9.6

CVE-2026-43824

Medienbericht
In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
HerstellerRed Hat
Produkt Red Hat OpenShift GitOps
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Openshift Data Foundation 4
Default Statusunaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.13
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cve@mitre.org 7.7 3.1 4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 9.6 3.1 5.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer

The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
18.05.2026 17:45
https://github.com/argoproj/argo-cd/security/advisories/GHSA-3v3m-wc6v-x4x3
https://access.redhat.com/security/cve/CVE-2026-43824
https://bugzilla.redhat.com/show_bug.cgi?id=2464613
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-43824.json