2 matches found
CVE-2024-37152
A flaw was found in Argo-CD. There is an issue with unauthenticated information disclosure of settings data through an exposed API endpoint at /api/v1/settings...
CVE-2024-37152
Argo CD exposes sensitive settings via /api/v1/settings without authentication, enabling unauthenticated access to items such as passwordPattern. The issue is fixed in versions 2.11.3, 2.10.12, and 2.9.17. Affected product: Argo CD (Kubernetes GitOps tool). Root cause described across sources as ...