GO-2025-4023 Argo Workflow has a Zipslip Vulnerability in github.com/argoproj/argo-workflows

Argo Workflow has a Zipslip Vulnerability in github.com/argoproj/argo-workflows...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the project details API endpoint. An attacker can access sensitive repository credentials by using API tokens with project-level or project get permissions,...

GO-2022-0882 Observable Discrepancy in Argo in github.com/argoproj/argo-cd

Observable Discrepancy in Argo in github.com/argoproj/argo-cd...

GO-2022-0499 Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd...

GO-2022-0497 Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd...

GO-2022-0455 Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd...

GO-2022-0358 Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd...

GO-2022-0357 Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd...

GO-2023-2050 Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd...

GO-2023-1512 Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd...

Information Disclosure

github.com/argoproj/argo-cd is vulnerable to Information Disclosure. The vulnerability is due to improper enforcement of permission revocation for open terminal sessions within websocket.go, which allows continued unauthorized access and the potential leakage of sensitive information even after...

GO-2024-2654 Denial of service in github.com/argoproj/argo-cd/v2

Application may crash due to concurrent writes, leading to a denial of service. An attacker can crash the application continuously, making it impossible for legitimate users to access the service. Authentication is not required in the attack...

BIT-ARGO-CD-2021-23347

The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting XSS the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user...

Cross-site Scripting (XSS)

github.com/argoproj/argo-cd is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization allowing an attacker to inject maliciously crafted script via input in the /auth/callback page...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in github.com/argoproj/argo-cd/v2...

Denial Of Service (DoS)

github.com/argoproj/argo-events is vulnerable to denial of service. The use of deprecated ioutil.ReadAll. ioutil.ReadAll methods to handle new routes allows reading to all data into memory of event server, causing a out-of-memory denial-of-service attack...

Privilege Escalation

github.com/argoproj/argo-workflows is vulnerable to privilege escalation. An attacker can create a workflow through the newHTTPServer function of argoserver.go that produces an HTML artifact and makes XRL calls to the Argo Server API by using a script, allowing the attacker to send malicious emai...

Information Disclosure

github.com/argoproj/argo-cd is vulnerable to information disclosure. The vulnerability exists in application resource APIs because the access controls are not properly handled which allows an attacker to escalate their privileges to admin-level and access the sensitive information...

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in github.com/argoproj/argo-workflows...

CVE-2021-23347

The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting XSS the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user...