Lucene search
K

120 matches found

NVD
NVD
added 2025/09/04 11:15 p.m.27 views

CVE-2025-55190

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive repository credentials usernames, passwor...

9.9CVSS0.04518EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/09/04 10:37 p.m.30 views

CVE-2025-55190 Argo CD: Project API Token Exposes Repository Credentials

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive repository credentials usernames, passwor...

9.9CVSS0.04518EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/09/04 10:37 p.m.2 views

CVE-2025-55190 Argo CD: Project API Token Exposes Repository Credentials

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive repository credentials usernames, passwor...

9.9CVSS5.9AI score0.04518EPSS
Exploits1References2
OSV
OSV
added 2025/09/04 10:37 p.m.4 views

CVE-2025-55190 Argo CD: Project API Token Exposes Repository Credentials

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive repository credentials usernames, passwor...

9.9CVSS6.7AI score0.04518EPSS
Exploits1References4
CVE
CVE
added 2025/09/04 10:37 p.m.533 views

CVE-2025-55190

Argo CD vulnerability CVE-2025-55190: In multiple releases of Argo CD, API tokens with project-level permissions can retrieve sensitive repository credentials via the project details API endpoint, even when tokens lack explicit access to secrets. The issue affects versions 2.13.0–2.13.8, 2.14.0–2...

9.9CVSS6.2AI score0.04518EPSS
In wildExploits1References2Affected Software1
OSV
OSV
added 2025/09/04 7:49 p.m.13 views

GHSA-786Q-9HCG-V9FF Argo CD's Project API Token Exposes Repository Credentials

Summary Argo CD API tokens with project-level permissions are able to retrieve sensitive repository credentials usernames, passwords through the project details API endpoint, even when the token only has standard application management permissions and no explicit access to secrets. Component:...

9.9CVSS6.7AI score0.04518EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/09/04 12:0 a.m.6 views

Argo CD 信息泄露漏洞

Argo CD is an Argo open source declarative GitOps continuous delivery tool for Kubernetes. An information disclosure vulnerability exists in Argo CD that stems from a project-level permission API token that can retrieve sensitive repository credentials. The following versions are affected: versio...

9.9CVSS6.3AI score0.04518EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/09/04 12:0 a.m.4 views

PT-2025-36094

Name of the Vulnerable Software and Affected Versions Argo CD versions 2.13.0 through 2.13.8 Argo CD versions 2.14.0 through 2.14.15 Argo CD versions 3.0.0 through 3.0.12 Argo CD version 3.1.0-rc1 through 3.1.1 Description Argo CD, a declarative GitOps continuous delivery tool for Kubernetes,...

9.9CVSS7.5AI score0.04518EPSS
Exploits1References387
BDU FSTEC
BDU FSTEC
added 2024/09/23 12:0 a.m.7 views

The vulnerability of the SDK plugin for Grafana’s monitoring and observation platform lies in the fact that authentication tokens are transmitted to certain target plugins. This allows a malicious actor to gain access to repository credentials.

The vulnerability of the SDK plugin for Grafana monitoring and observability lies in the fact that authentication tokens are transmitted to certain target plugins. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to repository credentials...

8.6CVSS5.9AI score0.00519EPSS
Exploits0References3Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 3:40 a.m.3 views

SUSE CVE-2021-32690

Helm is a tool for managing Charts packages of pre-configured Kubernetes resources. In versions of helm prior to 3.6.1, a vulnerability exists where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository. Thi...

8.6CVSS8.2AI score0.01395EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/02/08 10:37 p.m.43 views

Argo CD leaks repository credentials in user-facing error messages and in logs

Impact All versions of Argo CD starting with v2.6.0-rc1 have an output sanitization bug which leaks repository access credentials in error messages. These error messages are visible to the user, and they are logged. The error message is visible when a user attempts to create or update an...

6.5CVSS6.7AI score0.00843EPSS
Exploits0References7Affected Software1
CNVD
CNVD
added 2022/05/07 12:0 a.m.61 views

Rancher Labs Rancher Information Disclosure Vulnerability

Rancher Labs Rancher is an open source, enterprise-class container management platform from Rancher Labs, U.S. Rancher Labs Rancher is vulnerable to an information disclosure vulnerability that stems from exposing repository credentials to an external third-party source, which could be exploited ...

7.5CVSS1.7AI score0.00706EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/05/02 7:33 p.m.61 views

Exposure of repository credentials to external third-party sources in Rancher

Impact This issue only happens when the user configures access credentials to a private repository in Rancher inside Apps & Marketplace Repositories. It affects Rancher versions 2.5.0 up to and including 2.5.11 and from 2.6.0 up to and including 2.6.2. An insufficient check of the same-origin...

7.5CVSS7.3AI score0.00706EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2022/05/02 12:0 a.m.12 views

Rancher Labs Rancher 安全漏洞

Rancher Labs Rancher is an open source, enterprise-class container management platform from Rancher Labs, U.S. Rancher Labs Rancher is vulnerable to an information disclosure vulnerability that stems from exposing repository credentials to an external third-party source, which could be exploited ...

7.5CVSS7.2AI score0.00706EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2021/09/27 7:0 a.m.3 views

Repository credentials passed to alternate domain

...

8.6CVSS7.7AI score0.01395EPSS
Exploits0
OSV
OSV
added 2021/06/23 6:14 p.m.48 views

GHSA-7JR6-PRV4-5WF5 Duplicate Advisory: Helm passes repository credentials to alternate domain

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-56hp-xqp3-w2jf. This link is maintained to preserve external references. Original Description Helm is a tool for managing Charts packages of pre-configured Kubernetes resources. In versions of helm prior to 3.6....

6.8CVSS8.4AI score0.01395EPSS
Exploits0References7
OSV
OSV
added 2021/06/23 6:14 p.m.25 views

GHSA-56HP-XQP3-W2JF Helm passes repository credentials to alternate domain

While working on the Helm source, a Helm core maintainer discovered a situation where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository. Impact The index.yaml within a Helm chart repository contains a...

8.6CVSS8.6AI score0.01395EPSS
Exploits0References6
Cvelist
Cvelist
added 2021/06/16 10:10 p.m.34 views

CVE-2021-32690 Repository credentials passed to alternate domain

Helm is a tool for managing Charts packages of pre-configured Kubernetes resources. In versions of helm prior to 3.6.1, a vulnerability exists where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository. Thi...

6.8CVSS8.7AI score0.01395EPSS
Exploits0References2
NVD
NVD
added 2014/03/01 12:55 a.m.23 views

CVE-2011-3634

methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors...

2.6CVSS6.2AI score0.00799EPSS
Exploits0References4
Prion
Prion
added 2014/03/01 12:55 a.m.24 views

Design/Logic Flaw

methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors...

2.6CVSS6.7AI score0.00799EPSS
Exploits0References4Affected Software2
Rows per page
Query Builder