Lucene search
Veracode Vulnerability DatabaseVERACODE:47437HistoryJun 10, 2024 - 6:09 a.m.
Improper Authorization
2024-06-1006:09:18
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
github
argo-cd
setting
authentication
endpoint
vulnerability
software
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
7
Confidence
High
EPSS
0.206
Percentile
96.5%
github.com/argoproj/argo-cd/ is vulnerable to Improper Authorization. The vulnerability is caused by the exposure of the passwordPattern setting through the /api/v1/settings endpoint without authentication.
Related
nvd
nvd
CVE-2024-37152
2024-06-06 16:15:13
osv
osv
Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
2024-06-14 13:41:08
BIT-argo-cd-2024-37152
2024-06-08 07:16:04
Unauthenticated Access to sensitive settings in Argo CD
2024-06-06 21:27:43
cvelist
cvelist
CVE-2024-37152 Unauthenticated Access to sensitive settings in Argo CD
2024-06-06 15:33:29
vulnrichment
vulnrichment
CVE-2024-37152 Unauthenticated Access to sensitive settings in Argo CD
2024-06-06 15:33:29
nuclei
nuclei
Argo CD Unauthenticated Access to sensitive setting
2024-06-26 12:54:12
cve
cve
CVE-2024-37152
2024-06-06 16:15:13
github
github
Unauthenticated Access to sensitive settings in Argo CD
2024-06-06 21:27:43
redhatcve
redhatcve
CVE-2024-37152
2024-06-14 03:12:25
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
7
Confidence
High
EPSS
0.206
Percentile
96.5%
Related for VERACODE:47437