Argo Cd@2.6.0 Security Vulnerabilities and Issues — Argo Cd@2.6.0 CVE List

Lucene search

ArgoprojArgo Cd2.6.0

3 matches found

CVE•added 2023/01/26 9:18 p.m.•93 views

CVE-2023-22482

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions of Argo CD starting with v1.8.2 and prior to 2.3.13, 2.4.19, 2.5.6, and 2.6.0-rc-3 are vulnerable to an improper authorization bug causing the API to accept certain invalid tokens. OIDC providers include an aud (audi...

9CVSS8.6AI score0.00249EPSS

CVE•added 2023/01/26 9:18 p.m.•79 views

CVE-2023-22736

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions starting with 2.5.0-rc1 and above, prior to 2.5.8, and version 2.6.0-rc4, are vulnerable to an authorization bypass bug which allows a malicious Argo CD user to deploy Applications outside the configured allowed name...

8.5CVSS8.1AI score0.00028EPSS

CVE•added 2023/02/08 9:15 p.m.•68 views

CVE-2023-25163

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v2.6.0-rc1 have an output sanitization bug which leaks repository access credentials in error messages. These error messages are visible to the user, and they are logged. The error messag...

6.5CVSS6.6AI score0.00703EPSS