Veracode Vulnerability DatabaseVERACODE:47444Cluster Name Enumeration
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
github.com/argoproj/argo-cd is vulnerable to Cluster Name Enumeration. This vulnerability is due to inadequate handling of error messages such as cluster names, allowing attackers to enumerate clusters and project names within project-scoped clusters.
References
github.com/argoproj/argo-cd/commit/4fad51f895a8c0f865ee15ee8f9e6c42e44f6494
github.com/argoproj/argo-cd/commit/c2647055c261a550e5da075793260f6524e65ad9
github.com/argoproj/argo-cd/commit/e01bb5303ae664d5af0dc1560ce0b2f819494c12
github.com/argoproj/argo-cd/commit/ec35043a64563e685abf6bbcb833ec880cc0ce39
github.com/argoproj/argo-cd/security/advisories/GHSA-3cqf-953p-h5cp
Related
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%