Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
linuxfoundation argo-cd vulnerabilities and exploits
(subscribe to this query)
828
VMScore
CVE-2022-29165
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2.3.4 which would allow unauthenticated users to impersonate as any Argo CD user ...
Linuxfoundation Argo-cd
801
VMScore
CVE-2022-1025
All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level.
Linuxfoundation Argo-cd
605
VMScore
CVE-2022-31034
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently rando...
Linuxfoundation Argo-cd 2.3.4
Linuxfoundation Argo-cd 2.4.0
Linuxfoundation Argo-cd 2.2.9
Linuxfoundation Argo-cd
578
VMScore
CVE-2022-24768
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All unpatched versions of Argo CD starting with 1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level. Versions starting w...
Linuxfoundation Argo-cd
454
VMScore
CVE-2022-31105
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.4.0 and before 2.2.11, 2.3.6, and 2.4.5 is vulnerable to an improper certificate validation bug which could cause Argo CD to trust a malicious (or otherwise untrustworthy) Op...
Linuxfoundation Argo-cd
445
VMScore
CVE-2021-26923
An issue exists in Argo CD prior to 1.8.4. Accessing the endpoint /api/version leaks internal information for the system, and this endpoint is not protected with authentication.
Linuxfoundation Argo-cd
445
VMScore
CVE-2021-26921
In util/session/sessionmanager.go in Argo CD prior to 1.8.4, tokens continue to work even when the user account is disabled.
Linuxfoundation Argo Continuous Delivery
383
VMScore
CVE-2022-31102
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with 2.3.0 and before 2.3.6 and 2.4.5 is vulnerable to a cross-site scripting (XSS) bug which could allow an malicious user to inject arbitrary JavaScript in the `/auth/callback` page in a ...
Linuxfoundation Argo-cd
383
VMScore
CVE-2021-26924
An issue exists in Argo CD prior to 1.8.4. Browser XSS protection is not activated due to the missing XSS protection header.
Linuxfoundation Argo-cd
357
VMScore
CVE-2022-24348
Argo CD prior to 2.1.9 and 2.2.x prior to 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file.
Linuxfoundation Argo-cd
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »