Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
linuxfoundation argo-cd vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2022-31016
Argo CD is a declarative continuous deployment for Kubernetes. Argo CD versions v0.7.0 and later are vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service, resulting in a Denial of Service. The attacker must b...
Linuxfoundation Argo-cd
4
CVSSv2
CVE-2022-24904
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.7.0 and prior to versions 2.1.15m 2.2.9, and 2.3.4 is vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive files fro...
Linuxfoundation Argo-cd
4
CVSSv2
CVE-2022-24730
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.3.0 but prior to 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal bug, compounded by an improper access control bug, allowing a malicious user with read-only reposi...
Linuxfoundation Argo-cd
Linuxfoundation Argo-cd 2.3.0
4
CVSSv2
CVE-2022-24731
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.5.0 but prior to 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal vulnerability, allowing a malicious user with read/write access to leak sensitive files from Argo ...
Linuxfoundation Argo-cd
Linuxfoundation Argo-cd 2.3.0
4
CVSSv2
CVE-2021-3557
A flaw was found in argocd. Any unprivileged user is able to deploy argocd in their namespace and with the created ServiceAccount argocd-argocd-server, the unprivileged user is able to read all resources of the cluster including all secrets which might enable privilege escalation...
Linuxfoundation Argo-cd
Redhat Openshift Gitops 1.1
4
CVSSv2
CVE-2022-24348
Argo CD prior to 2.1.9 and 2.2.x prior to 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file.
Linuxfoundation Argo-cd
3.5
CVSSv2
CVE-2022-31035
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a `javascript:` link in the UI. When clicked by a victim user, the script ...
Linuxfoundation Argo-cd 2.3.4
Linuxfoundation Argo-cd 2.4.0
Linuxfoundation Argo-cd 2.2.9
Linuxfoundation Argo-cd
3.5
CVSSv2
CVE-2021-23347
The package github.com/argoproj/argo-cd/cmd prior to 1.7.13, from 1.8.0 and prior to 1.8.6 are vulnerable to Cross-site Scripting (XSS) the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user.
Linuxfoundation Argo Continuous Delivery
2.6
CVSSv2
CVE-2022-24905
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was found in Argo CD prior to versions 2.3.4, 2.2.9, and 2.1.15 that allows an malicious user to spoof error messages on the login screen when single sign on (SSO) is enabled. In order to ex...
Linuxfoundation Argo-cd
2.1
CVSSv2
CVE-2021-23135
Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows malicious user to cause leaked secret data into web UI error messages and logs. This issue affects Argo CD 1.8 versions before 1.8.7; 1.7 versions before 1.7.14.
Linuxfoundation Argo Continuous Delivery
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36920
buffer overflow
CVE-2024-36913
CVE-2024-5497
CVE-2024-23917
CVE-2024-4956
server-side request forgery
CVE-2024-35468
SSTI
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »