Lucene search
K

101 matches found

BDU FSTEC
BDU FSTEC
added 2024/08/01 12:0 a.m.5 views

The vulnerability of the web terminal of the declarative delivery tool for GitOps for Kubernetes Argo CD allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the web terminal of the GitOps continuous delivery tool for Kubernetes Argo CD is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

6.5CVSS5.5AI score0.00685EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2024/07/24 8:54 p.m.39 views

The Argo CD web terminal session does not handle the revocation of user permissions properly

Argo CD v2.11.3 and before, discovering that even if the user's p, role:myrole, exec, create, /, allow permissions are revoked, the user can still send any Websocket message, which allows the user to view sensitive information. Even though they shouldn't have such access. Description Argo CD has ...

7.1CVSS6.2AI score0.00685EPSS
Exploits2References8Affected Software1
OSV
OSV
added 2024/07/24 8:54 p.m.19 views

GHSA-V8WX-V5JQ-QHHW The Argo CD web terminal session does not handle the revocation of user permissions properly

Argo CD v2.11.3 and before, discovering that even if the user's p, role:myrole, exec, create, /, allow permissions are revoked, the user can still send any Websocket message, which allows the user to view sensitive information. Even though they shouldn't have such access. Description Argo CD has ...

5.1CVSS5.5AI score0.00685EPSS
Exploits2References8
Vulnrichment
Vulnrichment
added 2024/07/24 5:16 p.m.28 views

CVE-2024-41666 The Argo CD web terminal session does not handle the revocation of user permissions properly.

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD has a Web-based terminal that allows users to get a shell inside a running pod, just as they would with kubectl exec. Starting in version 2.6.0, when the administrator enables this function and grants permission to...

4.7CVSS4.7AI score0.00685EPSS
Exploits1References5
CVE
CVE
added 2024/07/24 5:16 p.m.327 views

CVE-2024-41666

Argo CD's Web-based terminal vulnerability allows a user with permissions p, role:myrole, exec, create, / , allow to continue operations in the container even after revoking that permission, as long as the terminal view stays open. The issue can persist beyond token expiration/revocation and is n...

6.5CVSS4.6AI score0.00685EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2024/07/24 5:16 p.m.54 views

CVE-2024-41666 The Argo CD web terminal session does not handle the revocation of user permissions properly.

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD has a Web-based terminal that allows users to get a shell inside a running pod, just as they would with kubectl exec. Starting in version 2.6.0, when the administrator enables this function and grants permission to...

4.7CVSS0.00685EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/07/18 12:0 a.m.3 views

PT-2024-5332 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions 2.6.0 through 2.11.6 Argo CD versions 2.7.0 through 2.10.15 Argo CD versions 2.8.0 through 2.9.20 Description: The issue is related to the Argo CD web terminal, which allows users to get a shell inside a running pod. When the...

6.5CVSS6.8AI score0.00685EPSS
Exploits1References17
OSV
OSV
added 2024/03/06 11:15 a.m.24 views

BIT-GITLAB-2022-1944

When the feature is configured, improper authorization in the Interactive Web Terminal in GitLab CE/EE affecting all versions from 11.3 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows users with the Developer role to open terminals on other Developers' running jobs...

7.1CVSS6.6AI score0.00523EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/10/27 9:15 p.m.2 views

CVE-2023-35794

An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint spawned console can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication to the SSH console...

8.8CVSS5.5AI score0.00942EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/10/27 12:0 a.m.3 views

Cassia Networks Access Controller Security Vulnerability

Cassia Networks Access Controller is an application from Cassia Networks, Inc. provides a powerful IoT network management solution. A security vulnerability exists in Cassia Access Controller version 2.1.1.2303271039 that originates from accessing a Web SSH terminal endpoint without authenticatio...

8.8CVSS6.8AI score0.00942EPSS
Exploits1References3
Hacker One
Hacker One
added 2023/08/25 5:24 a.m.39 views

Internet Bug Bounty: Argocd's web terminal session doesn't expire

A vulnerability was discovered in all versions of Argo CD starting from v2.6.0, where open web terminal sessions did not expire. This allowed users to send websocket messages even after their session token had expired, potentially exposing sensitive information. The issue has been patched in...

6.8AI score
Exploits0
Veracode
Veracode
added 2023/08/25 2:28 a.m.28 views

Insufficient Session Expiration

github.com/argoproj/argo-cd is vulnerable to Insufficient Session Expiration. The vulnerability exists because web terminal sessions in the library do not expire, which allows an attacker to send a websocket messages even if the token has already expired, leading to sensitive information...

7.1CVSS6.4AI score0.00484EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2023/08/23 8:15 p.m.46 views

CVE-2023-40025

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting from version 2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The most...

7.1CVSS5.2AI score0.00484EPSS
Exploits1References2
Prion
Prion
added 2023/08/23 8:15 p.m.17 views

Design/Logic Flaw

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting from version 2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The most...

5.5CVSS6.7AI score0.00484EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/08/23 7:12 p.m.54 views

CVE-2023-40025 Argo CD web terminal session doesn't expire

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting from version 2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The most...

4.7CVSS7AI score0.00484EPSS
Exploits1References2
CVE
CVE
added 2023/08/23 7:12 p.m.80 views

CVE-2023-40025

CVE-2023-40025 affects Argo CD where open web terminal sessions do not expire, allowing WebSocket messages after token expiry and potential viewing of sensitive information. Technical details across connected documents confirm the issue is tied to the web terminal feature, with remediation delive...

7.1CVSS5.6AI score0.00484EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2023/08/23 5:50 p.m.36 views

Argo CD web terminal session doesn't expire

Impact All versions of Argo CD starting from v2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The most straightforward scenario is when a user opens the terminal view and leaves it open fo...

7.1CVSS6.4AI score0.00484EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/08/23 5:50 p.m.32 views

GHSA-C8XW-VJGF-94HR Argo CD web terminal session doesn't expire

Impact All versions of Argo CD starting from v2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The most straightforward scenario is when a user opens the terminal view and leaves it open fo...

7.1CVSS5.5AI score0.00484EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/08/23 12:0 a.m.3 views

PT-2023-27219 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions 2.6.0 through 2.6.13 Argo CD versions 2.7.0 through 2.7.11 Argo CD versions 2.8.0 Description: Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The issue arises from open web terminal sessions not...

7.1CVSS9.6AI score0.00484EPSS
Exploits1References8
Veracode
Veracode
added 2023/08/07 12:12 a.m.29 views

Server-Side Request Forgery (SSRF)

gitlab is vulnerable to Server-Side Request Forgery SSRF. The vulnerability exists in web terminal advertiseaddress which allows an attacker to connect to local addresses when configuring a malicious GitLab Runner...

5.3CVSS6.3AI score0.00546EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder