4 matches found
CVE-2024-28175
A flaw was found in Argo CD. Due to improper filtering of URL protocols in the application summary component, a remote attacker can execute a cross-site scripting XSS attack with privileges to edit the application...
CVE-2024-28175 vulnerabilities
Vulnerabilities for packages: argo-cd, argo-cd-fips...
CVE-2024-28175 Cross-site scripting on application summary component in argo-cd
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Due to the improper URL protocols filtering of links specified in the link.argocd.argoproj.io annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions. All...
CVE-2024-28175
CVE-2024-28175 – Argo CD XSS vulnerability. Due to improper URL protocol filtering in the application summary component’s link annotations (link.argocd.argoproj.io), an attacker can inject a javascript: link and trigger cross-site scripting with elevated permissions when a victim clicks it. The i...