CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-31989

Medium Severity
Argoproj
SVRS
30/100
CVSSv3
9.0/10
EPSS
0.02528/1

CVE-2024-31989 affects Argo CD, a GitOps continuous delivery tool for Kubernetes. This vulnerability allows an unprivileged pod in a separate namespace to connect to the Redis server, potentially leading to privilege escalation or information leakage. The relatively low SOCRadar Vulnerability Risk Score (SVRS) of 30, despite a CVSS score of 9, suggests that while inherently risky, active exploitation might be less widespread currently. However, with available exploits in the wild, the risk should not be ignored. Failure to implement strict access controls on the Redis instance can expose sensitive data and grant unauthorized control over the cluster. Immediate action is recommended for organizations not running versions 2.8.19, 2.9.15, or 2.10.10, focusing on network policies for their Redis servers. Patching to the latest versions and implementing appropriate network security are crucial for mitigating this risk. This issue highlights the importance of securing internal services, even within a Kubernetes cluster.

TAGS
In The Wild
Exploit Avaliable
VECTOR STRING
CVSS:3.1
AV:A
AC:L
PR:L
UI:N
S:C
C:H
I:H
A:H
PUBLICATION DATE2024-05-21
LAST MODIFIED2025-01-09
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-31989 affects Argo CD, a continuous delivery tool for Kubernetes. It allows unprivileged pods in different namespaces to connect to the Redis server on port 6379, potentially leading to privilege escalation or information leakage. The SVRS of 48 indicates a moderate risk, requiring attention and appropriate mitigation measures.

Key Insights

  • Privilege Escalation Risk: This vulnerability could allow attackers to escalate privileges to the level of cluster controller, gaining significant control over the Kubernetes cluster.
  • Information Leakage: Attackers could exploit this vulnerability to access sensitive information stored in the Redis server, such as secrets or configuration data.
  • Wide Impact: This vulnerability affects all Argo CD users who have not implemented strict access controls on their Redis instance.
  • Active Exploits: There are no known active exploits for this vulnerability at this time.

Mitigation Strategies

  • Update Argo CD: Upgrade to Argo CD version 2.8.19, 2.9.15, or 2.10.10, which includes the patch for this vulnerability.
  • Enforce Network Policies: Ensure that network policies are enforced on the EKS cluster to restrict access to the Redis server.
  • Implement Access Controls: Implement strict access controls on the Redis instance to prevent unauthorized access.
  • Monitor for Suspicious Activity: Monitor the Kubernetes cluster for any suspicious activity that could indicate exploitation of this vulnerability.

Additional Information

  • Threat Actors/APT Groups: No specific threat actors or APT groups have been identified as actively exploiting this vulnerability.
  • Exploit Status: No active exploits have been published for this vulnerability.
  • CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning for this vulnerability.
  • In the Wild: This vulnerability is not known to be actively exploited in the wild.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
vt0x78/CVE-2024-31989https://github.com/vt0x78/CVE-2024-319892024-07-17
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-31989 | argo-cd prior 2.8.19/2.9.15/2.10.10 Redis Server risky encryption (GHSA-9766-5277-j5hr)
vuldb.com2025-01-10
CVE-2024-31989 | argo-cd prior 2.8.19/2.9.15/2.10.10 Redis Server risky encryption (GHSA-9766-5277-j5hr) | A vulnerability was found in argo-cd and classified as problematic. This issue affects some unknown processing of the component Redis Server. The manipulation leads to risky cryptographic algorithm. The identification of this vulnerability is CVE-2024-31989. The attack needs to be done within the local network
vuldb.com
rss
forum
news
Red Hat Security Advisory 2024-3475-03
2024-05-30
Red Hat Security Advisory 2024-3475-03 | Red Hat Security Advisory 2024-3475-03 - An update is now available for Red Hat OpenShift GitOps v1.11.5 to address the CVE-2024-31989, Unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.
packetstormsecurity.com
rss
forum
news
Red Hat Security Advisory 2024-3368-03
2024-05-28
Red Hat Security Advisory 2024-3368-03 | Red Hat Security Advisory 2024-3368-03 - An update is now available for Red Hat OpenShift GitOps v1.12.3 to address the CVE-2024-31989, Unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.
cve-2024-31989
cves
red hat
security
Red Hat Security Advisory 2024-3369-03
2024-05-28
Red Hat Security Advisory 2024-3369-03 | Red Hat Security Advisory 2024-3369-03 - An update is now available for Red Hat OpenShift GitOps v1.10.6 to address the CVE-2024-31989, Unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.
cve-2024-31989
cves
red hat
security

Social Media

CVE-2024-31989: Critical Argo CD Flaw Exposes Kubernetes Clusters to Takeover Argo CD, a popular GitOps continuous delivery tool for Kubernetes, has disclosed a critical #security vulnerability (CVE-2024-31989, CVSS 9.1) that could allow attackers to seize control of #Kubernetes…
1
0
0
CVE-2024-31989 (CVSS:9.0, CRITICAL) is Awaiting Analysis. Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has been discovered that an unprivileged po..https://t.co/1jl9gJebDx #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
0
0
0
CVE-2024-31989 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has been discovered that an unprivileged pod in a different namespace on the same cluster… https://t.co/zmThADMVEL
0
0
0
CVE-2024-31989: Critical Argo CD Flaw Exposes Kubernetes Clusters to Takeover https://t.co/RjyS22cd1c
0
0
0
#Vulnerability #ArgoCD CVE-2024-31989: Critical Argo CD Flaw Exposes Kubernetes Clusters to Takeover https://t.co/fKOZ54XpyT
0
0
0
CVE-2024-31989: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache https://t.co/PaoNzUIpik
0
0
0
CVE-2024-31989 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has been discovered that an unprivileged pod in a different namespace on the same cluster could connect to the Redis serv... https://t.co/xYFSPmKpjY
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppArgoprojargo_cd

References

ReferenceLink
[email protected]https://github.com/argoproj/argo-cd/commit/2de0ceade243039c120c28374016c04ff9590d1d
[email protected]https://github.com/argoproj/argo-cd/commit/35a7d6c7fa1534aceba763d6a68697f36c12e678
[email protected]https://github.com/argoproj/argo-cd/commit/4e2fe302c3352a0012ecbe7f03476b0e07f7fc6c
[email protected]https://github.com/argoproj/argo-cd/commit/53570cbd143bced49d4376d6e31bd9c7bd2659ff
[email protected]https://github.com/argoproj/argo-cd/commit/6ef7b62a0f67e74b4aac2aee31c98ae49dd95d12
[email protected]https://github.com/argoproj/argo-cd/commit/9552034a80070a93a161bfa330359585f3b85f07
[email protected]https://github.com/argoproj/argo-cd/commit/bdd889d43969ba738ddd15e1f674d27964048994
[email protected]https://github.com/argoproj/argo-cd/commit/f1a449e83ee73f8f14d441563b6a31b504f8d8b0
[email protected]https://github.com/argoproj/argo-cd/security/advisories/GHSA-9766-5277-j5hr
AF854A3A-2127-422B-91AE-364DA2661108https://github.com/argoproj/argo-cd/commit/2de0ceade243039c120c28374016c04ff9590d1d
AF854A3A-2127-422B-91AE-364DA2661108https://github.com/argoproj/argo-cd/commit/35a7d6c7fa1534aceba763d6a68697f36c12e678
AF854A3A-2127-422B-91AE-364DA2661108https://github.com/argoproj/argo-cd/commit/4e2fe302c3352a0012ecbe7f03476b0e07f7fc6c
AF854A3A-2127-422B-91AE-364DA2661108https://github.com/argoproj/argo-cd/commit/53570cbd143bced49d4376d6e31bd9c7bd2659ff
AF854A3A-2127-422B-91AE-364DA2661108https://github.com/argoproj/argo-cd/commit/6ef7b62a0f67e74b4aac2aee31c98ae49dd95d12
AF854A3A-2127-422B-91AE-364DA2661108https://github.com/argoproj/argo-cd/commit/9552034a80070a93a161bfa330359585f3b85f07
AF854A3A-2127-422B-91AE-364DA2661108https://github.com/argoproj/argo-cd/commit/bdd889d43969ba738ddd15e1f674d27964048994
AF854A3A-2127-422B-91AE-364DA2661108https://github.com/argoproj/argo-cd/commit/f1a449e83ee73f8f14d441563b6a31b504f8d8b0
AF854A3A-2127-422B-91AE-364DA2661108https://github.com/argoproj/argo-cd/security/advisories/GHSA-9766-5277-j5hr
[email protected]https://github.com/argoproj/argo-cd/commit/2de0ceade243039c120c28374016c04ff9590d1d
[email protected]https://github.com/argoproj/argo-cd/commit/35a7d6c7fa1534aceba763d6a68697f36c12e678
[email protected]https://github.com/argoproj/argo-cd/commit/4e2fe302c3352a0012ecbe7f03476b0e07f7fc6c
[email protected]https://github.com/argoproj/argo-cd/commit/53570cbd143bced49d4376d6e31bd9c7bd2659ff
[email protected]https://github.com/argoproj/argo-cd/commit/6ef7b62a0f67e74b4aac2aee31c98ae49dd95d12
[email protected]https://github.com/argoproj/argo-cd/commit/9552034a80070a93a161bfa330359585f3b85f07
[email protected]https://github.com/argoproj/argo-cd/commit/bdd889d43969ba738ddd15e1f674d27964048994
[email protected]https://github.com/argoproj/argo-cd/commit/f1a449e83ee73f8f14d441563b6a31b504f8d8b0
[email protected]https://github.com/argoproj/argo-cd/security/advisories/GHSA-9766-5277-j5hr
GITHUBhttps://github.com/argoproj/argo-cd/security/advisories/GHSA-9766-5277-j5hr

CWE Details

CWE IDCWE NameDescription
CWE-327Use of a Broken or Risky Cryptographic AlgorithmThe use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence