Argo Cd Security Vulnerabilities and Issues — Argo Cd CVE List

Lucene search

ArgoprojArgo Cd

15 matches found

CVE•added 2022/07/12 10:15 p.m.•694 views

CVE-2022-31105

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.4.0 and prior to 2.2.11, 2.3.6, and 2.4.5 is vulnerable to an improper certificate validation bug which could cause Argo CD to trust a malicious (or otherwise untrustworthy) OpenID Connect (OID...

9.6CVSS8.6AI score0.00241EPSS

CVE•added 2022/05/20 3:15 p.m.•664 views

CVE-2022-29165

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2.3.4 which would allow unauthenticated users to impersonate as any Argo CD user or role, including ...

10CVSS9.7AI score0.00176EPSS

CVE•added 2022/06/27 7:15 p.m.•562 views

CVE-2022-31034

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in paramet...

8.3CVSS8.2AI score0.00397EPSS

CVE•added 2022/06/27 7:15 p.m.•558 views

CVE-2022-31035

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the...

9CVSS5.8AI score0.00654EPSS

CVE•added 2022/07/12 10:15 p.m.•500 views

CVE-2022-31102

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with 2.3.0 and prior to 2.3.6 and 2.4.5 is vulnerable to a cross-site scripting (XSS) bug which could allow an attacker to inject arbitrary JavaScript in the /auth/callback page in a victim's browser. This vu...

6.1CVSS5AI score0.00337EPSS

CVE•added 2022/07/12 9:15 p.m.•253 views

CVE-2022-1025

All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level.

9CVSS8.6AI score0.00304EPSS

CVE•added 2022/03/23 9:15 p.m.•170 views

CVE-2022-24730

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.3.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal bug, compounded by an improper access control bug, allowing a malicious user with read-only repository access ...

7.7CVSS6.8AI score0.0028EPSS

Web

CVE•added 2022/03/23 9:15 p.m.•165 views

CVE-2022-24731

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.5.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal vulnerability, allowing a malicious user with read/write access to leak sensitive files from Argo CD's repo-se...

6.8CVSS5.3AI score0.0029EPSS

CVE•added 2022/02/04 9:15 p.m.•140 views

CVE-2022-24348

Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file.

7.7CVSS7.3AI score0.03447EPSS

CVE•added 2022/05/20 2:15 p.m.•127 views

CVE-2022-24904

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.7.0 and prior to versions 2.1.15m 2.2.9, and 2.3.4 is vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive files from Argo CD's repo-se...

4.3CVSS4.8AI score0.0031EPSS

CVE•added 2022/06/27 8:15 p.m.•121 views

CVE-2022-31036

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.3.0 are vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A malicious Argo CD user w...

4.3CVSS4.7AI score0.00248EPSS

CVE•added 2022/03/23 10:15 p.m.•109 views

CVE-2022-24768

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All unpatched versions of Argo CD starting with 1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level. Versions starting with 0.8.0 and 0.5.0...

9.9CVSS8.7AI score0.00396EPSS

CVE•added 2022/05/20 2:15 p.m.•106 views

CVE-2022-24905

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was found in Argo CD prior to versions 2.3.4, 2.2.9, and 2.1.15 that allows an attacker to spoof error messages on the login screen when single sign on (SSO) is enabled. In order to exploit this vulnerability,...

4.3CVSS4.5AI score0.00392EPSS

CVE•added 2022/06/25 8:15 a.m.•106 views

CVE-2022-31016

Argo CD is a declarative continuous deployment for Kubernetes. Argo CD versions v0.7.0 and later are vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service, resulting in a Denial of Service. The attacker must be an authenticated ...

6.5CVSS6.4AI score0.0039EPSS

CVE•added 2022/02/16 5:15 p.m.•64 views

CVE-2021-3557

A flaw was found in argocd. Any unprivileged user is able to deploy argocd in their namespace and with the created ServiceAccount argocd-argocd-server, the unprivileged user is able to read all resources of the cluster including all secrets which might enable privilege escalations. The highest thre...

6.5CVSS6.3AI score0.00182EPSS