2 matches found
GHSA-WP4P-9PXH-CGX2 argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload
Summary Unpatched Argo CD versions are vulnerable to malicious API requests which can crash the API server and cause denial of service to legitimate clients. With the default configuration, no webhook.gogs.secret set, Argo CD’s /api/webhook endpoint will crash the entire argocd-server process whe...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to a missing check in the AuthRequestRepository, which is exploitable via the "select account" page. An attacker can determine whether specific userIDs exist by observing responses to...