How severe is CVE-2024-21652?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2024-21652?

This is classified as CWE-307, which is a common weakness in software security.

CVE-2024-21652 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a chain of vulnerabilities, including a Denial of Service (DoS) flaw and in-memory data storage weakness, to effectively bypass the application's brute force login protection. This is a critical security vulnerability that allows attackers to bypass the brute force login protection mechanism. Not only can they crash the service affecting all users, but they can also make unlimited login attempts, increasing the risk of account compromise. Versions 2.8.13, 2.9.9, and 2.10.4 contain a patch for this issue.

Related Vulnerabilities

CVE-1999-1324

CRITICAL

CVSS:9.8(Critical)

VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which ma...

CWE-3071999

CVE-2001-0395

CRITICAL

CVSS:9.8(Critical)

Lightwave ConsoleServer 3200 does not disconnect users after unsuccessful login attempts, which could allow remote attackers to conduct brute force password guessing.

CWE-3072001

CVE-2001-1291

CRITICAL

CVSS:9.8(Critical)

The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the serv...

CWE-3072001

CVE-2001-1339

CRITICAL

CVSS:9.8(Critical)

Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect users from the service when bad passwords are entered, which makes it easier for remote attackers to conduct brute force password gue...

CWE-3072001

CVE-2013-4441

CRITICAL

CVSS:9.8(Critical)

The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CWE-3072013

CVE-2016-9124

CRITICAL

CVSS:9.8(Critical)

Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown f...

CWE-3072016