5 matches found
CVE-2022-29165 Argo CD will blindly trust JWT claims if anonymous access is enabled
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2.3.4 which would allow unauthenticated users to impersonate as any Argo CD user or role, includin...
CVE-2022-29165
CVE-2022-29165 affects Argo CD (GitOps tool for Kubernetes). Vulnerable in versions starting at 1.4.0 and prior to 2.1.15, 2.2.9, and 2.3.4. If anonymous access is enabled, unauthenticated attackers can impersonate any Argo CD user or role (including built‑in admin) by sending a crafted JWT, pote...
Important: Red Hat Security Advisory: Red Hat OpenShift GitOps security update
An update is now available for Red Hat OpenShift GitOps 1.4 in openshift-gitops-argocd container. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...
Important: Red Hat Security Advisory: Red Hat OpenShift GitOps security update
An update is now available for Red Hat OpenShift GitOps 1.5 in openshift-gitops-argocd container. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...
Important: Red Hat Security Advisory: Red Hat OpenShift GitOps security update
An update is now available for Red Hat OpenShift GitOps 1.3 in openshift-gitops-argocd container. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...