QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2024-13484

Back to search

CVE-2024-13484

Published: Jan 28, 2025

Modified: Feb 25, 2026

PUBLISHED

CVSS v3.1

8.2

HIGH

Description

A flaw was found in openshift-gitops-operator-container. The openshift.io/cluster-monitoring label is applied to all namespaces that deploy an ArgoCD CR instance, allowing the namespace to create a rogue PrometheusRule. This issue can have adverse effects on the platform monitoring stack, as the rule is rolled out cluster-wide when the label is applied.

VendorProductVersions

Unknown

gitops-operator

affected
0 - < 1.13

Red Hat

Red Hat OpenShift GitOps 1.14

unaffected
v1.14.4-1 - < *

Red Hat

Red Hat OpenShift GitOps 1.14

unaffected
v1.14.4-1 - < *

Red Hat

Red Hat OpenShift GitOps 1.14

unaffected
v1.14.4-1 - < *

Red Hat

Red Hat OpenShift GitOps 1.14

unaffected
v1.14.4-1 - < *

Red Hat

Red Hat OpenShift GitOps 1.14

unaffected
v1.14.4-1 - < *

Red Hat

Red Hat OpenShift GitOps 1.14

unaffected
v1.14.4-1 - < *

Red Hat

Red Hat OpenShift GitOps 1.14

unaffected
v1.14.4-1 - < *

Red Hat

Red Hat OpenShift GitOps 1.14

unaffected
v1.14.4-1 - < *

Red Hat

Red Hat OpenShift GitOps 1.14

unaffected
v1.14.4-1 - < *

Red Hat

Red Hat OpenShift GitOps 1.14

unaffected
v1.14.4-1 - < *

Red Hat

Red Hat OpenShift GitOps 1.15

unaffected
v1.15.2-4 - < *

Red Hat

Red Hat OpenShift GitOps 1.15

unaffected
v1.15.2-4 - < *

Red Hat

Red Hat OpenShift GitOps 1.15

unaffected
v1.15.2-1 - < *

Red Hat

Red Hat OpenShift GitOps 1.15

unaffected
v1.15.2-4 - < *

Red Hat

Red Hat OpenShift GitOps 1.15

unaffected
v1.15.2-4 - < *

Red Hat

Red Hat OpenShift GitOps 1.15

unaffected
v1.15.2-4 - < *

Red Hat

Red Hat OpenShift GitOps 1.15

unaffected
v1.15.2-4 - < *

Red Hat

Red Hat OpenShift GitOps 1.15

unaffected
v1.15.2-4 - < *

Red Hat

Red Hat OpenShift GitOps 1.15

unaffected
v1.15.2-4 - < *

Red Hat

Red Hat OpenShift GitOps 1.15

unaffected
v1.15.2-4 - < *

Red Hat

Red Hat OpenShift GitOps 1.16

unaffected
sha256:4c56abf35c11af85501a8c4a2ec30b1f1efd28eee8af6d62e417846a40cde72e - < *

Weaknesses (CWE)

CWE-668

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

References

RHSA-2025:7753
vendor-advisory
x_refsource_REDHAT
RHSA-2025:8274
vendor-advisory
x_refsource_REDHAT
RHSA-2025:9506
vendor-advisory
x_refsource_REDHAT
RHBZ#2269376
issue-tracking
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now