5 matches found
Critical: Red Hat Security Advisory: Red Hat OpenShift GitOps security update
An update is now available for Red Hat OpenShift GitOps 1.8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link...
CVE-2023-40584 Denial of Service to Argo CD repo-server
Argo CD is a declarative continuous deployment for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, the said component extracts a user-controlled tar.gz file without validating...
CVE-2023-40584 Denial of Service to Argo CD repo-server
Argo CD is a declarative continuous deployment for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, the said component extracts a user-controlled tar.gz file without validating...
CVE-2023-40584
CVE-2023-40584 affects Argo CD repo-server (all Argo CD versions from v2.4). The root cause is a Denial-of-Service vulnerability where the repo-server unpacks a user-controlled tar.gz without validating the inner files’ size and with insufficient checks on extracted file permissions before deleti...
CVE-2023-40584
A flaw was found in ArgoCD, where it failed to properly validate the user-controlled tar.gz file uploaded to the repo-server component. As a result, a maliciously crafted tar.gz file sent by a low-privileged user may result in resource starvation and further denial of service of the ArgoCD server...