21 matches found
CVE-2026-43824
A flaw was found in Argo CD. The ServerSideDiff feature allows for the reading of cleartext Kubernetes Secret data. This vulnerability could lead to information disclosure, potentially exposing sensitive configuration details within the Kubernetes environment. Mitigation Mitigation for this issue...
Argo CD 信息泄露漏洞
Argo CD is an open-source tool developed by Argo for Kubernetes, designed for declarative GitOps continuous delivery. Versions of Argo CD prior to 3.2.11 and 3.3.0–3.3.9 contained a vulnerability related to information leakage. This vulnerability stemmed from a lack of authorization and data...
CVE-2026-6388 Argocd-image-updater: argocd image updater: cross-namespace privilege escalation via insufficient namespace validation
A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates ...
CLEANSTART-2026-CZ81512 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes
Multiple security vulnerabilities affect the argo-cd package. Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. See references for individual vulnerability details...
CVE-2025-47908 vulnerabilities
Vulnerabilities for packages: datadog-agent, grafana-mimir, rekor, cortex, prometheus-alertmanager, fulcio, timestamp-authority...
Red Hat OpenShift GitOps 安全漏洞
Red Hat OpenShift GitOps is an automated deployment service from Red Hat USA. A security vulnerability exists in Red Hat OpenShift GitOps that stems from a namespace administrator being able to create an ArgoCD custom resource to gain privileges, potentially leading to full control of the cluster...
EUVD-2025-31758
Malicious code in bioql PyPI...
EUVD-2025-26875
Malicious code in bioql PyPI...
CVE-2025-59537
CVE-2025-59537 affects Argo CD. Affected: Argo CD server components in versions 1.2.0–1.8.7, 2.0.0-rc1–2.14.19, 3.0.0-rc1–3.2.0-rc1, 3.1.7, and 3.0.18. Description: receiving a Gogs push webhook with commits[].repo missing or null can crash the argocd-server process via the /api/webhook endpoint,...
Argo CD 安全漏洞
Argo CD is an Argo open source declarative GitOps continuous delivery tool for Kubernetes. A security vulnerability exists in Argo CD that stems from unconfigured webhook.bitbucketserver.secret when processing malicious API requests, which could lead to a denial-of-service attack. The following...
CVE-2025-55191
CVE-2025-55191 affects Argo CD up to several release lines (2.14.19, 3.1.7, 3.0.18, etc.). The issue is a race condition in the repository credentials handler (repository_secrets.go) that can cause the Argo CD server to panic and crash when concurrent operations touch the same repository URL. A v...
PT-2025-40034
Name of the Vulnerable Software and Affected Versions Argo CD versions 2.1.0 through 2.14.19 Argo CD versions 3.0.0-rc1 through 3.0.18 Argo CD versions 3.1.0-rc1 through 3.1.7 Argo CD version 3.2.0-rc1 Description Argo CD, a declarative GitOps continuous delivery tool for Kubernetes, is susceptib...
PT-2025-40045
Summary In the default configuration, webhook.azuredevops.username and webhook.azuredevops.password not set, Argo CD’s /api/webhook endpoint crashes the entire argocd-server process when it receives an Azure DevOps Push event whose JSON array resource.refUpdates is empty. The slice index 0 is...
PT-2024-5352 · Argo Cd · Argo Cd
Name of the Vulnerable Software and Affected Versions: Argo CD versions prior to 2.11.3 Argo CD versions prior to 2.10.12 Argo CD versions prior to 2.9.17 Description: Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It’s possible for authenticated users to enumerate...
The vulnerability of the declarative delivery tool for GitOps on Kubernetes Argo CD, related to insecure privilege management, allows a perpetrator to perform local synchronization.
The vulnerability of GitOps’ continuous delivery tool for Kubernetes Argo CD relates to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor to perform local synchronization remotely...
The vulnerability of the `loadRepoIndex()` function in the declarative tool for continuous delivery of GitOps for Kubernetes Argo CD allows a malicious actor to trigger a service failure.
The vulnerability of the loadRepoIndex function in the declarative tool for continuous delivery of GitOps for Kubernetes Argo CD is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of the declarative delivery interface for GitOps on Kubernetes Argo CD allows attackers to circumvent security restrictions and execute CSRF attacks.
The vulnerability of the declarative delivery interface for GitOps in Kubernetes Argo CD is related to insufficient verification of the authenticity of executed requests. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and perform CSRF attacks...
The vulnerability of the declarative delivery tool for GitOps on Kubernetes Argo CD, related to deficiencies in pathname restrictions for directories, allows attackers to gain unauthorized access to protected information.
The vulnerability of GitOps’ continuous delivery tool for Kubernetes Argo CD is related to shortcomings in pathname restrictions for directories. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...
The vulnerability of the declarative delivery tool for GitOps in Kubernetes Argo CD allows attackers to increase their privileges.
The vulnerability of GitOps’ continuous delivery tool for Kubernetes Argo CD is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to gain increased privileges...
GitHub argo-cd 访问控制错误漏洞
GitHub argo-cd is an open source application from Github. A declarative GitOps continuous delivery tool for Kubernetes. GitHub argo-cd suffers from an Access Control Error vulnerability that can be exploited by an attacker to read files that should not be accessed by the repository server,...