Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern. This vulnerability is fixed in 2.11.3, 2.10.12, and 2.9.17.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-06-06T15:33:29.843Z
Updated: 2024-06-10T13:59:44.786Z
Reserved: 2024-06-03T17:29:38.328Z
Link: CVE-2024-37152
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-06-06T16:15:13.190
Modified: 2024-06-07T14:56:05.647
Link: CVE-2024-37152
JSON object: View
Redhat Information
No data.