Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
linuxfoundation argo-cd vulnerabilities and exploits
(subscribe to this query)
8.3
CVSSv3
CVE-2024-22424
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 are vulnerable to a cross-server request forgery (CSRF) attack when the attacker has the ability to write HTML to a page on the same pare...
Linuxfoundation Argo-cd
Linuxfoundation Argo-cd 2.10.0
4.3
CVSSv3
CVE-2023-40026
Argo CD is a declarative continuous deployment framework for Kubernetes. In Argo CD versions prior to 2.3 (starting at least in v0.1.0, but likely in any version using Helm prior to 2.3), using a specifically-crafted Helm file could reference external Helm charts handled by the s...
Linuxfoundation Argo-cd
6.5
CVSSv3
CVE-2023-40584
Argo CD is a declarative continuous deployment for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, the said component extracts a user-controlled tar.gz file w...
Linuxfoundation Argo Continuous Delivery
9.6
CVSSv3
CVE-2023-40029
Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored in`kubectl.kubernetes.io/last-applied-configuration` annotation. pull request #7139 int...
Linuxfoundation Argo Continuous Delivery
7.1
CVSSv3
CVE-2023-40025
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting from version 2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The...
Linuxfoundation Argo-cd 2.8.0
Linuxfoundation Argo-cd 2.7.11
Linuxfoundation Argo-cd
4.3
CVSSv3
CVE-2022-41354
An access control issue in Argo CD v2.4.12 and below allows unauthenticated malicious users to enumerate existing applications.
Linuxfoundation Argo-cd
8.5
CVSSv3
CVE-2023-23947
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All Argo CD versions starting with 2.3.0-rc1 and before 2.3.17, 2.4.23 2.5.11, and 2.6.2 are vulnerable to an improper authorization bug which allows users who have the ability to update at least one cluste...
Linuxfoundation Argo-cd
6.5
CVSSv3
CVE-2023-25163
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v2.6.0-rc1 have an output sanitization bug which leaks repository access credentials in error messages. These error messages are visible to the user, and they are logge...
Linuxfoundation Argo Continuous Delivery 2.6.0
8.8
CVSSv3
CVE-2023-22482
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions of Argo CD starting with v1.8.2 and before 2.3.13, 2.4.19, 2.5.6, and 2.6.0-rc-3 are vulnerable to an improper authorization bug causing the API to accept certain invalid tokens. OIDC providers inc...
Linuxfoundation Argo-cd 2.6.0
Linuxfoundation Argo-cd
8.5
CVSSv3
CVE-2023-22736
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions starting with 2.5.0-rc1 and above, before 2.5.8, and version 2.6.0-rc4, are vulnerable to an authorization bypass bug which allows a malicious Argo CD user to deploy Applications outside the config...
Linuxfoundation Argo-cd 2.6.0
Linuxfoundation Argo-cd
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »