9.6
CVE-2026-43824
- EPSS 0.23%
- Veröffentlicht 02.05.2026 01:20:33
- Zuletzt bearbeitet 30.06.2026 03:19:47
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
HerstellerRed Hat
≫
Produkt
Red Hat OpenShift GitOps
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Openshift Data Foundation 4
Default Statusunaffected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.13 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cve@mitre.org | 7.7 | 3.1 | 4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 9.6 | 3.1 | 5.8 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
|
CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer
The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.
CWE-312 Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://github.com/argoproj/argo-cd/security/advisories/GHSA-3v3m-wc6v-x4x3
https://access.redhat.com/security/cve/CVE-2026-43824
https://bugzilla.redhat.com/show_bug.cgi?id=2464613
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-43824.json