cbcvebase.
CVE-2024-41666
published 2024-07-24

CVE-2024-41666: Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD has a Web-based terminal that allows users to get a shell inside a running…

PriorityP337medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.69%
48.0th percentile
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD has a Web-based terminal that allows users to get a shell inside a running pod, just as they would with kubectl exec. Starting in version 2.6.0, when the administrator enables this function and grants permission to the user `p, role:myrole, exec, create, */*, allow`, even if the user revokes this permission, the user can still perform operations in the container, as long as the user keeps the terminal view open for a long time. Although the token expiration and revocation of the user are fixed, however, the fix does not address the situation of revocation of only user `p, role:myrole, exec, create, */*, allow` permissions, which may still lead to the leakage of sensitive information. A patch for this vulnerability has been released in Argo CD versions 2.11.7, 2.10.16, and 2.9.21.

Affected

9 ranges
VendorProductVersion rangeFixed in
argoprojargo-cd
argoprojargo-cd
argoprojargo-cd
argoprojargo_cd>= 2.10.0 < 2.10.162.10.16
argoprojargo_cd>= 2.11.0 < 2.11.72.11.7
argoprojargo_cd>= 2.6.0 < 2.9.212.9.21
github.comargoproj_argo-cd_v2>= 2.10.0 < 2.10.162.10.16
github.comargoproj_argo-cd_v2>= 2.11.0 < 2.11.72.11.7
github.comargoproj_argo-cd_v2>= 2.6.0 < 2.9.212.9.21

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
ghsa7.1HIGH
osv7.1HIGH
vendor_redhat4.7MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.