{"vulnerability": "CVE-2024-13484", "sightings": [{"uuid": "98255d48-5e8e-4d04-83d5-fbae7d00db4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13484", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgt2rpizkh2c", "content": "", "creation_timestamp": "2025-01-28T18:16:00.615799Z"}, {"uuid": "311f69be-8f0b-4ae8-849a-444646fa6277", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13484", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113907945349376508", "content": "", "creation_timestamp": "2025-01-28T20:49:39.646297Z"}, {"uuid": "816f9201-da9e-4a9d-b72a-32e9604f7fca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13484", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113907275874599319", "content": "", "creation_timestamp": "2025-01-28T17:58:16.228789Z"}, {"uuid": "59072da5-8808-4a32-b961-4849b91bf2de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13484", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3284", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13484\n\ud83d\udd25 CVSS Score: 8.3 (CVSS_V3)\n\ud83d\udd39 Description: A flaw was found in ArgoCD. The openshift.io/cluster-monitoring label is applied to all namespaces that deploy an ArgoCD CR instance, allowing the namespace to create a rogue PrometheusRule. This issue can have adverse effects on the platform monitoring stack, as the rule is rolled out cluster-wide when the label is applied.\n\ud83d\udccf Published: 2025-01-28T18:31:28Z\n\ud83d\udccf Modified: 2025-01-28T20:40:01Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13484\n2. https://access.redhat.com/security/cve/CVE-2024-13484\n3. https://bugzilla.redhat.com/show_bug.cgi?id=2269376\n4. https://github.com/argoproj/argo-cd", "creation_timestamp": "2025-01-28T21:09:42.000000Z"}, {"uuid": "3d968787-10ec-4232-92aa-1ec0d5b774f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13484", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16508", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13484\n\ud83d\udd25 CVSS Score: 8.2 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: A flaw was found in openshift-gitops-operator-container. The openshift.io/cluster-monitoring label is applied to all namespaces that deploy an ArgoCD CR instance, allowing the namespace to create a rogue PrometheusRule. This issue can have adverse effects on the platform monitoring stack, as the rule is rolled out cluster-wide when the label is applied.\n\ud83d\udccf Published: 2025-01-28T17:54:28.701Z\n\ud83d\udccf Modified: 2025-05-15T14:26:51.752Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/security/cve/CVE-2024-13484\n2. https://bugzilla.redhat.com/show_bug.cgi?id=2269376", "creation_timestamp": "2025-05-15T14:35:06.000000Z"}, {"uuid": "59ce2e4d-2827-42b7-8b2d-5535a594abc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13484", "type": "seen", "source": "https://t.me/cvedetector/16626", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13484 - ArgoCD Cluster-Wide PrometheusRule Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13484 \nPublished : Jan. 28, 2025, 6:15 p.m. | 1\u00a0hour, 19\u00a0minutes ago \nDescription : A flaw was found in ArgoCD. The openshift.io/cluster-monitoring label is applied to all namespaces that deploy an ArgoCD CR instance, allowing the namespace to create a rogue PrometheusRule. This issue can have adverse effects on the platform monitoring stack, as the rule is rolled out cluster-wide when the label is applied. \nSeverity: 8.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-28T21:17:56.000000Z"}]}