Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.10.5 security update

An update is now available for Red Hat OpenShift GitOps v1.10.5 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.12.2 security update

An update is now available for Red Hat OpenShift GitOps v1.12.2 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.11.4 security update

An update is now available for Red Hat OpenShift GitOps v1.11.4 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

RHEL 8 : openshift-gitops-kam (RHSA-2023:6243)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6243 advisory. TODO: add package description Security Fixes: golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-393...

RHEL 8 : openshift-gitops-kam (RHSA-2023:5407)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5407 advisory. OpenShift GitOps KAM OpenShift GitOps Kubernetes Application Manager CLI tool Security Fixes: goproxy: Denial of service DoS via unspecified vectors...

RHEL 8 : openshift-gitops-kam (RHSA-2023:3229)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:3229 advisory. Security Fixes: go-restful: Authorization Bypass Through User-Controlled Key CVE-2022-1996 For more details about the security issues, including the...

RHEL 8 : openshift-gitops-kam (RHSA-2023:6782)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6782 advisory. OpenShift GitOps KAM OpenShift GitOps Kubernetes Application Manager CLI tool Security Fixes: golang: net/http, x/net/http2: rapid stream...

RHEL 9 : openshift-gitops-kam (RHSA-2023:3557)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:3557 advisory. OpenShift GitOps KAM OpenShift GitOps Kubernetes Application Manager CLI tool Security Fixes: go-restful: Authorization Bypass Through User-Controlle...

RHEL 9 : openshift-gitops-kam (RHSA-2023:7344)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7344 advisory. An update for openshift-gitops-kam is now available for Red Hat OpenShift GitOps 1.9. Security Fixes: golang: net/http, x/net/http2: rapid...

CVE-2024-32476 Denial of Service via malicious jqPathExpressions in ignoreDifferences

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. There is a Denial of Service DoS vulnerability via OOM using jq in ignoreDifferences. This vulnerability has been patched in versions 2.10.7, 2.9.12 and 2.8.16...

CVE-2024-32476 Denial of Service via malicious jqPathExpressions in ignoreDifferences

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. There is a Denial of Service DoS vulnerability via OOM using jq in ignoreDifferences. This vulnerability has been patched in versions 2.10.7, 2.9.12 and 2.8.16...

CVE-2024-32476 Denial of Service via malicious jqPathExpressions in ignoreDifferences

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. There is a Denial of Service DoS vulnerability via OOM using jq in ignoreDifferences. This vulnerability has been patched in versions 2.10.7, 2.9.12 and 2.8.16...

Improper Authorization

github.com/argoproj/argo-cd/v2 is vulnerable to Improper Authorization.The vulnerability is due to an oversight in access control configurations that allow a user to change the project of an Application object, despite restrictions meant to enforce changes only through GitOps workflows...

CVE-2024-31990

A flaw was found in Argo CD. The API server does not enforce project sourceNamespaces, which can allow an attacker to use the UI to edit resources which should only be mutable via gitops...

CVE-2024-31990

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces which allows attackers to use the UI to edit resources which should only be mutable via gitops. This vulenrability is fixed in 2.10.7, 2.9.12, and 2.8.16...

CVE-2024-31990 Argo CD' API server does not enforce project sourceNamespaces

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces which allows attackers to use the UI to edit resources which should only be mutable via gitops. This vulenrability is fixed in 2.10.7, 2.9.12, and 2.8.16...

CVE-2024-31990

CVE-2024-31990 affects Argo CD: the API server did not enforce project sourceNamespaces, enabling UI-edited resources that should be controlled by gitops. Connected sources confirm this issue in Argo CD and link to fixes in version 2.10.7, 2.9.12, and 2.8.16. Remediation is upgrading to one of th...

CVE-2024-31990 Argo CD' API server does not enforce project sourceNamespaces

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces which allows attackers to use the UI to edit resources which should only be mutable via gitops. This vulenrability is fixed in 2.10.7, 2.9.12, and 2.8.16...

Argo CD 安全漏洞

Argo CD is a software application. A declarative GitOps continuous delivery tool for Kubernetes. It continuously monitors running applications and compares the current live state with the desired target state e.g. configuration in the Git repository, automatically synchronizing and deploying...

Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.12.1 security update

An update is now available for Red Hat OpenShift GitOps v1.12.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...