8.3

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2024-13484

GHSA ID

GHSA-58fx-7v9q-3g56

EPSS Score

0.1112%

CWE

CWE-668

Published

1/28/2025

Updated

3/14/2025

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-13484

CVE-2024-13484: OpenShift GitOps Operator Namespace Isolation Break

A flaw was found in openshift-gitops-operator-container. The openshift.io/cluster-monitoring label is applied to all namespaces that deploy an ArgoCD CR instance, allowing the namespace to create a rogue PrometheusRule. This issue can have adverse effects on the platform monitoring stack, as the rule is rolled out cluster-wide when the label is applied.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2024-13484

CVE-2024-13484:

8.3

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2024-13484

GHSA ID

GHSA-58fx-7v9q-3g56

EPSS Score

0.1112%

CWE

CWE-668

Published

1/28/2025

Updated

3/14/2025

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/redhat-developer/gitops-operator	go	<= 1.15.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from automatic application of the 'openshift.io/cluster-monitoring' label to namespaces with ArgoCD CRs. In Kubernetes operator patterns:

The main Reconcile loop handles CR state management
Namespace labeling would occur during reconciliation
The CWE-668 mapping confirms this is a resource exposure issue While exact code isn't available, the operator's CR handling logic (ArgoCDReconciler) and any label-application helpers are the most probable locations based on:

Vulnerability description of automatic label propagation
Operator architecture conventions
Impact pattern matching reconciliation workflows

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

8.3

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2024-13484: OpenShift GitOps Operator Namespace Isolation Break

CVE-2024-13484:

8.3

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

8.3

8.3

CVE-2024-13484: OpenShift GitOps Operator Namespace Isolation Break

Technical Details

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI