ArgoCD Vulnerability Allows Creation of Rogue Monitoring Rules
CVE-2024-13484

8.2HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Openshift Gitops
Vendor: CVE Published:; 28 January 2025

Summary

A flaw exists in ArgoCD where the openshift.io/cluster-monitoring label is automatically applied to all namespaces deploying an ArgoCD Custom Resource (CR) instance. This labeling enables potential malicious creation of a rogue PrometheusRule, which is then propagated across the entire cluster. Such an oversight could severely impact the integrity of the platform's monitoring stack, creating vulnerabilities in the overall security posture.

References

https://access.redhat.com/security/cve/CVE-2024-13484

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2269376

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 28, 2025
Vulnerability Reserved
Jan 16, 2025