VYPR
Moderate severityNVD Advisory· Published Apr 15, 2024· Updated Aug 2, 2024

Argo CD' API server does not enforce project sourceNamespaces

CVE-2024-31990

Description

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces which allows attackers to use the UI to edit resources which should only be mutable via gitops. This vulenrability is fixed in 2.10.7, 2.9.12, and 2.8.16.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/argoproj/argo-cd/v2Go
>= 2.4.0, < 2.8.162.8.16
github.com/argoproj/argo-cd/v2Go
>= 2.9.0, < 2.9.122.9.12
github.com/argoproj/argo-cd/v2Go
>= 2.10.0, < 2.10.72.10.7

Affected products

30

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.