Platform
go
Component
github.com/argoproj/argo-cd
Fixed in
2.6.1
2.10.1
2.11.1
2.9.21
CVE-2024-41666 describes a vulnerability in Argo CD, specifically concerning the handling of user permission revocation within the web terminal session. This flaw could allow an attacker to maintain access even after permissions have been revoked, leading to potential unauthorized actions. The vulnerability affects versions prior to 2.9.21, and a fix is available in version 2.9.21.
The core impact of CVE-2024-41666 lies in the potential for persistent unauthorized access. If a user's permissions are revoked within Argo CD, the web terminal session might not reflect this change immediately. An attacker who has already established a session could continue to operate with elevated privileges, potentially accessing sensitive data, modifying configurations, or executing malicious commands. The blast radius depends on the privileges the attacker maintains after the revocation failure; it could range from limited access to critical infrastructure if the user had broad administrative rights. While no immediate exploitation patterns are apparent, the lack of proper revocation handling creates a significant security risk.
CVE-2024-41666 was publicly disclosed on August 6, 2024. As of this writing, there are no publicly available proof-of-concept exploits. The vulnerability's severity is rated as medium, suggesting a moderate probability of exploitation. It is not currently listed on the CISA KEV catalog. Active campaigns targeting this vulnerability are not currently known.
Exploit Status
EPSS
0.10% (29% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-41666 is to upgrade Argo CD to version 2.9.21 or later. This version includes the necessary fix to ensure proper handling of user permission revocations. If an immediate upgrade is not feasible, consider implementing temporary workarounds such as regularly terminating user sessions and enforcing strict access controls. Monitoring Argo CD logs for unusual activity related to user authentication and authorization can also help detect potential exploitation attempts. After upgrading, confirm proper permission revocation by revoking a user's access and verifying that their web terminal session is immediately terminated.
Actualice Argo CD a la versión 2.11.7, 2.10.16 o 2.9.21, o superior. Estas versiones contienen la corrección para la vulnerabilidad de permisos en el terminal web. La actualización evitará que los usuarios mantengan privilegios revocados si mantienen la sesión del terminal abierta.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-41666 is a medium severity vulnerability in Argo CD versions before 2.9.21. It involves improper handling of user permission revocations in the web terminal, potentially allowing unauthorized access.
You are affected if you are running Argo CD versions prior to 2.9.21. Upgrade to the latest version to address this vulnerability.
Upgrade Argo CD to version 2.9.21 or later. This version includes the fix for the permission revocation issue.
As of now, there are no confirmed reports of active exploitation, but the vulnerability presents a potential risk.
Refer to the Argo CD release notes and security advisories on the Argo CD website for official information regarding CVE-2024-41666.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your go.mod file and we'll tell you instantly if you're affected.