CVE-2024-21652

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Mar 18, 2024

CWE ID 307

Summary

CVE-2024-21652 is a critical vulnerability affecting Argo CD, a popular continuous delivery tool for Kubernetes, prior to versions 2.8.13, 2.9.9, and 2.10.4. An attacker can exploit a combination of a Denial of Service (DoS) flaw and in-memory data storage weakness to bypass the application's brute force login protection. This vulnerability not only allows an attacker to crash the service and disrupt all users, but also enables them to make unlimited login attempts, significantly increasing the risk of account compromise. The affected versions have been patched in 2.8.13, 2.9.9, and 2.10.4.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/u76h3z
https://www.cve.org/CVERecord?id=CVE-2024-21652
https://nvd.nist.gov/vuln/detail/CVE-2024-21652

Back to Vulnerability Database

CVE-2024-21652

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations