Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It’s possible for authenticated users to enumerate clusters by name by inspecting error messages. It’s also possible to enumerate the names of projects with project-scoped clusters if you know the names of the clusters. This vulnerability is fixed in 2.11.3, 2.10.12, and 2.9.17.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-06-06T15:09:36.474Z
Updated: 2024-06-06T15:09:36.474Z
Reserved: 2024-05-20T21:07:48.186Z
Link: CVE-2024-36106
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-06-06T15:15:45.023
Modified: 2024-06-07T14:56:05.647
Link: CVE-2024-36106
JSON object: View
Redhat Information
No data.
CWE