Argo Cd Security Vulnerabilities and Issues — Argo Cd CVE List

Lucene search

ArgoprojArgo Cd

9 matches found

CVE•added 2024/07/22 6:15 p.m.•256 views

CVE-2024-40634

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. This report details a security vulnerability in Argo CD, where an unauthenticated attacker can send a specially crafted large JSON payload to the /api/webhook endpoint, causing excessive memory allocation that leads to servic...

7.5CVSS7.5AI score0.00919EPSS

CVE•added 2022/03/23 9:15 p.m.•166 views

CVE-2022-24730

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.3.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal bug, compounded by an improper access control bug, allowing a malicious user with read-only repository access ...

7.7CVSS6.8AI score0.00265EPSS

CVE•added 2022/02/04 9:15 p.m.•135 views

CVE-2022-24348

Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file.

7.7CVSS7.3AI score0.07175EPSS

CVE•added 2024/06/06 4:15 p.m.•98 views

CVE-2024-37152

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern. This vulnerability is fixed in 2.11...

7.5CVSS6AI score0.64036EPSS

CVE•added 2024/03/18 7:15 p.m.•74 views

CVE-2024-21661

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a critical flaw in the application to initiate a Denial of Service (DoS) attack, rendering the application inoperable and affecting all users. The issue ari...

7.5CVSS7.2AI score0.01551EPSS

CVE•added 2023/08/23 8:15 p.m.•53 views

CVE-2023-40025

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting from version 2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The most straightforwa...

7.1CVSS5.6AI score0.00124EPSS

CVE•added 2020/04/08 8:15 p.m.•51 views

CVE-2020-8827

As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence.

7.5CVSS7.6AI score0.00714EPSS

CVE•added 2021/03/15 3:15 p.m.•37 views

CVE-2021-26923

An issue was discovered in Argo CD before 1.8.4. Accessing the endpoint /api/version leaks internal information for the system, and this endpoint is not protected with authentication.

7.5CVSS7.4AI score0.00341EPSS

CVE•added 2020/04/08 8:15 p.m.•32 views

CVE-2020-8826

As of v1.5.0, the Argo web interface authentication system issued immutable tokens. Authentication tokens, once issued, were usable forever without expiration—there was no refresh or forced re-authentication.

7.5CVSS7.7AI score0.00468EPSS