350 matches found
hays-london-azure-platform-2-poc
Hays London Azure Platform Engineer POC — AKS Operations & Pla...
Improper Authorization
github.com/redhat-developer/gitops-operator is vulnerable to improper authorization. The vulnerability is due to insufficient validation of ArgoCD Custom Resources created by namespace administrators, which allows an authenticated attacker to escalate privileges across namespaces and deploy...
Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.19.2 security update
Important: Red Hat OpenShift GitOps v1.19.2 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-8874 CVE-2025-13465 openshift-gitops-1/console-plugin-rhel8: prototype pollution in .unset and .omit functions gitops-1.19 GITOPS-8993...
Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.18.4 security update
Important: Red Hat OpenShift GitOps v1.18.4 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-8439 CVE-2025-12816 openshift-gitops-1/console-plugin-rhel8: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic...
Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.17.5 security update
Important: Red Hat OpenShift GitOps v1.17.5 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-8438 CVE-2025-12816 openshift-gitops-1/console-plugin-rhel8: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic...
Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.19.1 security update
Important: Red Hat OpenShift GitOps v1.19.1 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-8080 CVE-2025-58183 openshift-gitops-1/argocd-rhel8: Unbounded allocation when parsing GNU sparse map gitops-1.19 GITOPS-8083 CVE-2025-58183...
Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.17.4 security update
Important: Red Hat OpenShift GitOps v1.17.4 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-8231 CVE-2025-47913 openshift-gitops-1/argocd-agent-rhel8: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSHAGENTSUCCESS...
Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.18.3 security update
Important: Red Hat OpenShift GitOps v1.18.3 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-8239 CVE-2025-47913 openshift-gitops-1/gitops-rhel8: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSHAGENTSUCCESS gitops-1.1...
CVE-2022-38790
Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting XSS bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim's permission. The exposure appears in Weave GitOps Enterprise UI via a GitopsCluste...
CVE-2022-35976
The GitOps Tools Extension for VSCode relies on kubeconfigs in order to communicate with Kubernetes clusters. A specially crafted kubeconfig leads to arbitrary code execution on behalf of the user running VSCode. Users relying on kubeconfigs that are generated or altered by other processes or use...
CVE-2022-23509
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps...
CVE-2022-31098
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of...
CVE-2022-35975
The GitOps Tools Extension for VSCode can make it easier to manage Flux objects. A specially crafted Flux object may allow for remote code execution in the machine running the extension, in the context of the user that is running VSCode. Users using the VSCode extension to manage clusters that ar...
SUSE CVE-2025-13888
A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources CRs that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged...
GO-2025-4242 OpenShift GitOps authenticated attackers can obtain cluster root access through forged ArgoCD custom resources in github.com/redhat-developer/gitops-operator
OpenShift GitOps authenticated attackers can obtain cluster root access through forged ArgoCD custom resources in github.com/redhat-developer/gitops-operator...
EUVD-2025-203383
A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources CRs that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged...
OpenShift GitOps authenticated attackers can obtain cluster root access through forged ArgoCD custom resources
A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources CRs that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged...
GHSA-PCQX-8QWW-7F4V OpenShift GitOps authenticated attackers can obtain cluster root access through forged ArgoCD custom resources
A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources CRs that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged...
CVE-2025-13888
A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources CRs that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged...
CVE-2025-13888
A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources CRs that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged...