CVE-2024-21661

Summary

CVE-2024-21661 is a critical Denial of Service (DoS) vulnerability affecting Argo CD, a popular Kubernetes continuous delivery tool, prior to versions 2.8.13, 2.9.9, and 2.10.4. The issue arises due to an unsafe manipulation of an array in a multi-threaded environment, leading to application crashes and rendering the service inoperable for all users. This vulnerability is significant as it does not require authentication, expanding the potential attacker pool. Two threads interacting with the same array concurrently within Argo CD's codebase cause the application to crash, leading to a continuous DoS attack, preventing legitimate users from accessing the service. Versions 2.8.13, 2.9.9, and 2.10.4 include patches to address this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.