GO-2022-0499 Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd...

GO-2022-0497 Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd...

GO-2022-0455 Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd...

GO-2022-0358 Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd...

GO-2023-1512 Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd...

Information Disclosure

github.com/argoproj/argo-cd is vulnerable to Information Disclosure. The vulnerability is due to improper enforcement of permission revocation for open terminal sessions within websocket.go, which allows continued unauthorized access and the potential leakage of sensitive information even after...

BIT-ARGO-CD-2021-23347

The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting XSS the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user...

Cross-site Scripting (XSS)

github.com/argoproj/argo-cd is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization allowing an attacker to inject maliciously crafted script via input in the /auth/callback page...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in github.com/argoproj/argo-cd/v2...

Information Disclosure

github.com/argoproj/argo-cd is vulnerable to information disclosure. The vulnerability exists in application resource APIs because the access controls are not properly handled which allows an attacker to escalate their privileges to admin-level and access the sensitive information...

CVE-2021-23347

The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting XSS the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user...