CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

350 matches found

Wiz blog•added 2023/02/28 4:34 p.m.•8 views

Enhanced policy management with GitOps and Terraform

Wiz announces new GitOps workflows and Terraform provider, enabling customers to manage policies as code...

6.9AI score

Exploits0

RedHat Linux•added 2023/02/17 4:12 a.m.•41 views

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...

9.1CVSS6.6AI score0.02229EPSS

Exploits1References4

RedHat Linux•added 2023/02/17 3:46 a.m.•35 views

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...

9.1CVSS6.6AI score0.02229EPSS

Exploits1References4

RedHat Linux•added 2023/02/17 3:32 a.m.•36 views

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...

9.1CVSS6.6AI score0.02229EPSS

Exploits1References4

CVE•added 2023/02/16 5:39 p.m.•99 views

CVE-2023-23947

Argo CD suffers an improper authorization vulnerability (CVE-2023-23947) affecting versions starting with 2.3.0-rc1 up to before 2.3.17, and including 2.4.23, 2.5.11, and 2.6.2. An attacker who can update at least one cluster secret can update any cluster secret, enabling privilege escalation or ...

9.1CVSS8.9AI score0.00354EPSS

Exploits0References2Affected Software1

CNNVD•added 2023/02/16 12:0 a.m.•1 views

ArgoCD 安全漏洞

ArgoCD is a software application. A declarative GitOps continuous delivery tool for Kubernetes. It continuously monitors running applications and compares the current live state with the desired target state e.g., configuration in a Git repository, automatically synchronizing and deploying...

9.1CVSS8.2AI score0.00354EPSS

Exploits0References5

NVD•added 2023/02/08 9:15 p.m.•17 views

CVE-2023-25163

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v2.6.0-rc1 have an output sanitization bug which leaks repository access credentials in error messages. These error messages are visible to the user, and they are logged. The error...

6.5CVSS6.3AI score0.00121EPSS

Exploits0References4

Cvelist•added 2023/02/08 8:44 p.m.•21 views

CVE-2023-25163 Argo CD leaks repository credentials in user-facing error messages and in logs

6.3CVSS6.7AI score0.00121EPSS

Exploits0References4

CVE•added 2023/02/08 8:44 p.m.•78 views

CVE-2023-25163

CVE-2023-25163 affects Argo CD (kubernetes GitOps tool). All versions starting with v2.6.0-rc1 have an output sanitization bug that leaks repository access credentials in error messages, which are visible to users and logged. The vulnerability can be triggered when creating/updating an Applicatio...

6.5CVSS6.6AI score0.00121EPSS

Exploits0References4Affected Software1

NVD•added 2023/01/26 9:18 p.m.•16 views

CVE-2023-22482

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions of Argo CD starting with v1.8.2 and prior to 2.3.13, 2.4.19, 2.5.6, and 2.6.0-rc-3 are vulnerable to an improper authorization bug causing the API to accept certain invalid tokens. OIDC providers include an aud...

9CVSS9.1AI score0.00405EPSS

Exploits0References1

Prion•added 2023/01/26 9:18 p.m.•23 views

Authorization

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions starting with 2.5.0-rc1 and above, prior to 2.5.8, and version 2.6.0-rc4, are vulnerable to an authorization bypass bug which allows a malicious Argo CD user to deploy Applications outside the configured allowed...

4.6CVSS8.1AI score0.00134EPSS

Exploits0References1Affected Software1

CVE•added 2023/01/26 3:35 a.m.•89 views

CVE-2023-22736

CVE-2023-22736 affects Argo CD (GitOps for Kubernetes). Vulnerable when using versions starting with 2.5.0-rc1 and above, prior to 2.5.8, and 2.6.0-rc4, with the apps-in-any-namespace feature enabled and sharding turned up (replicas increased) for the Application controller. The bug yields an aut...

8.5CVSS8.1AI score0.00134EPSS

Exploits0References1Affected Software1

RedHat Linux•added 2023/01/25 8:48 p.m.•52 views

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.5.9 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

9CVSS7.3AI score0.00405EPSS

Exploits0References3

RedHat Linux•added 2023/01/25 8:31 p.m.•38 views

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

9CVSS7.3AI score0.00405EPSS

Exploits0References4

RedHat Linux•added 2023/01/25 8:28 p.m.•54 views

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.6.4 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

9CVSS7.3AI score0.00405EPSS

Exploits0References3

RedhatCVE•added 2023/01/25 7:5 p.m.•46 views

CVE-2023-22482

A flaw was found in ArgoCD. GitOps is vulnerable to an improper authorization bug where the API may accept invalid tokens. ID providers include an audience claim in signed tokens, which may be used to restrict which services can accept the token. ArgoCD doesn't properly validate the audience clai...

8.8CVSS8.6AI score0.00405EPSS

Exploits0References4

RedhatCVE•added 2023/01/25 7:5 p.m.•25 views

CVE-2023-22736

A flaw was found in Red Hat GitOps, which is vulnerable to an authorization bypass in ArgoCD. This flaw allows users to deploy applications outside the allowed namespaces. The issue happens due to a logic error when interpreting the comma-separated namespaces list. To complete the attack, the...

8.5CVSS8AI score0.00134EPSS

Exploits0References4

CVE•added 2023/01/25 6:25 p.m.•107 views

CVE-2023-22482

Argo CD is affected by CVE-2023-22482: an improper authorization issue caused by failure to validate the audience (aud) claim in OIDC-signed tokens. Affected versions are Argo CD v1.8.2 and later until just before patches: 2.3.13, 2.4.19, 2.5.6, and 2.6.0-rc-3. The root cause is that Argo CD veri...

9CVSS8.6AI score0.00405EPSS

Exploits0References1Affected Software1

Veracode•added 2023/01/19 9:52 a.m.•17 views

Information Disclosure

github.com/weaveworks/weave-gitops is vulnerable to Information Disclosure. The vulnerability exists due to missing encryption of data in gitops run which allows an attacker to gain access to sensitive data...

7.3CVSS6AI score0.00033EPSS

Exploits0References7Affected Software1

Veracode•added 2023/01/12 5:46 a.m.•47 views

Workload Injection

github.com/weaveworks/weave-gitops is vulnerable to workload injection. The library uses an S3 bucket for synchronising files, with no security controls to block unauthorised access in its endpoint, which allows local users on the same machine to see and alter the bucket content...

8.8CVSS6.6AI score0.00052EPSS

Exploits0References8Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by