VYPR
Moderate severityNVD Advisory· Published Jun 6, 2024· Updated Aug 2, 2024

Unauthenticated Access to sensitive settings in Argo CD

CVE-2024-37152

Description

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern. This vulnerability is fixed in 2.11.3, 2.10.12, and 2.9.17.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/argoproj/argo-cd/v2/serverGo
>= 2.9.3, < 2.9.172.9.17
github.com/argoproj/argo-cd/v2/serverGo
>= 2.10.0, < 2.10.122.10.12
github.com/argoproj/argo-cd/v2/serverGo
>= 2.11.0, < 2.11.32.11.3

Affected products

3

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.