Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
ArgoprojArgo Cd

15 matches found

CVE
CVEadded 2022/07/12 10:15 p.m.498 views

CVE-2022-31102

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with 2.3.0 and prior to 2.3.6 and 2.4.5 is vulnerable to a cross-site scripting (XSS) bug which could allow an attacker to inject arbitrary JavaScript in the /auth/callback page in a victim's browser. This vu...

6.1CVSS5AI score0.00337EPSS
CVE
CVEadded 2024/04/15 8:15 p.m.272 views

CVE-2024-31990

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces which allows attackers to use the UI to edit resources which should only be mutable via gitops. This vulenrability is fixed in 2.10.7, 2.9.12, and 2.8.16.

6.3CVSS6.3AI score0.00113EPSS
CVE
CVEadded 2024/05/14 3:36 p.m.227 views

CVE-2024-32476

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. There is a Denial of Service (DoS) vulnerability via OOM using jq in ignoreDifferences. This vulnerability has been patched in version(s) 2.10.7, 2.9.12 and 2.8.16.

6.5CVSS6.5AI score0.00437EPSS
CVE
CVEadded 2024/03/29 3:15 p.m.224 views

CVE-2024-29893

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, it's possible to crash the repo server component through an out of ...

6.5CVSS6.5AI score0.00606EPSS
CVE
CVEadded 2024/07/24 6:15 p.m.224 views

CVE-2024-41666

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD has a Web-based terminal that allows users to get a shell inside a running pod, just as they would with kubectl exec. Starting in version 2.6.0, when the administrator enables this function and grants permission to th...

6.5CVSS4.6AI score0.00048EPSS
CVE
CVEadded 2025/01/30 4:15 p.m.223 views

CVE-2025-23216

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository. The vulnerability assumes the user has write ac...

6.8CVSS6.4AI score0.00057EPSS
CVE
CVEadded 2024/03/13 9:15 p.m.209 views

CVE-2023-50726

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it all...

6.4CVSS6.6AI score0.00024EPSS
CVE
CVEadded 2022/03/23 9:15 p.m.161 views

CVE-2022-24731

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.5.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal vulnerability, allowing a malicious user with read/write access to leak sensitive files from Argo CD's repo-se...

6.8CVSS5.3AI score0.00275EPSS
CVE
CVEadded 2022/06/25 8:15 a.m.102 views

CVE-2022-31016

Argo CD is a declarative continuous deployment for Kubernetes. Argo CD versions v0.7.0 and later are vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service, resulting in a Denial of Service. The attacker must be an authenticated ...

6.5CVSS6.4AI score0.00301EPSS
CVE
CVEadded 2023/02/08 9:15 p.m.68 views

CVE-2023-25163

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v2.6.0-rc1 have an output sanitization bug which leaks repository access credentials in error messages. These error messages are visible to the user, and they are logged. The error messag...

6.5CVSS6.6AI score0.00703EPSS
CVE
CVEadded 2022/02/16 5:15 p.m.61 views

CVE-2021-3557

A flaw was found in argocd. Any unprivileged user is able to deploy argocd in their namespace and with the created ServiceAccount argocd-argocd-server, the unprivileged user is able to read all resources of the cluster including all secrets which might enable privilege escalations. The highest thre...

6.5CVSS6.3AI score0.00173EPSS
CVE
CVEadded 2021/02/09 3:15 p.m.45 views

CVE-2021-26921

In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled.

6.5CVSS6.3AI score0.00242EPSS
CVE
CVEadded 2020/04/09 5:15 p.m.43 views

CVE-2018-21034

In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were stored within git.

6.5CVSS6.2AI score0.00884EPSS
CVE
CVEadded 2021/03/15 3:15 p.m.43 views

CVE-2021-26924

An issue was discovered in Argo CD before 1.8.4. Browser XSS protection is not activated due to the missing XSS protection header.

6.1CVSS5.9AI score0.0024EPSS
CVE
CVEadded 2023/09/07 11:15 p.m.41 views

CVE-2023-40584

Argo CD is a declarative continuous deployment for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, the said component extracts a user-controlled tar.gz file without validating t...

6.5CVSS6.4AI score0.00391EPSS