2 matches found
GHSA-Q4W5-4GQ2-98VM Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server
Impact All unpatched versions of Argo CD starting with v1.3.0 are vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A malicious Argo CD user with write access for a repository which is or may be us...
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server
Impact All unpatched versions of Argo CD starting with v1.3.0 is vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A malicious Argo CD user with write access for a repository which is or may be use...