350 matches found
CVE-2022-24731 Path traversal allows leaking out-of-bound files from Argo CD repo-server
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.5.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal vulnerability, allowing a malicious user with read/write access to leak sensitive files from Argo CD's...
CVE-2022-24730 Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.3.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal bug, compounded by an improper access control bug, allowing a malicious user with read-only repository acces...
CVE-2022-24730
Summary of CVE-2022-24730 (Argo CD) : A path traversal combined with improper access control affects Argo CD versions before 2.1.11, 2.2.6, and 2.3.0. A user with read-only repository access and appropriate repository grant (e.g., get on a repo containing a Helm chart) can craft a request to /api...
Important: Red Hat Security Advisory: Red Hat OpenShift GitOps security update
An update for openshift-gitops-applicationset-container, openshift-gitops-container, openshift-gitops-kam-delivery-container, and openshift-gitops-operator-container is now available for Red Hat OpenShift GitOps 1.3 on OCP 4.7-4.9. GitOps v1.3.4 Red Hat Product Security has rated this update as...
Important: Red Hat Security Advisory: Red Hat OpenShift GitOps security update
An update for openshift-gitops-applicationset-container, openshift-gitops-container, openshift-gitops-kam-delivery-container, and openshift-gitops-operator-container is now available for Red Hat OpenShift GitOps 1.2. GitOps v1.2.2 Red Hat Product Security has rated this update as having a securit...
Important: Red Hat Security Advisory: Red Hat OpenShift GitOps security update
An update is now available for Red Hat OpenShift GitOps 1.4 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link...
Important: Red Hat Security Advisory: Red Hat OpenShift GitOps security update
An update is now available for Red Hat OpenShift GitOps 1.3 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link...
CVE-2022-24348
A flaw was found in GitOps. This flaw allows an attacker with permissions to create or update applications in ArgoCD to craft a malicious helm chart that contains symbolic links pointing to arbitrary paths outside the repository root folder, leading to a path traversal issue. This issue enables t...
Important: Red Hat Security Advisory: Red Hat OpenShift GitOps security update
An update is now available for Red Hat OpenShift GitOps 1.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...
Red Hat OpenShift GitOps 授权问题漏洞
Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying and running applications. Red Hat OpenShift GitOps suffers from an authorization issue vulnerability that stems from argocd: ServiceAccount argocd-argocd-server...