8 matches found
SUSE CVE-2026-24748
Kargo manages and automates the promotion of software artifacts. Prior to versions 1.8.7, 1.7.7, and 1.6.3, a bug was found with authentication checks on the GetConfig API endpoint. This allowed unauthenticated users to access this endpoint by specifying an Authorization header with any non-empty...
CVE-2026-24748
Kargo manages and automates the promotion of software artifacts. Prior to versions 1.8.7, 1.7.7, and 1.6.3, a bug was found with authentication checks on the GetConfig API endpoint. This allowed unauthenticated users to access this endpoint by specifying an Authorization header with any non-empty...
Kargo's `GetConfig()` and `RefreshResource()` API endpoints allow unauthenticated access
Impact A bug was found with authentication checks on the GetConfig API endpoint. This allowed unauthenticated users to access this endpoint by specifying an Authorization header with any non-empty Bearer token value, regardless of validity. This vulnerability did allow for exfiltration of...
GHSA-W5WV-WVRP-V5M5 Kargo's `GetConfig()` and `RefreshResource()` API endpoints allow unauthenticated access
Impact A bug was found with authentication checks on the GetConfig API endpoint. This allowed unauthenticated users to access this endpoint by specifying an Authorization header with any non-empty Bearer token value, regardless of validity. This vulnerability did allow for exfiltration of...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the GetConfig and RefreshResource API endpoints. An attacker can access sensitive configuration data or trigger excessive reconciliations by sending requests with any non-empty Bearer token in the Authorizati...
CVE-2026-24748 Kargo's `GetConfig()` and `RefreshResource()` API endpoints allow unauthenticated access
Kargo manages and automates the promotion of software artifacts. Prior to versions 1.8.7, 1.7.7, and 1.6.3, a bug was found with authentication checks on the GetConfig API endpoint. This allowed unauthenticated users to access this endpoint by specifying an Authorization header with any non-empty...
CVE-2026-24748 Kargo's `GetConfig()` and `RefreshResource()` API endpoints allow unauthenticated access
Kargo manages and automates the promotion of software artifacts. Prior to versions 1.8.7, 1.7.7, and 1.6.3, a bug was found with authentication checks on the GetConfig API endpoint. This allowed unauthenticated users to access this endpoint by specifying an Authorization header with any non-empty...
PT-2026-5025
Name of the Vulnerable Software and Affected Versions Kargo versions prior to 1.8.7 Kargo versions prior to 1.7.7 Kargo versions prior to 1.6.3 Description Kargo is a tool for managing and automating the promotion of software artifacts. A flaw in authentication checks on the GetConfig API endpoin...