CVE-2024-41666

The Argo CD web terminal session does not handle the revocation of user permissions properly.

Severity Score

4.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD has a Web-based terminal that allows users to get a shell inside a running pod, just as they would with kubectl exec. Starting in version 2.6.0, when the administrator enables this function and grants permission to the user `p, role:myrole, exec, create, */*, allow`, even if the user revokes this permission, the user can still perform operations in the container, as long as the user keeps the terminal view open for a long time. Although the token expiration and revocation of the user are fixed, however, the fix does not address the situation of revocation of only user `p, role:myrole, exec, create, */*, allow` permissions, which may still lead to the leakage of sensitive information. A patch for this vulnerability has been released in Argo CD versions 2.11.7, 2.10.16, and 2.9.21.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Authentication

Multiple

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

Poc

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-07-18 CVE Reserved
2024-07-24 CVE Published
2024-08-12 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-269: Improper Privilege Management

CAPEC

References (5)

URL	Tag	Source
https://drive.google.com/file/d/1Fynj5Sho8Lf8CETqsNXZyPKlTDdmgJuN/view?usp=sharing	X_refsource_misc
https://github.com/argoproj/argo-cd/commit/05edb2a9ca48f0f10608c1b49fbb0cf7164f6476	X_refsource_misc
https://github.com/argoproj/argo-cd/commit/e96f32d233504101ddac028a5bf8117433d333d6	X_refsource_misc
https://github.com/argoproj/argo-cd/commit/ef535230d8bd8ad7b18aab1ea1063e9751d348c4	X_refsource_misc
https://github.com/argoproj/argo-cd/security/advisories/GHSA-v8wx-v5jq-qhhw	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Argoproj Search vendor "Argoproj"		Argo-cd Search vendor "Argoproj" for product "Argo-cd"				>= 2.6.0 < 2.9.21 Search vendor "Argoproj" for product "Argo-cd" and version " >= 2.6.0 < 2.9.21"		en		Affected
Argoproj Search vendor "Argoproj"		Argo-cd Search vendor "Argoproj" for product "Argo-cd"				>= 2.10.0 < 2.10.16 Search vendor "Argoproj" for product "Argo-cd" and version " >= 2.10.0 < 2.10.16"		en		Affected
Argoproj Search vendor "Argoproj"		Argo-cd Search vendor "Argoproj" for product "Argo-cd"				>= 2.11.0 < 2.11.7 Search vendor "Argoproj" for product "Argo-cd" and version " >= 2.11.0 < 2.11.7"		en		Affected