7 matches found
EUVD-2022-2791
Malicious code in bioql PyPI...
CVE-2025-55190
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive repository credentials usernames, passwor...
GHSA-3CQF-953P-H5CP Argo-cd authenticated users can enumerate clusters by name
Impact It’s possible for authenticated users to enumerate clusters by name by inspecting error messages: $ curl -k 'https://localhost:8080/api/v1/clusters/in-cluster?id.type=name' -H "Authorization: Bearer $token" "error":"permission denied: clusters, get, , sub: alice, iat:...
PT-2024-2499 · Argo Cd · Argo Cd
Name of the Vulnerable Software and Affected Versions: Argo CD versions 2.4 through 2.10.2 Argo CD versions 2.4 through 2.9.7 Argo CD versions 2.4 through 2.8.11 Description: The issue is related to the loadRepoIndex function in Argo CD's helm package, which does not limit the size or time while...
Argo CD 安全漏洞
Argo CD is a software application. A declarative GitOps continuous delivery tool for Kubernetes. It continuously monitors running applications and compares the current live state with the desired target state e.g. configuration in the Git repository, automatically synchronizing and deploying...
PT-2022-20529 · Argo Cd · Argo Cd
Name of the Vulnerable Software and Affected Versions: Argo CD versions 2.3.0 through 2.3.5 Argo CD versions 2.4.0 through 2.4.4 Description: The issue is a cross-site scripting XSS bug that could allow an attacker to inject arbitrary JavaScript in the "/auth/callback" page in a victim's browser...
CVE-2022-31036 Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.3.0 are vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A malicious Argo CD user...