Lucene search
K

370 matches found

EUVD
EUVD
added 8 hours ago5 views

EUVD-2026-43648

A flaw was identified in Argo CD, the GitOps engine used by Red Hat OpenShift GitOps, that could allow an unauthenticated attacker with network access to the Argo CD repo-server to achieve remote code execution. Under certain conditions, the attacker may then manipulate cached data to deploy...

8.9CVSS6.2AI score
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/07/06 3:19 p.m.12 views

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.19.5 security update

Important: Red Hat OpenShift GitOps v1.19.5 security update An update is now available for Red Hat OpenShift GitOps...

9.6CVSS6.8AI score0.00813EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/06 3:19 p.m.7 views

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.21.1 security update

Important: Red Hat OpenShift GitOps v1.21.1 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-10083 RC 1.21.0-7: Missing permission for web-based terminal in Argocd UI GITOPS-10178 OpenShift GitOps operator v1.21.0 breaks Redis-HA...

7.5CVSS6AI score0.00813EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/07/06 3:19 p.m.7 views

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.20.5 security update

Important: Red Hat OpenShift GitOps v1.20.5 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-9568 GitOps operator propagates argo CD tracking annotations to dynamic roleBindings GITOPS-9971 Image Updater Self-hosted Quay images redirect t...

9.6CVSS6AI score0.00813EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/01 10:3 p.m.13 views

CVE-2026-45625

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, Arcane's huma-based REST API exposes nine endpoints under /api/customize/git-repositories and /api/git-repositories/sync for managing GitOps source repositories and their stored credentials. Eig...

9.9CVSS5.8AI score0.00387EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/01 5:19 a.m.100 views

aks-poc-setup

AKS Production-Grade POC Setup A comprehensive, production-re...

6.1AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/29 5:10 p.m.10 views

CVE-2026-45625 Arcane: Missing admin authorization on git repository endpoints allows non-admin users to exfiltrate stored Git credentials and tamper with GitOps configs

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, Arcane's huma-based REST API exposes nine endpoints under /api/customize/git-repositories and /api/git-repositories/sync for managing GitOps source repositories and their stored credentials. Eig...

9.9CVSS5.8AI score0.00387EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 5:10 p.m.45 views

CVE-2026-45625 Arcane: Missing admin authorization on git repository endpoints allows non-admin users to exfiltrate stored Git credentials and tamper with GitOps configs

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, Arcane's huma-based REST API exposes nine endpoints under /api/customize/git-repositories and /api/git-repositories/sync for managing GitOps source repositories and their stored credentials. Eig...

9.9CVSS0.00387EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 5:10 p.m.28 views

CVE-2026-45625

CVE-2026-45625 (Arcane) : The huma-based REST API exposes nine endpoints under /api/customize/git-repositories and /api/git-repositories/sync without admin enforcement. Eight endpoints bypass checkAdmin(ctx), allowing any authenticated user (default role: user) to list, create, modify, delete, an...

9.9CVSS5.8AI score0.00387EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/26 2:55 p.m.25 views

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.20.4 security update

Important: Red Hat OpenShift GitOps v1.20.4 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-8784 Service-CA annotation removed from argocd-server Service during v1.12.3 - v1.12.4 upgrade path, persists in later versions GITOPS-9549...

9.6CVSS5.8AI score0.00505EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2026/05/26 2:54 p.m.17 views

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.18.6 security update

Important: Red Hat OpenShift GitOps v1.18.6 security update An update is now available for Red Hat OpenShift GitOps...

9.8CVSS6.5AI score0.01735EPSS
Exploits2References7
RedHat Linux
RedHat Linux
added 2026/05/26 2:49 p.m.20 views

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.19.4 security update

Important: Red Hat OpenShift GitOps v1.19.4 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-8784 Service-CA annotation removed from argocd-server Service during v1.12.3 - v1.12.4 upgrade path, persists in later versions...

9.8CVSS6.6AI score0.01735EPSS
Exploits4References7
Snyk
Snyk
added 2026/05/19 3:54 p.m.10 views

Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the HideSecretData function that fails to mask predictedLive argument for --server-side-diff command. An attacker can extract last-applied-configuration which may...

6.3CVSS5.8AI score0.00034EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/19 3:54 p.m.14 views

Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the HideSecretData function that fails to mask predictedLive argument for --server-side-diff command. An attacker can extract last-applied-configuration which may...

6.3CVSS5.8AI score0.00034EPSS
Exploits0References2
OSV
OSV
added 2026/05/18 1:44 p.m.6 views

GHSA-7H26-HG47-P9HX Arcane Backend: Missing admin authorization on git repository endpoints allows non-admin users to exfiltrate stored Git credentials and tamper with GitOps configs

Summary Arcane's huma-based REST API exposes nine endpoints under /api/customize/git-repositories and /api/git-repositories/sync for managing GitOps source repositories and their stored credentials. Eight of those endpoints list, create, get, update, delete, test, listBranches, browseFiles never...

9.9CVSS5.8AI score0.00387EPSS
Exploits0References3
NVD
NVD
added 2026/05/07 11:16 p.m.20 views

CVE-2026-42880

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext...

9.6CVSS0.00505EPSS
Exploits2References7
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.15 views

PT-2026-37356

Name of the Vulnerable Software and Affected Versions Argo CD versions 3.2.0 through 3.2.10 Argo CD versions 3.3.0 through 3.3.8 Description A missing authorization and data-masking gap exists in the '/application.ApplicationService/ServerSideDiff' endpoint. This allows an attacker with read-only...

9.6CVSS5.8AI score0.00505EPSS
Exploits2References175
RedHat Linux
RedHat Linux
added 2026/04/30 5:40 p.m.10 views

Important: Red Hat Bug Fix Advisory: Red Hat OpenShift GitOps v1.20.3 bug fix and enhancement update

Red Hat OpenShift GitOps v1.20.3 bug fix and enhancement update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-9699 CVE-2026-42880 Kubernetes Secret Extraction via ArgoCD ServerSideDiff gitops-1.20...

9.6CVSS5.8AI score0.00505EPSS
Exploits2References2
RedHat Linux
RedHat Linux
added 2026/04/22 12:35 p.m.9 views

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.20.2 security update

Important: Red Hat OpenShift GitOps v1.20.2 security update An update is now available for Red Hat OpenShift GitOps...

7.5CVSS7.4AI score0.00606EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/04/22 12:29 p.m.37 views

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.19.3 security update

Important: Red Hat OpenShift GitOps v1.19.3 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-9158 OpenShift Gitops Operator v1.19.2 has hardcoded pod-security labels which conflict OCP = 4.16 GITOPS-9587 multiple CVEs in ose-kube-rbac-pro...

7.5CVSS7.3AI score0.00606EPSS
Exploits0References3
Rows per page
Query Builder