nuclei-templates/http/cves/2024/CVE-2024-37152.yaml at 5dcf0a6f2d6d2256495722d77a1525b937d12a40 · n3integration/nuclei-templates · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
id: CVE-2024-37152

info:
  name: Argo CD Unauthenticated Access to sensitive setting
  author: DhiyaneshDk
  severity: medium
  description: |
    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern.
  impact: |
    Unauthenticated attackers can access sensitive password patterns and application settings exposed by the /api/v1/settings endpoint.
  remediation: |
    Update Argo CD to a version that patches CVE-2024-37152.
  reference:
    - https://github.com/argoproj/argo-cd/security/advisories/GHSA-87p9-x75h-p4j2
    - https://nvd.nist.gov/vuln/detail/CVE-2024-37152
  classification:
    cve-id: CVE-2024-37152
    cwe-id: CWE-306
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    epss-score: 0.74253
    epss-percentile: 0.98815
    cpe: cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: argoproj
    product: argo_cd
    shodan-query: html:"Argo CD"
  tags: cve,cve2024,argo-cd,info-leak,vuln

http:
  - raw:
      - |
        GET /api/v1/settings HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"passwordPattern":'
          - '"appLabelKey":'
        condition: and

      - type: word
        part: content_type
        words:
          - 'application/json'

      - type: status
        status:
          - 200