Lucene search

K

15 matches found

CVE
CVE
added 2024/03/18 6:15 p.m.344 views

CVE-2024-21652

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a chain of vulnerabilities, including a Denial of Service (DoS) flaw and in-memory data storage weakness, to effectively bypass the application's brute forc...

9.8CVSS8.5AI score0.00066EPSS
CVE
CVE
added 2024/05/21 7:15 p.m.338 views

CVE-2024-31989

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has been discovered that an unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Despite having installed the latest version of the VPC CNI plugin on the EKS cluster...

9CVSS8.9AI score0.06184EPSS
CVE
CVE
added 2024/03/18 7:15 p.m.299 views

CVE-2024-21662

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can effectively bypass the rate limit and brute force protections by exploiting the application's weak cache-based mechanism. This loophole in security can be combined ...

9.1CVSS7.9AI score0.00714EPSS
CVE
CVE
added 2025/01/30 4:15 p.m.289 views

CVE-2025-23216

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository. The vulnerability assumes the user has write ac...

6.8CVSS6.4AI score0.00072EPSS
CVE
CVE
added 2022/02/04 9:15 p.m.141 views

CVE-2022-24348

Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file.

7.7CVSS7.3AI score0.03447EPSS
CVE
CVE
added 2024/03/18 7:15 p.m.80 views

CVE-2024-21661

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a critical flaw in the application to initiate a Denial of Service (DoS) attack, rendering the application inoperable and affecting all users. The issue ari...

7.5CVSS7.2AI score0.02181EPSS
CVE
CVE
added 2023/09/27 9:15 p.m.78 views

CVE-2023-40026

Argo CD is a declarative continuous deployment framework for Kubernetes. In Argo CD versions prior to 2.3 (starting at least in v0.1.0, but likely in any version using Helm before 2.3), using a specifically-crafted Helm file could reference external Helm charts handled by the same repo-server to le...

5CVSS4.5AI score0.00214EPSS
CVE
CVE
added 2022/02/16 5:15 p.m.64 views

CVE-2021-3557

A flaw was found in argocd. Any unprivileged user is able to deploy argocd in their namespace and with the created ServiceAccount argocd-argocd-server, the unprivileged user is able to read all resources of the cluster including all secrets which might enable privilege escalations. The highest thre...

6.5CVSS6.3AI score0.00182EPSS
CVE
CVE
added 2020/04/08 8:15 p.m.53 views

CVE-2020-8827

As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence.

7.5CVSS7.6AI score0.00714EPSS
CVE
CVE
added 2020/04/08 8:15 p.m.53 views

CVE-2020-8828

As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or logs, this issue could be abused for privilege escalation, as Argo has privileged roles. A malicious insider is the most realistic threat, but pod names are not meant to be kept...

8.8CVSS8.6AI score0.00429EPSS
CVE
CVE
added 2021/02/09 3:15 p.m.46 views

CVE-2021-26921

In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled.

6.5CVSS6.3AI score0.00242EPSS
CVE
CVE
added 2021/03/03 10:15 a.m.45 views

CVE-2021-23347

The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting (XSS) the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user.

4.8CVSS4.5AI score0.00323EPSS
CVE
CVE
added 2021/03/15 3:15 p.m.45 views

CVE-2021-26924

An issue was discovered in Argo CD before 1.8.4. Browser XSS protection is not activated due to the missing XSS protection header.

6.1CVSS5.9AI score0.0024EPSS
CVE
CVE
added 2024/06/06 3:15 p.m.45 views

CVE-2024-36106

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It’s possible for authenticated users to enumerate clusters by name by inspecting error messages. It’s also possible to enumerate the names of projects with project-scoped clusters if you know the names of the clusters. This ...

4.3CVSS4.2AI score0.00472EPSS
CVE
CVE
added 2021/03/15 3:15 p.m.38 views

CVE-2021-26923

An issue was discovered in Argo CD before 1.8.4. Accessing the endpoint /api/version leaks internal information for the system, and this endpoint is not protected with authentication.

7.5CVSS7.4AI score0.00544EPSS