CVE-2024-36106

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-36106

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36106.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-36106

Aliases

Published

2024-06-06T15:09:36Z

Modified

2025-11-11T03:03:37.632007Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Argo CD allows authenticated users to enumerate clusters by name

Details

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It’s possible for authenticated users to enumerate clusters by name by inspecting error messages. It’s also possible to enumerate the names of projects with project-scoped clusters if you know the names of the clusters. This vulnerability is fixed in 2.11.3, 2.10.12, and 2.9.17.

Database specific

{
    "cwe_ids": [
        "CWE-209"
    ]
}

References

Affected packages

Git / github.com/argoproj/argo-cd

Affected ranges

Type

GIT

Repo

https://github.com/argoproj/argo-cd

Events

Introduced

2175939ed6156ddd743e60f427f7f48118c971bf

Fixed

cb6f5ac8b8c08ce26cce08b8a1bd2144034bd79b

Database specific

{
    "versions": [
        {
            "introduced": "2.10.0"
        },
        {
            "fixed": "2.10.12"
        }
    ]
}

Type

GIT

Repo

https://github.com/argoproj/argo-cd

Events

Introduced

d3f33c00197e7f1d16f2a73ce1aeced464b07175

Fixed

3f344d54a4e0bbbb4313e1c19cfe1e544b162598

Database specific

{
    "versions": [
        {
            "introduced": "2.11.0"
        },
        {
            "fixed": "2.11.3"
        }
    ]
}

Affected versions

v2.*

v2.10.0

v2.10.1

v2.10.10

v2.10.11

v2.10.2

v2.10.3

v2.10.4

v2.10.5

v2.10.6

v2.10.7

v2.10.8

v2.10.9

v2.11.0

v2.11.1

v2.11.2