Argo Cd@2.9.0 Security Vulnerabilities and Issues — Argo Cd@2.9.0 CVE List

Lucene search

ArgoprojArgo Cd2.9.0

10 matches found

CVE•added 2024/01/19 1:15 a.m.•384 views

CVE-2024-22424

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 are vulnerable to a cross-server request forgery (CSRF) attack when the attacker has the ability to write HTML to a page on the same parent domain as Argo C...

8.3CVSS8.1AI score0.00064EPSS

CVE•added 2024/03/18 6:15 p.m.•337 views

CVE-2024-21652

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a chain of vulnerabilities, including a Denial of Service (DoS) flaw and in-memory data storage weakness, to effectively bypass the application's brute forc...

9.8CVSS8.5AI score0.00066EPSS

CVE•added 2024/05/21 7:15 p.m.•331 views

CVE-2024-31989

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has been discovered that an unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Despite having installed the latest version of the VPC CNI plugin on the EKS cluster...

9CVSS8.9AI score0.06342EPSS

CVE•added 2024/04/15 8:15 p.m.•330 views

CVE-2024-31990

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces which allows attackers to use the UI to edit resources which should only be mutable via gitops. This vulenrability is fixed in 2.10.7, 2.9.12, and 2.8.16.

6.3CVSS6.3AI score0.00113EPSS

CVE•added 2024/03/13 9:16 p.m.•305 views

CVE-2024-28175

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Due to the improper URL protocols filtering of links specified in the link.argocd.argoproj.io annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions. All unpat...

9CVSS8.4AI score0.00476EPSS

CVE•added 2024/03/18 7:15 p.m.•292 views

CVE-2024-21662

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can effectively bypass the rate limit and brute force protections by exploiting the application's weak cache-based mechanism. This loophole in security can be combined ...

9.1CVSS7.9AI score0.00714EPSS

CVE•added 2024/05/14 3:36 p.m.•284 views

CVE-2024-32476

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. There is a Denial of Service (DoS) vulnerability via OOM using jq in ignoreDifferences. This vulnerability has been patched in version(s) 2.10.7, 2.9.12 and 2.8.16.

6.5CVSS6.5AI score0.00437EPSS

CVE•added 2024/03/29 3:15 p.m.•282 views

CVE-2024-29893

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, it's possible to crash the repo server component through an out of ...

6.5CVSS6.5AI score0.00606EPSS

CVE•added 2024/03/13 9:15 p.m.•265 views

CVE-2023-50726

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it all...

6.4CVSS6.6AI score0.00024EPSS

CVE•added 2024/03/18 7:15 p.m.•77 views

CVE-2024-21661

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a critical flaw in the application to initiate a Denial of Service (DoS) attack, rendering the application inoperable and affecting all users. The issue ari...

7.5CVSS7.2AI score0.02181EPSS