.3

CVE-2024-36106

EPSS 0.64%
Veröffentlicht 06.06.2024 15:15:45
Zuletzt bearbeitet 21.11.2024 09:21:37
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It’s possible for authenticated users to enumerate clusters by name by inspecting error messages. It’s also possible to enumerate the names of projects with project-scoped clusters if you know the names of the clusters. This vulnerability is fixed in 2.11.3, 2.10.12, and 2.9.17.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Argoproj ≫ Argo Cd Version > 0.11.0 < 2.9.17

Argoproj ≫ Argo Cd Version >= 2.10.0 < 2.10.12

Argoproj ≫ Argo Cd Version >= 2.11.0 < 2.11.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.64%	0.698

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
security-advisories@github.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

https://github.com/argoproj/argo-cd/commit/c2647055c261a550e5da075793260f6524e65ad9

Patch

https://github.com/argoproj/argo-cd/security/advisories/GHSA-3cqf-953p-h5cp

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-36106

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-36106

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-36106

EUVD