Lucene search
+L

169 matches found

gitlab
gitlab
added 2021/07/26 12:0 a.m.62 views

Insecure Default Initialization of Resource

As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or logs, this issue could be abused for privilege escalation, as Argo has privileged roles. A malicious insider is the most realistic threat, but pod names are not meant to be ke...

8.8CVSS4AI score0.018EPSS
Exploits1References5Affected Software1
redhat
redhat
added 2021/05/19 5:4 p.m.93 views

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...

6.5CVSS6.6AI score0.00764EPSS
Exploits0References3
redhatcve
redhatcve
added 2021/05/19 3:16 p.m.82 views

CVE-2021-3557

A flaw was found in argocd. Any unprivileged user is able to deploy argocd in their namespace and with the created ServiceAccount argocd-argocd-server, the unprivileged user is able to read all resources of the cluster including all secrets which might enable privilege escalations. The highest...

6.5CVSS1.8AI score0.00764EPSS
Exploits0References3
cnnvd
cnnvd
added 2021/05/19 12:0 a.m.5 views

Red Hat OpenShift GitOps 授权问题漏洞

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying and running applications. Red Hat OpenShift GitOps suffers from an authorization issue vulnerability that stems from argocd: ServiceAccount argocd-argocd-server...

6.5CVSS6.5AI score0.00764EPSS
Exploits0References7
veracode
veracode
added 2021/05/14 7:21 a.m.20 views

Information Disclosure

github.com/argoproj/argo-cd is vulnerable to information disclosure. User credentials are printed an error message in JSON format when a user with update permissions to an Application edits the manifest of a Secret resource in the UI with invalid input...

5.9CVSS1.4AI score0.00232EPSS
Exploits0References1Affected Software1
prion
prion
added 2021/03/03 10:15 a.m.18 views

Cross site scripting

The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting XSS the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user...

3.5CVSS4.8AI score0.00535EPSS
Exploits0References2Affected Software1
cnvd
cnvd
added 2020/04/09 12:0 a.m.4 views

Argo Authorization Issues Vulnerability

Argo is an open source container native workflow engine. Argo suffers from an authorization issue vulnerability that stems from the program setting the default administrator password to the argocd-server container group name. An attacker can exploit this vulnerability to gain administrator...

8.8CVSS7.2AI score0.018EPSS
Exploits1References1
cvelist
cvelist
added 2020/04/08 7:49 p.m.26 views

CVE-2020-8828

As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or logs, this issue could be abused for privilege escalation, as Argo has privileged roles. A malicious insider is the most realistic threat, but pod names are not meant to be ke...

8.8AI score0.018EPSS
Exploits1References3
cve
cve
added 2020/04/08 7:49 p.m.79 views

CVE-2020-8828

CVE-2020-8828 affects Argo CD (v1.5.0 and earlier) where the default admin password is set to the argocd-server pod name. This creates privilege-escalation risk for insiders with cluster or log access due to Argo’s privileged roles. The impact is described as a privileged-escape scenario for atta...

8.8CVSS8.6AI score0.018EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder