Lucene search
K

8 matches found

NVD
NVD
added yesterday5 views

CVE-2026-45737

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From 3.2.0 until 3.2.12, 3.3.10, and 3.4.2, Argo CD ServerSideDiff can expose Kubernetes Secret values embedded in the kubectl.kubernetes.io/last-applied-configuration annotation because HideSecretDatatarget, live, ... does...

6.3CVSS0.00034EPSS
Exploits0References8
CVE
CVE
added yesterday16 views

CVE-2026-45737

Argo CD ServerSideDiff in versions 3.2.0–3.2.12, 3.3.10, and 3.4.2 can exposed Kubernetes Secret values embedded in the kubectl.kubernetes.io/last-applied-configuration annotation because HideSecretData(target, live, ...) does not fully sanitize ResourceDiff.TargetState and LiveState predicted li...

6.3CVSS6.1AI score0.00034EPSS
Exploits0References8
Snyk
Snyk
added 2026/05/19 3:54 p.m.10 views

Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the HideSecretData function that fails to mask predictedLive argument for --server-side-diff command. An attacker can extract last-applied-configuration which may...

6.3CVSS5.8AI score0.00034EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/19 3:54 p.m.14 views

Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the HideSecretData function that fails to mask predictedLive argument for --server-side-diff command. An attacker can extract last-applied-configuration which may...

6.3CVSS5.8AI score0.00034EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/19 3:54 p.m.12 views

Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the HideSecretData function that fails to mask predictedLive argument for --server-side-diff command. An attacker can extract last-applied-configuration which may...

6.3CVSS5.8AI score0.00034EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/19 3:54 p.m.21 views

Argo CD: Kubernetes Secret Extraction via ArgoCD ServerSideDiff via sensitive annotations

Summary The original fix for GHSA-3v3m-wc6v-x4x3 is incomplete. argocd app diff --server-side-diff can still expose Kubernetes Secret values embedded in the kubectl.kubernetes.io/last-applied-configuration annotation. The prior fix masks top-level Secret data in ServerSideDiff responses, but it...

6.3CVSS5.8AI score0.00034EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/19 3:54 p.m.8 views

GHSA-RG3G-4RW9-GQRP Argo CD: Kubernetes Secret Extraction via ArgoCD ServerSideDiff via sensitive annotations

Summary The original fix for GHSA-3v3m-wc6v-x4x3 is incomplete. argocd app diff --server-side-diff can still expose Kubernetes Secret values embedded in the kubectl.kubernetes.io/last-applied-configuration annotation. The prior fix masks top-level Secret data in ServerSideDiff responses, but it...

6.3CVSS5.8AI score0.00034EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.17 views

PT-2026-41971

Name of the Vulnerable Software and Affected Versions Argo CD affected versions not specified Description An incomplete fix in the server-side diff functionality allows authenticated users to view sensitive Kubernetes Secret values. When using the argocd app diff --server-side-diff command, the...

6.3CVSS5.9AI score0.00034EPSS
Exploits0References161
Rows per page
Query Builder