2 matches found
CVE-2022-31102 Cross-site Scripting for Argo CD single sign on users
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with 2.3.0 and prior to 2.3.6 and 2.4.5 is vulnerable to a cross-site scripting XSS bug which could allow an attacker to inject arbitrary JavaScript in the /auth/callback page in a victim's browser. This...
CVE-2022-31102
Argo CD (GitOps for Kubernetes) is affected by a cross-site scripting (XSS) vulnerability in versions 2.3.0–2.3.6 and 2.4.0–2.4.4 that allows arbitrary JavaScript in the /auth/callback page when SSO is enabled. Exploitation requires access to the API server’s encryption key, a method to inject a ...