7 matches found
Critical: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps 1.10.2 security update
An update is now available for Red Hat OpenShift GitOps v1.10.2. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
Critical: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.9.4 security update
An update is now available for Red Hat OpenShift GitOps v1.9.4. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
CVE-2024-22424
A flaw was found in the Argo CD API before versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15. These versions are vulnerable to a Cross-server request forgery CSRF attack when the attacker can write HTML to a page on the same parent domain as Argo CD. A CSRF attack works by tricking an authenticated Arg...
CVE-2024-22424
creationtimestamp| type| source ---|---|--- 2024-01-19 02:26:47+00:00| seen| https://t.me/ctinow/170038 2024-01-19 08:17:10+00:00| seen| https://t.me/ctinow/170097 2024-04-02 10:51:17+00:00| published-proof-of-concept| https://t.me/techb0ltGenona/4389...
CVE-2024-22424 vulnerabilities
Vulnerabilities for packages: argo-cd...
CVE-2024-22424 Cross-Site Request Forgery (CSRF) in github.com/argoproj/argo-cd
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 are vulnerable to a cross-server request forgery CSRF attack when the attacker has the ability to write HTML to a page on the same parent domain as Argo C...
CVE-2024-22424
CVE-2024-22424 affects Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 (and related 2.7.16 per some advisories). The root cause is failure to validate that requests carry the correct content type, allowing bypass of browser CORS preflight checks and enabling CSRF via cross-origin...