Argo Cd@* Security Vulnerabilities and Issues — Argo Cd@* CVE List

Lucene search

ArgoprojArgo Cd*

14 matches found

CVE•added 2024/01/19 1:15 a.m.•325 views

CVE-2024-22424

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 are vulnerable to a cross-server request forgery (CSRF) attack when the attacker has the ability to write HTML to a page on the same parent domain as Argo C...

8.3CVSS8.1AI score0.00064EPSS

CVE•added 2024/03/18 6:15 p.m.•279 views

CVE-2024-21652

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a chain of vulnerabilities, including a Denial of Service (DoS) flaw and in-memory data storage weakness, to effectively bypass the application's brute forc...

9.8CVSS8.5AI score0.00063EPSS

CVE•added 2024/05/21 7:15 p.m.•271 views

CVE-2024-31989

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has been discovered that an unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Despite having installed the latest version of the VPC CNI plugin on the EKS cluster...

9CVSS8.9AI score0.06184EPSS

CVE•added 2024/04/15 8:15 p.m.•271 views

CVE-2024-31990

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces which allows attackers to use the UI to edit resources which should only be mutable via gitops. This vulenrability is fixed in 2.10.7, 2.9.12, and 2.8.16.

6.3CVSS6.3AI score0.00113EPSS

CVE•added 2024/07/22 6:15 p.m.•255 views

CVE-2024-40634

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. This report details a security vulnerability in Argo CD, where an unauthenticated attacker can send a specially crafted large JSON payload to the /api/webhook endpoint, causing excessive memory allocation that leads to servic...

7.5CVSS7.5AI score0.00919EPSS

CVE•added 2024/03/13 9:16 p.m.•248 views

CVE-2024-28175

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Due to the improper URL protocols filtering of links specified in the link.argocd.argoproj.io annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions. All unpat...

9CVSS8.4AI score0.00351EPSS

CVE•added 2024/03/18 7:15 p.m.•235 views

CVE-2024-21662

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can effectively bypass the rate limit and brute force protections by exploiting the application's weak cache-based mechanism. This loophole in security can be combined ...

9.1CVSS7.9AI score0.00714EPSS

CVE•added 2024/05/14 3:36 p.m.•226 views

CVE-2024-32476

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. There is a Denial of Service (DoS) vulnerability via OOM using jq in ignoreDifferences. This vulnerability has been patched in version(s) 2.10.7, 2.9.12 and 2.8.16.

6.5CVSS6.5AI score0.00437EPSS

CVE•added 2024/03/29 3:15 p.m.•223 views

CVE-2024-29893

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, it's possible to crash the repo server component through an out of ...

6.5CVSS6.5AI score0.00606EPSS

CVE•added 2024/07/24 6:15 p.m.•223 views

CVE-2024-41666

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD has a Web-based terminal that allows users to get a shell inside a running pod, just as they would with kubectl exec. Starting in version 2.6.0, when the administrator enables this function and grants permission to th...

6.5CVSS4.6AI score0.00048EPSS

CVE•added 2024/03/13 9:15 p.m.•208 views

CVE-2023-50726

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it all...

6.4CVSS6.6AI score0.00024EPSS

CVE•added 2024/06/06 4:15 p.m.•98 views

CVE-2024-37152

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern. This vulnerability is fixed in 2.11...

7.5CVSS6AI score0.64036EPSS

CVE•added 2024/03/18 7:15 p.m.•74 views

CVE-2024-21661

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a critical flaw in the application to initiate a Denial of Service (DoS) attack, rendering the application inoperable and affecting all users. The issue ari...

7.5CVSS7.2AI score0.01551EPSS

CVE•added 2024/06/06 3:15 p.m.•44 views

CVE-2024-36106

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It’s possible for authenticated users to enumerate clusters by name by inspecting error messages. It’s also possible to enumerate the names of projects with project-scoped clusters if you know the names of the clusters. This ...

4.3CVSS4.2AI score0.00472EPSS