6 matches found
CVE-2022-31034
creationtimestamp| type| source ---|---|--- 2022-06-27 22:34:56+00:00| seen| https://t.me/cibsecurity/45210...
CVE-2022-31034
CVE-2022-31034 affects Argo CD (GitOps tool for Kubernetes). All versions starting with v0.11.0 are vulnerable due to insufficiently random values in OAuth2/OIDC login parameters, using a non-cryptographically secure PRNG seeded with a predictable/time-based value, reducing entropy in login flows...
CVE-2022-31034 Insecure entropy in argo-cd
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in...
Important: Red Hat Security Advisory: Red Hat OpenShift GitOps security update
An update is now available for Red Hat OpenShift GitOps 1.3 on OpenShift 4.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Important: Red Hat Security Advisory: Red Hat OpenShift GitOps security update
An update is now available for Red Hat OpenShift GitOps 1.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...
CVE-2022-31034
Several Single sign-on SSO vulnerabilities were found in ArgoCD when the login process is initiated via CLI or UI interfaces. The vulnerabilities are related to using insufficiently random value parameters during the login process. This flaw gives the attacker elevated privileges, including the...