EUVD-2023-2501

Malicious code in bioql PyPI...

EUVD-2024-0949

Malicious code in bioql PyPI...

GO-2022-0453 Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd...

GO-2022-0358 Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd...

GO-2022-0357 Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd...

GO-2023-2085 Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd...

GO-2023-2050 Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd...

argo-cd: uncontrolled memory allocation vulnerability

The ArgoCD repo-server component is vulnerable to a denial of service attack, where it is possible to crash the repo server component through an out-of-memory error by pointing it to a malicious Helm registry. The loadRepoIndex function in the ArgoCD's helm package does not limit the size or time...

GHSA-JHWX-MHWW-RGC3 ArgoCD's repo server has Uncontrolled Resource Consumption vulnerability

Impact All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, it's possible to crash the repo server component through an out of memory error by pointing it to a malicious Helm registry. The...

CVE-2024-29893

The ArgoCD repo-server component is vulnerable to a denial of service attack, where it is possible to crash the repo server component through an out-of-memory error by pointing it to a malicious Helm registry. The loadRepoIndex function in the ArgoCD's helm package does not limit the size or time...

Path Traversal

github.com/argoproj/argo-cd/v2 is vulnerable to Path Traversal. The vulnerability is caused by a missing validation check in the repo server API that prevents file traversal attacks. This can lead to an attacker leaking values or files from the referenced Helm Chart by using a using a...

CVE-2023-40026

A flaw was found in Argo CD. For any version using Helm, using a specially crafted Helm file could reference external Helm charts handled by the same repo-server to leak values or files from the referenced Helm Chart. This issue is possible because the Helm paths were predictable. Mitigation...

CVE-2023-40026 Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server

Argo CD is a declarative continuous deployment framework for Kubernetes. In Argo CD versions prior to 2.3 starting at least in v0.1.0, but likely in any version using Helm before 2.3, using a specifically-crafted Helm file could reference external Helm charts handled by the same repo-server to le...

GHSA-6JQW-JWF5-RP8H Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server

Impact In Argo CD versions prior to 2.3 starting at least in v0.1.0, but likely in any version using Helm before 2.3, using a specifically-crafted Helm file could reference external Helm charts handled by the same repo-server to leak values, or files from the referenced Helm Chart. This was...

PT-2023-27220 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions prior to 2.3 Description: Argo CD is a declarative continuous deployment framework for Kubernetes. The issue allows an attacker to reference external Helm charts handled by the same repo-server to leak values or files from th...

Argo CD repo-server Denial of Service vulnerability

Impact All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, the said component extracts a user-controlled tar.gz file without validating the size of its inner files. As a result, a malicious,...

CVE-2023-40584

Argo CD is a declarative continuous deployment for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, the said component extracts a user-controlled tar.gz file without validating...

CVE-2023-40584 Denial of Service to Argo CD repo-server

Argo CD is a declarative continuous deployment for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, the said component extracts a user-controlled tar.gz file without validating...

PT-2023-5115 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions 2.4 through 2.6.14 Argo CD versions 2.7 through 2.7.13 Argo CD versions 2.8 through 2.8.2 Description: The Argo CD repo-server component is vulnerable to a Denial-of-Service attack vector. This vulnerability occurs because th...

CVE-2022-31036 Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.3.0 are vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A malicious Argo CD user...