CVE-2024-13484

CVSS v3.1

8.2

High

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions openshift-gitops-operator-container (affected versions not specified) ArgoCD (affected versions not specified)

Description A flaw was found in the software, allowing a namespace to create a rogue PrometheusRule when the openshift.io/cluster-monitoring label is applied to all namespaces that deploy an ArgoCD CR instance. This issue can have adverse effects on the platform monitoring stack, as the rule is rolled out cluster-wide when the label is applied.

Recommendations For openshift-gitops-operator-container, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For ArgoCD, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-668

Related Identifiers

CVE-2024-13484

GHSA-58FX-7V9Q-3G56

GO-2025-3427

OPENSUSE-SU-2025:14728-1

OPENSUSE-SU-2025_0429-1

SUSE-SU-2025:0429-1

Affected Products

Argo Cd

Suse

Openshift-Gitops-Operator-Container

CVE-2024-13484

Weakness Enumeration

Related Identifiers

Affected Products

References · 45