CVE-2024-13484

Feb. 12, 2025, 5:15 p.m.

8.2
High

Description

A flaw was found in openshift-gitops-operator-container. The openshift.io/cluster-monitoring label is applied to all namespaces that deploy an ArgoCD CR instance, allowing the namespace to create a rogue PrometheusRule. This issue can have adverse effects on the platform monitoring stack, as the rule is rolled out cluster-wide when the label is applied.

Product(s) Impacted

Product Versions
ArgoCD

Weaknesses

CWE-668
Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References

https://access.redhat.com/security/cve/CVE-2024-13484
https://bugzilla.redhat.com/show_bug.cgi?id=2269376

Tags

secalert@redhat.com
CWE-668
2025-01-28
CVE-2024-13484

CVSS Score

8.2 / 10

CVSS Data

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: HIGH
  • Scope: CHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH
    • View Vector String

    CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Date

  • Published: Jan. 28, 2025, 6:15 p.m.
  • Last Modified: Feb. 12, 2025, 5:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

secalert@redhat.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.