Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
linuxfoundation argo-cd vulnerabilities and exploits
(subscribe to this query)
801
VMScore
CVE-2022-1025
All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level.
Linuxfoundation Argo-cd
NA
CVE-2023-40026
Argo CD is a declarative continuous deployment framework for Kubernetes. In Argo CD versions prior to 2.3 (starting at least in v0.1.0, but likely in any version using Helm prior to 2.3), using a specifically-crafted Helm file could reference external Helm charts handled by the s...
Linuxfoundation Argo-cd
356
VMScore
CVE-2022-24904
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.7.0 and prior to versions 2.1.15m 2.2.9, and 2.3.4 is vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive files fro...
Linuxfoundation Argo-cd
231
VMScore
CVE-2022-24905
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was found in Argo CD prior to versions 2.3.4, 2.2.9, and 2.1.15 that allows an malicious user to spoof error messages on the login screen when single sign on (SSO) is enabled. In order to ex...
Linuxfoundation Argo-cd
445
VMScore
CVE-2021-26923
An issue exists in Argo CD prior to 1.8.4. Accessing the endpoint /api/version leaks internal information for the system, and this endpoint is not protected with authentication.
Linuxfoundation Argo-cd
383
VMScore
CVE-2021-26924
An issue exists in Argo CD prior to 1.8.4. Browser XSS protection is not activated due to the missing XSS protection header.
Linuxfoundation Argo-cd
356
VMScore
CVE-2022-31016
Argo CD is a declarative continuous deployment for Kubernetes. Argo CD versions v0.7.0 and later are vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service, resulting in a Denial of Service. The attacker must b...
Linuxfoundation Argo-cd
NA
CVE-2022-41354
An access control issue in Argo CD v2.4.12 and below allows unauthenticated malicious users to enumerate existing applications.
Linuxfoundation Argo-cd
383
VMScore
CVE-2022-31102
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with 2.3.0 and before 2.3.6 and 2.4.5 is vulnerable to a cross-site scripting (XSS) bug which could allow an malicious user to inject arbitrary JavaScript in the `/auth/callback` page in a ...
Linuxfoundation Argo-cd
454
VMScore
CVE-2022-31105
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.4.0 and before 2.2.11, 2.3.6, and 2.4.5 is vulnerable to an improper certificate validation bug which could cause Argo CD to trust a malicious (or otherwise untrustworthy) Op...
Linuxfoundation Argo-cd
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »