CVE-2024-21662

Name of the Vulnerable Software and Affected Versions Argo CD versions prior to 2.8.13 Argo CD versions prior to 2.9.9 Argo CD versions prior to 2.10.4

Description The issue is related to the mechanism of caching in Argo CD, which is a declarative, GitOps continuous delivery tool for Kubernetes. An attacker can exploit the application's weak cache-based mechanism to bypass the rate limit and brute force protections. This can be done by overflowing the cache, which tracks login attempts for each user and is limited to a defaultMaxCacheSize of 1000 entries, by bombarding it with login attempts for different users. This effectively resets the rate limit for the admin account, allowing attackers to perform brute force attacks at an accelerated rate.

Recommendations For versions prior to 2.8.13, upgrade to version 2.8.13 or later to receive a patch. For versions prior to 2.9.9, upgrade to version 2.9.9 or later to receive a patch. For versions prior to 2.10.4, upgrade to version 2.10.4 or later to receive a patch. As a temporary workaround, consider restricting access to the login functionality to minimize the risk of exploitation.