REDHAT-BUG-2269376
First published: Wed Mar 13 2024(Updated: )
Currently argocd applies the label openshift.io/cluster-monitoring to all namespaces that deploy a ArgoCD CR instance. This then allows the namespace to create a rogue PrometheusRule that can then have adverse effects on the platform monitoring stack. As the label is applied the rule is rolled out cluster wide. This gives anyone who has argocd instances deployed a way to escalate out of their namespace isolation and affect the entire cluster.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ArgoCD |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of REDHAT-BUG-2269376?
The severity of REDHAT-BUG-2269376 is considered critical due to its potential impact on the monitoring stack.
How do I fix REDHAT-BUG-2269376?
To fix REDHAT-BUG-2269376, ensure that the label openshift.io/cluster-monitoring is not applied indiscriminately to namespaces.
What systems are affected by REDHAT-BUG-2269376?
REDHAT-BUG-2269376 affects ArgoCD instances deployed on OpenShift platforms.
What are the potential risks of REDHAT-BUG-2269376?
The potential risks of REDHAT-BUG-2269376 include unauthorized modifications to monitoring rules that can disrupt platform monitoring.
When was REDHAT-BUG-2269376 reported?
REDHAT-BUG-2269376 was reported recently, highlighting a significant vulnerability in the deployment of ArgoCD.
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-13484
- agent/severity
- agent/references
- agent/last-modified-date
- agent/type
- agent/description
- agent/first-publish-date
- agent/source
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/argocd
- canonical/argocd