Lucene search
+L

169 matches found

osv
osv
added 2024/09/29 12:0 a.m.17 views

OPENSUSE-SU-2024:14374-1 argocd-cli-2.12.4-1.1 on GA media

These are all security issues fixed in the argocd-cli-2.12.4-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS6.7AI score0.00932EPSS
Exploits0References2
redhat
redhat
added 2024/06/27 12:38 p.m.32 views

Moderate: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.12.4 security update

An update is now available for Red Hat OpenShift GitOps v1.12.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

7.5CVSS6.7AI score0.01262EPSS
Exploits0References5
osv
osv
added 2024/06/05 3:10 p.m.24 views

GO-2024-2877 ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd...

9CVSS8.9AI score0.01479EPSS
Exploits2References10
redhat
redhat
added 2024/05/28 8:21 a.m.38 views

Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.10.6 security update

An update is now available for Red Hat OpenShift GitOps v1.10.6 to address the CVE-2024-31989, Unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Red Hat Product Security has rated this update as having a security impact of Important. A...

9CVSS7.3AI score0.01479EPSS
Exploits2References2
redhatcve
redhatcve
added 2024/05/21 8:56 p.m.25 views

CVE-2024-31989

A flaw was found in the ArgoCD Redis database server. This flaw allows an attacker with access to the Redis server to gain read/write access to the data in Redis. The attacker can also modify the "mfst" manifest key to cause ArgoCD to execute any deployment, potentially leveraging ArgoCD's high...

9.6CVSS9AI score0.01479EPSS
Exploits2References4
cvelist
cvelist
added 2024/05/21 7:8 p.m.39 views

CVE-2024-31989 ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has been discovered that an unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Despite having installed the latest version of the VPC CNI plugin on the EKS...

9CVSS8.9AI score0.01479EPSS
Exploits2References9
vulnrichment
vulnrichment
added 2024/05/21 7:8 p.m.26 views

CVE-2024-31989 ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has been discovered that an unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Despite having installed the latest version of the VPC CNI plugin on the EKS...

9CVSS8.9AI score0.01479EPSS
Exploits2References9
osv
osv
added 2024/05/21 6:7 p.m.26 views

GHSA-9766-5277-J5HR ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache

Summary By default, the Redis database server is not password-protected. Consequently, an attacker with access to the Redis server can gain read/write access to the data in Redis. The attacker can also modify the "mfst" manifest key to cause ArgoCD to execute any deployment, potentially leveragin...

9CVSS9.1AI score0.01479EPSS
Exploits2References11
github
github
added 2024/05/21 6:7 p.m.34 views

ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache

Summary By default, the Redis database server is not password-protected. Consequently, an attacker with access to the Redis server can gain read/write access to the data in Redis. The attacker can also modify the "mfst" manifest key to cause ArgoCD to execute any deployment, potentially leveragin...

9CVSS7.4AI score0.01479EPSS
Exploits2References11Affected Software2
redhat
redhat
added 2024/05/10 7:36 p.m.47 views

Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.10.5 security update

An update is now available for Red Hat OpenShift GitOps v1.10.5 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

7.5CVSS7.2AI score0.01209EPSS
Exploits1References8
osv
osv
added 2024/04/03 10:49 a.m.29 views

BIT-ARGO-CD-2024-29893 Uncontrolled Resource Consumption vulnerability in ArgoCD's repo server

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, it's possible to crash the repo server component through an out o...

6.5CVSS6.4AI score0.00972EPSS
Exploits0References5
veracode
veracode
added 2024/04/01 6:50 a.m.3 views

Denial Of Service (DoS)

github.com/argoproj/argo-cd/ is vulnerable to Denial Of Service. The vulnerability is due to the loadRepoIndex function in the ArgoCD's helm package, which lacks limitations on the size and time while fetching data. An attacker can point ArgoCD to a malicious Helm registry, which results in an ou...

6.5CVSS6.3AI score0.00972EPSS
Exploits0References5Affected Software1
osv
osv
added 2024/03/29 7:4 p.m.36 views

GHSA-JHWX-MHWW-RGC3 ArgoCD's repo server has Uncontrolled Resource Consumption vulnerability

Impact All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, it's possible to crash the repo server component through an out of memory error by pointing it to a malicious Helm registry. The...

6.5CVSS6.4AI score0.00972EPSS
Exploits0References6
github
github
added 2024/03/29 7:4 p.m.30 views

ArgoCD's repo server has Uncontrolled Resource Consumption vulnerability

Impact All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, it's possible to crash the repo server component through an out of memory error by pointing it to a malicious Helm registry. The...

6.5CVSS6.8AI score0.00972EPSS
Exploits0References6Affected Software1
redhatcve
redhatcve
added 2024/03/29 4:25 p.m.39 views

CVE-2024-29893

The ArgoCD repo-server component is vulnerable to a denial of service attack, where it is possible to crash the repo server component through an out-of-memory error by pointing it to a malicious Helm registry. The loadRepoIndex function in the ArgoCD's helm package does not limit the size or time...

6.5CVSS7.1AI score0.00972EPSS
Exploits0References7
vulnrichment
vulnrichment
added 2024/03/29 3:7 p.m.21 views

CVE-2024-29893 Uncontrolled Resource Consumption vulnerability in ArgoCD's repo server

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, it's possible to crash the repo server component through an out o...

6.5CVSS6.6AI score0.00972EPSS
Exploits0References4
cvelist
cvelist
added 2024/03/29 3:7 p.m.48 views

CVE-2024-29893 Uncontrolled Resource Consumption vulnerability in ArgoCD's repo server

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, it's possible to crash the repo server component through an out o...

6.5CVSS6.5AI score0.00972EPSS
Exploits0References4
veracode
veracode
added 2024/03/27 11:37 a.m.28 views

Improper Restriction Of Excessive Authentication Attempts

github.com/argoproj/argo-cd/ is vulnerable to Improper Restriction Of Excessive Authentication Attempts. This vulnerability is due to a weak cache-based mechanism that allows attackers to bypass rate limit and brute force protections, which can result in account compromise...

9.1CVSS7AI score0.02157EPSS
Exploits2References5Affected Software1
osv
osv
added 2024/03/22 5:31 p.m.35 views

GO-2024-2652 Brute force protection bypass in github.com/argoproj/argo-cd/v2

An attacker can effectively bypass the rate limit and brute force protections in Argo CD by exploiting the application's weak cache-based mechanism. The application's brute force protection relies on a cache mechanism that tracks login attempts for each user. An attacker can overflow this cache b...

9.8CVSS7.3AI score0.02157EPSS
Exploits2References4
nvd
nvd
added 2024/03/13 9:16 p.m.34 views

CVE-2024-28175

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Due to the improper URL protocols filtering of links specified in the link.argocd.argoproj.io annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions. All...

9CVSS8.5AI score0.00654EPSS
Exploits0References2
Rows per page
Query Builder