Published: 27/06/2022 Updated: 07/07/2022

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a `javascript:` link in the UI. When clicked by a victim user, the script will execute with the victim's permissions (up to and including admin). The script would be capable of doing anything which is possible in the UI or via the API, such as creating, modifying, and deleting Kubernetes resources. A patch for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. There are no completely-safe workarounds besides upgrading.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linuxfoundation argo-cd 2.3.4
linuxfoundation argo-cd 2.4.0
linuxfoundation argo-cd 2.2.9
linuxfoundation argo-cd

Synopsis Important: Red Hat OpenShift GitOps security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift GitOps 15Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sever ...

Synopsis Important: Red Hat OpenShift GitOps security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift GitOps 14Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sever ...

Synopsis Important: Red Hat OpenShift GitOps security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift GitOps 13 on OpenShift 46Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives ...

Synopsis Important: Red Hat OpenShift GitOps security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift GitOps 13Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sever ...

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes All versions of Argo CD starting with v100 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a `javascript:` link in the UI When clicked by a victim user, the script will execute with the victim's permissions (up to and including admin) ...

CWE-79 https://argo-cd.readthedocs.io/en/stable/user-guide/external-url/https://github.com/argoproj/argo-cd/commit/8bc3ef690de29c68a36f473908774346a44d4038 https://github.com/argoproj/argo-cd/security/advisories/GHSA-h4w9-6x78-8vrj https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2022:5152 https://access.redhat.com/security/cve/cve-2022-31035

CVE-2022-31035

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect