Lucene search
K

7 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-2791

Malicious code in bioql PyPI...

4.3CVSS4.7AI score0.01051EPSS
Exploits0References13
NVD
NVD
added 2025/09/04 11:15 p.m.8 views

CVE-2025-55190

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive repository credentials usernames, passwor...

9.9CVSS0.04518EPSS
Exploits1References2
OSV
OSV
added 2024/06/06 7:4 p.m.20 views

GHSA-3CQF-953P-H5CP Argo-cd authenticated users can enumerate clusters by name

Impact It’s possible for authenticated users to enumerate clusters by name by inspecting error messages: $ curl -k 'https://localhost:8080/api/v1/clusters/in-cluster?id.type=name' -H "Authorization: Bearer $token" "error":"permission denied: clusters, get, , sub: alice, iat:...

4.3CVSS4.3AI score0.00408EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/03/29 12:0 a.m.3 views

PT-2024-2499 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions 2.4 through 2.10.2 Argo CD versions 2.4 through 2.9.7 Argo CD versions 2.4 through 2.8.11 Description: The issue is related to the loadRepoIndex function in Argo CD's helm package, which does not limit the size or time while...

6.8CVSS9.4AI score0.00972EPSS
Exploits0References15
CNNVD
CNNVD
added 2024/03/29 12:0 a.m.5 views

Argo CD 安全漏洞

Argo CD is a software application. A declarative GitOps continuous delivery tool for Kubernetes. It continuously monitors running applications and compares the current live state with the desired target state e.g. configuration in the Git repository, automatically synchronizing and deploying...

6.5CVSS6.7AI score0.00972EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/07/12 12:0 a.m.4 views

PT-2022-20529 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions 2.3.0 through 2.3.5 Argo CD versions 2.4.0 through 2.4.4 Description: The issue is a cross-site scripting XSS bug that could allow an attacker to inject arbitrary JavaScript in the "/auth/callback" page in a victim's browser...

6.1CVSS5.8AI score0.005EPSS
Exploits0References10
Cvelist
Cvelist
added 2022/06/27 7:15 p.m.30 views

CVE-2022-31036 Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.3.0 are vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A malicious Argo CD user...

4.3CVSS4.6AI score0.00821EPSS
Exploits0References2
Rows per page
Query Builder