Lucene search
+L

933 matches found

Chainguard
Chainguard
added 2026/05/06 7:17 p.m.29 views

CVE-2026-41506 vulnerabilities

Vulnerabilities for packages: argocd-image-updater-fips, gomplate, terragrunt, syft-fips, pulumi-language-yaml, trivy-operator, terragrunt-fips, chainloop-cli-fips, nuclei, gitsign, syft, argo-workflows-fips, src-fingerprint-fips, nemo, gitlab-runner, kubescape-server, cerbos, flux, grype, cg,...

7.4CVSS5.1AI score0.00259EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.17 views

PT-2026-37356

Name of the Vulnerable Software and Affected Versions Argo CD versions 3.2.0 through 3.2.10 Argo CD versions 3.3.0 through 3.3.8 Description A missing authorization and data-masking gap exists in the '/application.ApplicationService/ServerSideDiff' endpoint. This allows an attacker with read-only...

9.6CVSS5.8AI score0.00505EPSS
Exploits2References175
Snyk
Snyk
added 2026/05/02 3:17 a.m.5 views

Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer via the ServerSideDiff process. An attacker can access sensitive Kubernetes Secret data in cleartext by leveraging this process with appropriate permissions. Remediati...

9.6CVSS5.8AI score0.00505EPSS
Exploits2References2
NVD
NVD
added 2026/05/02 2:16 a.m.11 views

CVE-2026-43824

In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data...

9.6CVSS0.00225EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/02 1:20 a.m.6 views

CVE-2026-43824

In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data...

7.7CVSS5.8AI score0.00225EPSS
Exploits0References1
CVE
CVE
added 2026/05/02 1:20 a.m.90 views

CVE-2026-43824

Argo CD vulnerable via ServerSideDiff: versions 3.2.0–3.2.10 and 3.3.0–3.3.8 expose cleartext Kubernetes Secret data. Root cause is the ServerSideDiff endpoint returning raw Secret data when IncludeMutationWebhook is enabled, effectively leaking sensitive information in responses. Upstream fixes ...

9.6CVSS5.8AI score0.00225EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/02 1:20 a.m.3 views

CVE-2026-43824

In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data...

7.7CVSS5.8AI score0.00225EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/02 1:20 a.m.36 views

CVE-2026-43824

In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data...

7.7CVSS0.00225EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/02 1:20 a.m.9 views

EUVD-2026-26726

In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data...

7.7CVSS5.8AI score0.00225EPSS
Exploits0References1
OSV
OSV
added 2026/05/02 1:20 a.m.4 views

CVE-2026-43824

In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data...

7.7CVSS7.2AI score0.00505EPSS
Exploits2References6
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.9 views

Argo CD 安全漏洞

Argo CD is an open-source tool developed by Argo for Kubernetes, designed for declarative GitOps continuous delivery. There were security vulnerabilities in versions of Argo CD between 3.2.0 and 3.2.11, as well as between 3.3.0 and 3.3.9. These vulnerabilities stemmed from ServerSideDiff allowing...

7.7CVSS5.8AI score0.00225EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.12 views

PT-2026-36558

Name of the Vulnerable Software and Affected Versions Argo CD versions 3.2.0 through 3.2.10 Argo CD versions 3.3.0 through 3.3.8 Description The 'ServerSideDiff' endpoint allows the disclosure of cleartext Kubernetes Secret data. This occurs when the IncludeMutationWebhook variable is set to true...

7.7CVSS5.8AI score0.00225EPSS
Exploits0References15
Wolfi
Wolfi
added 2026/04/18 1:48 p.m.12 views

GHSA-3XC5-WRHM-F963 vulnerabilities

Vulnerabilities for packages: argo-workflows, k9s, external-secrets-operator, kaniko, kubevela, kubescape, flux-source-controller, steampipe, gitsign, gitaly, kyverno, bom, osv-scanner, witness, apko, crossplane, act, argo-cd, trivy, rancher-fleet, flux, grafana-alloy, trufflehog, wolfictl, nucle...

5.3AI score
Exploits0
OSV
OSV
added 2026/04/16 12:46 a.m.9 views

CLEANSTART-2026-BH97849 gRPC-Go is the Go language implementation of gRPC

Multiple security vulnerabilities affect the argo-cd package. gRPC-Go is the Go language implementation of gRPC. See references for individual vulnerability details...

9.8CVSS7.4AI score0.04518EPSS
Exploits4References53
ATTACKERKB
ATTACKERKB
added 2026/04/15 9:34 p.m.3 views

CVE-2026-6388

A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates ...

9.1CVSS5.7AI score0.00357EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/15 9:34 p.m.5 views

CVE-2026-6388

A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates ...

9.1CVSS5.7AI score0.00357EPSS
Exploits0References3
Chainguard
Chainguard
added 2026/04/10 2:13 a.m.4 views

GHSA-GPX4-37G2-C8PV vulnerabilities

Vulnerabilities for packages: argo-cd-fips, argo-cd...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/04/10 2:13 a.m.15 views

CVE-2025-59538 vulnerabilities

Vulnerabilities for packages: argo-cd-fips, argo-cd...

7.5CVSS8.2AI score0.00549EPSS
Exploits1
Chainguard
Chainguard
added 2026/04/10 2:13 a.m.5 views

GHSA-F9GQ-PRRC-HRHC vulnerabilities

Vulnerabilities for packages: argo-cd-fips, argo-cd...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/04/10 2:13 a.m.6 views

CVE-2025-59537 vulnerabilities

Vulnerabilities for packages: argo-cd-fips, argo-cd...

7.5CVSS8.2AI score0.00563EPSS
Exploits1
Rows per page
Query Builder