CVE-2024-13484

HIGH Year: 2024
CVSS v3 Score
8.2
High
Weakness Type
CWE-668
View all →

Vulnerability Description

A flaw was found in openshift-gitops-operator-container. The openshift.io/cluster-monitoring label is applied to all namespaces that deploy an ArgoCD CR instance, allowing the namespace to create a rogue PrometheusRule. This issue can have adverse effects on the platform monitoring stack, as the rule is rolled out cluster-wide when the label is applied.

Related Vulnerabilities

CVE-2019-8308

HIGH
CVSS:8.2(High)

Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.

CWE-6682019

CVE-2024-35199

HIGH
CVSS:8.2(High)

TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. In affected versions the two gRPC ports 7070 and 7071, are not bound to [localhost](http://localhost...

CWE-6682024

CVE-2018-1840

HIGH
CVSS:8.1(High)

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileges on the system, caused when a security domain is configured to use a federated repository other th...

CWE-6682018

CVE-2019-16387

HIGH
CVSS:8.1(High)

PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/random_token/!STANDARD?pyActivity=Data-Admin-DB-Name.DBSchema_ListDatabases request while using a low-privilege account. (This can perform actio...

CWE-6682019

CVE-2020-25039

HIGH
CVSS:8.1(High)

Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution.

CWE-6682020

CVE-2020-5386

HIGH
CVSS:8.1(High)

Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. A remote unauthenticated attacker can access the list of DT (Directory Table) objects of all internally running ser...

CWE-6682020