Lucene search
+L

5 matches found

RedHat Linux
RedHat Linux
added 2023/09/08 1:9 p.m.83 views

Critical: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link...

9.9CVSS6.8AI score0.01176EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/09/07 10:14 p.m.19 views

CVE-2023-40584 Denial of Service to Argo CD repo-server

Argo CD is a declarative continuous deployment for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, the said component extracts a user-controlled tar.gz file without validating...

6.5CVSS6.5AI score0.01176EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/09/07 10:14 p.m.69 views

CVE-2023-40584 Denial of Service to Argo CD repo-server

Argo CD is a declarative continuous deployment for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, the said component extracts a user-controlled tar.gz file without validating...

6.5CVSS6.5AI score0.01176EPSS
Exploits0References2
CVE
CVE
added 2023/09/07 10:14 p.m.75 views

CVE-2023-40584

CVE-2023-40584 affects Argo CD repo-server (all Argo CD versions from v2.4). The root cause is a Denial-of-Service vulnerability where the repo-server unpacks a user-controlled tar.gz without validating the inner files’ size and with insufficient checks on extracted file permissions before deleti...

6.5CVSS6.4AI score0.01176EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2023/09/07 7:42 p.m.32 views

CVE-2023-40584

A flaw was found in ArgoCD, where it failed to properly validate the user-controlled tar.gz file uploaded to the repo-server component. As a result, a maliciously crafted tar.gz file sent by a low-privileged user may result in resource starvation and further denial of service of the ArgoCD server...

6.5CVSS6.6AI score0.01176EPSS
Exploits0References4
Rows per page
Query Builder