Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
linuxfoundation argo-cd vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2022-24768
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All unpatched versions of Argo CD starting with 1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level. Versions starting w...
Linuxfoundation Argo-cd
4
CVSSv2
CVE-2022-24904
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.7.0 and prior to versions 2.1.15m 2.2.9, and 2.3.4 is vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive files fro...
Linuxfoundation Argo-cd
NA
CVE-2023-23947
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All Argo CD versions starting with 2.3.0-rc1 and before 2.3.17, 2.4.23 2.5.11, and 2.6.2 are vulnerable to an improper authorization bug which allows users who have the ability to update at least one cluste...
Linuxfoundation Argo-cd
4
CVSSv2
CVE-2021-3557
A flaw was found in argocd. Any unprivileged user is able to deploy argocd in their namespace and with the created ServiceAccount argocd-argocd-server, the unprivileged user is able to read all resources of the cluster including all secrets which might enable privilege escalation...
Linuxfoundation Argo-cd
Redhat Openshift Gitops 1.1
3.5
CVSSv2
CVE-2021-23347
The package github.com/argoproj/argo-cd/cmd prior to 1.7.13, from 1.8.0 and prior to 1.8.6 are vulnerable to Cross-site Scripting (XSS) the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user.
Linuxfoundation Argo Continuous Delivery
2.1
CVSSv2
CVE-2021-23135
Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows malicious user to cause leaked secret data into web UI error messages and logs. This issue affects Argo CD 1.8 versions before 1.8.7; 1.7 versions before 1.7.14.
Linuxfoundation Argo Continuous Delivery
5
CVSSv2
CVE-2021-26921
In util/session/sessionmanager.go in Argo CD prior to 1.8.4, tokens continue to work even when the user account is disabled.
Linuxfoundation Argo Continuous Delivery
NA
CVE-2023-25163
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v2.6.0-rc1 have an output sanitization bug which leaks repository access credentials in error messages. These error messages are visible to the user, and they are logge...
Linuxfoundation Argo Continuous Delivery 2.6.0
NA
CVE-2023-40029
Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored in`kubectl.kubernetes.io/last-applied-configuration` annotation. pull request #7139 int...
Linuxfoundation Argo Continuous Delivery
NA
CVE-2023-40584
Argo CD is a declarative continuous deployment for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, the said component extracts a user-controlled tar.gz file w...
Linuxfoundation Argo Continuous Delivery
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991
CVE-2024-32674
path traversal
CVE-2023-21987
denial of service
dos
CVE-2024-4647
CVE-2024-25519
CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3