169 matches found
OPENSUSE-SU-2024:14374-1 argocd-cli-2.12.4-1.1 on GA media
These are all security issues fixed in the argocd-cli-2.12.4-1.1 package on the GA media of openSUSE Tumbleweed...
Moderate: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.12.4 security update
An update is now available for Red Hat OpenShift GitOps v1.12.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
GO-2024-2877 ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd...
Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.10.6 security update
An update is now available for Red Hat OpenShift GitOps v1.10.6 to address the CVE-2024-31989, Unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Red Hat Product Security has rated this update as having a security impact of Important. A...
CVE-2024-31989
A flaw was found in the ArgoCD Redis database server. This flaw allows an attacker with access to the Redis server to gain read/write access to the data in Redis. The attacker can also modify the "mfst" manifest key to cause ArgoCD to execute any deployment, potentially leveraging ArgoCD's high...
CVE-2024-31989 ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has been discovered that an unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Despite having installed the latest version of the VPC CNI plugin on the EKS...
CVE-2024-31989 ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has been discovered that an unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Despite having installed the latest version of the VPC CNI plugin on the EKS...
GHSA-9766-5277-J5HR ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache
Summary By default, the Redis database server is not password-protected. Consequently, an attacker with access to the Redis server can gain read/write access to the data in Redis. The attacker can also modify the "mfst" manifest key to cause ArgoCD to execute any deployment, potentially leveragin...
ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache
Summary By default, the Redis database server is not password-protected. Consequently, an attacker with access to the Redis server can gain read/write access to the data in Redis. The attacker can also modify the "mfst" manifest key to cause ArgoCD to execute any deployment, potentially leveragin...
Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.10.5 security update
An update is now available for Red Hat OpenShift GitOps v1.10.5 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...
BIT-ARGO-CD-2024-29893 Uncontrolled Resource Consumption vulnerability in ArgoCD's repo server
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, it's possible to crash the repo server component through an out o...
Denial Of Service (DoS)
github.com/argoproj/argo-cd/ is vulnerable to Denial Of Service. The vulnerability is due to the loadRepoIndex function in the ArgoCD's helm package, which lacks limitations on the size and time while fetching data. An attacker can point ArgoCD to a malicious Helm registry, which results in an ou...
GHSA-JHWX-MHWW-RGC3 ArgoCD's repo server has Uncontrolled Resource Consumption vulnerability
Impact All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, it's possible to crash the repo server component through an out of memory error by pointing it to a malicious Helm registry. The...
ArgoCD's repo server has Uncontrolled Resource Consumption vulnerability
Impact All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, it's possible to crash the repo server component through an out of memory error by pointing it to a malicious Helm registry. The...
CVE-2024-29893
The ArgoCD repo-server component is vulnerable to a denial of service attack, where it is possible to crash the repo server component through an out-of-memory error by pointing it to a malicious Helm registry. The loadRepoIndex function in the ArgoCD's helm package does not limit the size or time...
CVE-2024-29893 Uncontrolled Resource Consumption vulnerability in ArgoCD's repo server
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, it's possible to crash the repo server component through an out o...
CVE-2024-29893 Uncontrolled Resource Consumption vulnerability in ArgoCD's repo server
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, it's possible to crash the repo server component through an out o...
Improper Restriction Of Excessive Authentication Attempts
github.com/argoproj/argo-cd/ is vulnerable to Improper Restriction Of Excessive Authentication Attempts. This vulnerability is due to a weak cache-based mechanism that allows attackers to bypass rate limit and brute force protections, which can result in account compromise...
GO-2024-2652 Brute force protection bypass in github.com/argoproj/argo-cd/v2
An attacker can effectively bypass the rate limit and brute force protections in Argo CD by exploiting the application's weak cache-based mechanism. The application's brute force protection relies on a cache mechanism that tracks login attempts for each user. An attacker can overflow this cache b...
CVE-2024-28175
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Due to the improper URL protocols filtering of links specified in the link.argocd.argoproj.io annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions. All...