Important: Red Hat Security Advisory: GitOps 1.12.1- Argo CD CLI and MicroShift GitOps security update

An update is now available for Red Hat OpenShift GitOps v1.12.1 for Argo CD CLI and MicroShift GitOps. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

RHEL 8 / 9 : GitOps 1.12.1- Argo CD CLI and MicroShift GitOps (RHSA-2024:1752)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1752 advisory. Errata Advisory for Red Hat OpenShift GitOps v1.12.1- Argo CD CLI and MicroShift GitOps. Security Fixes: argo-cd: Denial of Service Due ...

Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.10.4 security update

An update is now available for Red Hat OpenShift GitOps v1.10.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

BIT-ARGO-CD-2024-29893 Uncontrolled Resource Consumption vulnerability in ArgoCD's repo server

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, it's possible to crash the repo server component through an out o...

BIT-ARGO-CD-2024-21661 Argo CD Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a critical flaw in the application to initiate a Denial of Service DoS attack, rendering the application inoperable and affecting all users. The issue...

CVE-2024-21662

CVE-2024-21662 (Argo CD) is a brute-force protection bypass caused by a weak cache-based login attempt tracker. The vulnerability centers on a per-user login attempt cache capped at 1000 entries (defaultMaxCacheSize). An attacker can overload the cache with login attempts for many users, causing ...

CVE-2024-21661 Argo CD Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a critical flaw in the application to initiate a Denial of Service DoS attack, rendering the application inoperable and affecting all users. The issue...

CVE-2024-21661 Argo CD Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a critical flaw in the application to initiate a Denial of Service DoS attack, rendering the application inoperable and affecting all users. The issue...

CVE-2024-21661

CVE-2024-21661 affects Argo CD. A DoS can be triggered by unsafe concurrent modification of an array in a multi‑threaded environment, with authentication not required. The issue causes crashes when two threads access the same array, rendering the service unavailable for all users. Affected releas...

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

GHSA-G623-JCGG-MHMM Users with `create` but not `override` privileges can perform local sync

Impact "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it allows the user to bypass any merge protections in git. An improper...

Users with `create` but not `override` privileges can perform local sync

Impact "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it allows the user to bypass any merge protections in git. An improper...

BIT-ARGO-CD-2023-50726 Users with `create` but not `override` privileges can perform local sync in argo-cd

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it...

BIT-ARGO-CD-2024-28175 Cross-site scripting on application summary component in argo-cd

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Due to the improper URL protocols filtering of links specified in the link.argocd.argoproj.io annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions. All...

Cross site scripting

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Due to the improper URL protocols filtering of links specified in the link.argocd.argoproj.io annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions. All...

CVE-2023-50726

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it...

Input validation

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it...

CVE-2023-50726 Users with `create` but not `override` privileges can perform local sync in argo-cd

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it...

CVE-2023-50726

CVE-2023-50726 affects Argo CD’s Local Sync feature, which lets developers override an application's manifests with locally-defined ones. An improper validation bug allows users with create, but not override, privileges to sync local manifests during app creation, bypassing git/Helm/OCI source re...