Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
linuxfoundation argo continuous delivery vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2022-29165
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2.3.4 which would allow unauthenticated users to impersonate as any Argo CD user ...
Linuxfoundation Argo-cd
6.8
CVSSv2
CVE-2022-31034
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently rando...
Linuxfoundation Argo-cd 2.3.4
Linuxfoundation Argo-cd 2.4.0
Linuxfoundation Argo-cd 2.2.9
Linuxfoundation Argo-cd
6.5
CVSSv2
CVE-2022-24768
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All unpatched versions of Argo CD starting with 1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level. Versions starting w...
Linuxfoundation Argo-cd
6.5
CVSSv2
CVE-2020-8828
As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or logs, this issue could be abused for privilege escalation, as Argo has privileged roles. A malicious insider is the most realistic threat, but pod names are n...
Linuxfoundation Argo Continuous Delivery
5.1
CVSSv2
CVE-2022-31105
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.4.0 and before 2.2.11, 2.3.6, and 2.4.5 is vulnerable to an improper certificate validation bug which could cause Argo CD to trust a malicious (or otherwise untrustworthy) Op...
Linuxfoundation Argo-cd
5
CVSSv2
CVE-2021-26921
In util/session/sessionmanager.go in Argo CD prior to 1.8.4, tokens continue to work even when the user account is disabled.
Linuxfoundation Argo Continuous Delivery
5
CVSSv2
CVE-2020-8826
As of v1.5.0, the Argo web interface authentication system issued immutable tokens. Authentication tokens, once issued, were usable forever without expiration—there was no refresh or forced re-authentication.
Linuxfoundation Argo Continuous Delivery
5
CVSSv2
CVE-2020-8827
As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence.
Linuxfoundation Argo Continuous Delivery
5
CVSSv2
CVE-2020-11576
Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed malicious users to determine the usernames of valid (non-SSO) accounts because /api/v1/session returned 401 for an existing username and 404 otherwise.
Linuxfoundation Argo Continuous Delivery 1.5.0
4.3
CVSSv2
CVE-2022-31102
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with 2.3.0 and before 2.3.6 and 2.4.5 is vulnerable to a cross-site scripting (XSS) bug which could allow an malicious user to inject arbitrary JavaScript in the `/auth/callback` page in a ...
Linuxfoundation Argo-cd
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »