CVE-2024-13484

{"id": "CVE-2024-13484", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.5}]}, "published": "2025-01-28T18:15:32.537", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-13484", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269376", "source": "secalert@redhat.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-668"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in openshift-gitops-operator-container. The openshift.io/cluster-monitoring label is applied to all namespaces that deploy an ArgoCD CR instance, allowing the namespace to create a rogue PrometheusRule. This issue can have adverse effects on the platform monitoring stack, as the rule is rolled out cluster-wide when the label is applied."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en ArgoCD. La etiqueta openshift.io/cluster-monitoring se aplica a todos los espacios de nombres que implementan una instancia CR de ArgoCD, lo que permite que el espacio de nombres cree una PrometheusRule no autorizada. Este problema puede tener efectos adversos en la pila de monitoreo de la plataforma, ya que la regla se implementa en todo el cl\u00faster cuando se aplica la etiqueta."}], "lastModified": "2025-02-12T17:15:23.177", "sourceIdentifier": "secalert@redhat.com"}