Main Vulnerability Database SB2024041578

SB2024041578 - Improper access control in Argo CD

Published: April 15, 2024 Updated: May 2, 2026

Security Bulletin ID SB2024041578

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper access control (CVE-ID: CVE-2024-31990)

The vulnerability allows a remote user to modify application resources outside intended project source namespace restrictions.

The vulnerability exists due to improper access control in the Argo CD API server when handling application updates and UI operations for an invalid Application. A remote user can change an Application's project assignment and then use the UI to edit a resource to modify application resources outside intended project source namespace restrictions.

Exploitation requires an Application to be created in one project and later reassigned to another project through kubectl or GitOps-managed changes.

Remediation

Install update from vendor's website.

SB2024041578 - Improper access control in Argo CD

Breakdown by Severity

Description

Remediation

References

Please verify you're human