Lucene search
K

21 matches found

RedhatCVE
RedhatCVE
added 2026/05/22 8:13 p.m.8 views

CVE-2026-43824

A flaw was found in Argo CD. The ServerSideDiff feature allows for the reading of cleartext Kubernetes Secret data. This vulnerability could lead to information disclosure, potentially exposing sensitive configuration details within the Kubernetes environment. Mitigation Mitigation for this issue...

9.6CVSS5.6AI score0.00225EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

Argo CD 信息泄露漏洞

Argo CD is an open-source tool developed by Argo for Kubernetes, designed for declarative GitOps continuous delivery. Versions of Argo CD prior to 3.2.11 and 3.3.0–3.3.9 contained a vulnerability related to information leakage. This vulnerability stemmed from a lack of authorization and data...

9.6CVSS5.8AI score0.00505EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/04/15 9:34 p.m.4 views

CVE-2026-6388 Argocd-image-updater: argocd image updater: cross-namespace privilege escalation via insufficient namespace validation

A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates ...

9.1CVSS5.7AI score0.00357EPSS
Exploits0References2
OSV
OSV
added 2026/01/30 4:11 p.m.3 views

CLEANSTART-2026-CZ81512 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes

Multiple security vulnerabilities affect the argo-cd package. Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. See references for individual vulnerability details...

9.8CVSS5.6AI score0.04518EPSS
Exploits3References18
Wolfi
Wolfi
added 2026/01/07 1:51 a.m.9 views

CVE-2025-47908 vulnerabilities

Vulnerabilities for packages: datadog-agent, grafana-mimir, rekor, cortex, prometheus-alertmanager, fulcio, timestamp-authority...

7.5CVSS6.8AI score0.00533EPSS
Exploits0
CNNVD
CNNVD
added 2025/12/15 12:0 a.m.3 views

Red Hat OpenShift GitOps 安全漏洞

Red Hat OpenShift GitOps is an automated deployment service from Red Hat USA. A security vulnerability exists in Red Hat OpenShift GitOps that stems from a namespace administrator being able to create an ArgoCD custom resource to gain privileges, potentially leading to full control of the cluster...

9.1CVSS6.7AI score0.0063EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-31758

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00549EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-26875

Malicious code in bioql PyPI...

9.9CVSS6.6AI score0.04518EPSS
Exploits1References2
CVE
CVE
added 2025/10/01 9:1 p.m.21 views

CVE-2025-59537

CVE-2025-59537 affects Argo CD. Affected: Argo CD server components in versions 1.2.0–1.8.7, 2.0.0-rc1–2.14.19, 3.0.0-rc1–3.2.0-rc1, 3.1.7, and 3.0.18. Description: receiving a Gogs push webhook with commits[].repo missing or null can crash the argocd-server process via the /api/webhook endpoint,...

7.5CVSS6.3AI score0.00563EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/10/01 12:0 a.m.4 views

Argo CD 安全漏洞

Argo CD is an Argo open source declarative GitOps continuous delivery tool for Kubernetes. A security vulnerability exists in Argo CD that stems from unconfigured webhook.bitbucketserver.secret when processing malicious API requests, which could lead to a denial-of-service attack. The following...

7.5CVSS8.8AI score0.00549EPSS
Exploits1References2
CVE
CVE
added 2025/09/30 10:52 p.m.30 views

CVE-2025-55191

CVE-2025-55191 affects Argo CD up to several release lines (2.14.19, 3.1.7, 3.0.18, etc.). The issue is a race condition in the repository credentials handler (repository_secrets.go) that can cause the Argo CD server to panic and crash when concurrent operations touch the same repository URL. A v...

6.5CVSS6.3AI score0.00441EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/30 12:0 a.m.2 views

PT-2025-40034

Name of the Vulnerable Software and Affected Versions Argo CD versions 2.1.0 through 2.14.19 Argo CD versions 3.0.0-rc1 through 3.0.18 Argo CD versions 3.1.0-rc1 through 3.1.7 Argo CD version 3.2.0-rc1 Description Argo CD, a declarative GitOps continuous delivery tool for Kubernetes, is susceptib...

9.8CVSS7.3AI score0.00441EPSS
Exploits0References356
Positive Technologies
Positive Technologies
added 2025/09/30 12:0 a.m.4 views

PT-2025-40045

Summary In the default configuration, webhook.azuredevops.username and webhook.azuredevops.password not set, Argo CD’s /api/webhook endpoint crashes the entire argocd-server process when it receives an Azure DevOps Push event whose JSON array resource.refUpdates is empty. The slice index 0 is...

7.5CVSS7.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/20 12:0 a.m.2 views

PT-2024-5352 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions prior to 2.11.3 Argo CD versions prior to 2.10.12 Argo CD versions prior to 2.9.17 Description: Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It’s possible for authenticated users to enumerate...

4.3CVSS7AI score0.00408EPSS
Exploits0References16
BDU FSTEC
BDU FSTEC
added 2024/04/03 12:0 a.m.7 views

The vulnerability of the declarative delivery tool for GitOps on Kubernetes Argo CD, related to insecure privilege management, allows a perpetrator to perform local synchronization.

The vulnerability of GitOps’ continuous delivery tool for Kubernetes Argo CD relates to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor to perform local synchronization remotely...

6.4CVSS6.5AI score0.00532EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/04/02 12:0 a.m.6 views

The vulnerability of the `loadRepoIndex()` function in the declarative tool for continuous delivery of GitOps for Kubernetes Argo CD allows a malicious actor to trigger a service failure.

The vulnerability of the loadRepoIndex function in the declarative tool for continuous delivery of GitOps for Kubernetes Argo CD is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

6.8CVSS6.5AI score0.00972EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/01/29 12:0 a.m.6 views

The vulnerability of the declarative delivery interface for GitOps on Kubernetes Argo CD allows attackers to circumvent security restrictions and execute CSRF attacks.

The vulnerability of the declarative delivery interface for GitOps in Kubernetes Argo CD is related to insufficient verification of the authenticity of executed requests. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and perform CSRF attacks...

8.3CVSS7.4AI score0.00386EPSS
Exploits1References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/09/16 12:0 a.m.7 views

The vulnerability of the declarative delivery tool for GitOps on Kubernetes Argo CD, related to deficiencies in pathname restrictions for directories, allows attackers to gain unauthorized access to protected information.

The vulnerability of GitOps’ continuous delivery tool for Kubernetes Argo CD is related to shortcomings in pathname restrictions for directories. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...

6.8CVSS6.8AI score0.0086EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/02/09 12:0 a.m.5 views

The vulnerability of the declarative delivery tool for GitOps in Kubernetes Argo CD allows attackers to increase their privileges.

The vulnerability of GitOps’ continuous delivery tool for Kubernetes Argo CD is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to gain increased privileges...

8.5CVSS7.5AI score0.0078EPSS
Exploits0References3Affected Software2
CNNVD
CNNVD
added 2022/03/22 12:0 a.m.3 views

GitHub argo-cd 访问控制错误漏洞

GitHub argo-cd is an open source application from Github. A declarative GitOps continuous delivery tool for Kubernetes. GitHub argo-cd suffers from an Access Control Error vulnerability that can be exploited by an attacker to read files that should not be accessed by the repository server,...

7.7CVSS6.8AI score0.0086EPSS
Exploits0References7
Rows per page
Query Builder