{"vulnerability": "cve-2024-41666", "sightings": [{"uuid": "7e1010df-b235-4c8a-83cd-2326fdcb204e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41666", "type": "seen", "source": "https://t.me/cvedetector/1582", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41666 - \"Argo CD Web Terminal Persistent Authority Escalation\"\", \n  \"Content\": \"CVE ID : CVE-2024-41666 \nPublished : July 24, 2024, 6:15 p.m. | 26\u00a0minutes ago \nDescription : Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD has a Web-based terminal that allows users to get a shell inside a running pod, just as they would with kubectl exec. Starting in version 2.6.0, when the administrator enables this function and grants permission to the user `p, role:myrole, exec, create, */*, allow`, even if the user revokes this permission, the user can still perform operations in the container, as long as the user keeps the terminal view open for a long time. Although the token expiration and revocation of the user are fixed, however, the fix does not address the situation of revocation of only user `p, role:myrole, exec, create, */*, allow` permissions, which may still lead to the leakage of sensitive information. A patch for this vulnerability has been released in Argo CD versions 2.11.7, 2.10.16, and 2.9.21. \nSeverity: 4.7 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-24T20:49:54.000000Z"}, {"uuid": "b020aec4-62eb-4c46-808b-d0131d117f1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-41666", "type": "published-proof-of-concept", "source": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-v8wx-v5jq-qhhw", "content": "", "creation_timestamp": "2024-07-24T10:49:21.000000Z"}]}