CVE-2024-21652: Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss

March 18, 2024

An attacker can exploit a chain of vulnerabilities, including a Denial of Service (DoS) flaw and in-memory data storage weakness, to effectively bypass the application’s brute force login protection. This makes the application susceptible to brute force attacks, compromising the security of all user accounts.

References

github.com/advisories/GHSA-x32m-mvfj-52xv
github.com/argoproj/argo-cd
github.com/argoproj/argo-cd/security/advisories/GHSA-x32m-mvfj-52xv
nvd.nist.gov/vuln/detail/CVE-2024-21652

Detect and mitigate CVE-2024-21652 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →