Malicious code in process-fornax-local-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f3220f679eb62fd137d7337ff1fea5b4a82a683412b487acdc28e5e9e26e04b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-123371

Malicious code in process-fornax-local-sync npm...

EUVD-2024-0926

Malicious code in bioql PyPI...

Important: Red Hat Security Advisory: GitOps 1.12.1- Argo CD CLI and MicroShift GitOps security update

An update is now available for Red Hat OpenShift GitOps v1.12.1 for Argo CD CLI and MicroShift GitOps. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.10.4 security update

An update is now available for Red Hat OpenShift GitOps v1.10.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.11.3 security update

An update is now available for Red Hat OpenShift GitOps v1.11.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

GHSA-G623-JCGG-MHMM Users with `create` but not `override` privileges can perform local sync

Impact "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it allows the user to bypass any merge protections in git. An improper...

Users with `create` but not `override` privileges can perform local sync

Impact "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it allows the user to bypass any merge protections in git. An improper...

BIT-ARGO-CD-2023-50726 Users with `create` but not `override` privileges can perform local sync in argo-cd

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it...

Input validation

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it...

CVE-2023-50726 Users with `create` but not `override` privileges can perform local sync in argo-cd

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it...

CVE-2023-50726

CVE-2023-50726 affects Argo CD’s Local Sync feature, which lets developers override an application's manifests with locally-defined ones. An improper validation bug allows users with create, but not override, privileges to sync local manifests during app creation, bypassing git/Helm/OCI source re...

CVE-2023-50726 Users with `create` but not `override` privileges can perform local sync in argo-cd

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it...

Argo CD Security Vulnerability

Argo CD is a software application. A declarative GitOps continuous delivery tool for Kubernetes. It continuously monitors running applications and compares the current live state with the desired target state e.g., configuration in a Git repository, automatically synchronizing and deploying...

PT-2024-2562 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions 1.2.0-rc1 through 2.10.2 Argo CD versions 1.2.0-rc1 through 2.9.7 Argo CD versions 1.2.0-rc1 through 2.8.11 Description: The issue is related to improper validation in Argo CD, a declarative, GitOps continuous delivery tool f...