Argo Cd Security Vulnerabilities and Issues — Argo Cd CVE List

Lucene search

ArgoprojArgo Cd

8 matches found

CVE•added 2023/09/07 11:15 p.m.•2513 views

CVE-2023-40029

Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored inkubectl.kubernetes.io/last-applied-configuration annotation. pull request #7139 introduced the ability t...

9.9CVSS9.2AI score0.00691EPSS

CVE•added 2023/01/26 9:18 p.m.•93 views

CVE-2023-22482

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions of Argo CD starting with v1.8.2 and prior to 2.3.13, 2.4.19, 2.5.6, and 2.6.0-rc-3 are vulnerable to an improper authorization bug causing the API to accept certain invalid tokens. OIDC providers include an aud (audi...

9CVSS8.6AI score0.00145EPSS

CVE•added 2023/02/16 6:15 p.m.•82 views

CVE-2023-23947

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All Argo CD versions starting with 2.3.0-rc1 and prior to 2.3.17, 2.4.23 2.5.11, and 2.6.2 are vulnerable to an improper authorization bug which allows users who have the ability to update at least one cluster secret to updat...

9.1CVSS8.9AI score0.00163EPSS

CVE•added 2023/01/26 9:18 p.m.•79 views

CVE-2023-22736

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions starting with 2.5.0-rc1 and above, prior to 2.5.8, and version 2.6.0-rc4, are vulnerable to an authorization bypass bug which allows a malicious Argo CD user to deploy Applications outside the configured allowed name...

8.5CVSS8.1AI score0.00025EPSS

CVE•added 2023/09/27 9:15 p.m.•76 views

CVE-2023-40026

Argo CD is a declarative continuous deployment framework for Kubernetes. In Argo CD versions prior to 2.3 (starting at least in v0.1.0, but likely in any version using Helm before 2.3), using a specifically-crafted Helm file could reference external Helm charts handled by the same repo-server to le...

5CVSS4.5AI score0.00214EPSS

CVE•added 2023/02/08 9:15 p.m.•68 views

CVE-2023-25163

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v2.6.0-rc1 have an output sanitization bug which leaks repository access credentials in error messages. These error messages are visible to the user, and they are logged. The error messag...

6.5CVSS6.6AI score0.00703EPSS

CVE•added 2023/08/23 8:15 p.m.•53 views

CVE-2023-40025

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting from version 2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The most straightforwa...

7.1CVSS5.6AI score0.00124EPSS

CVE•added 2023/09/07 11:15 p.m.•41 views

CVE-2023-40584

Argo CD is a declarative continuous deployment for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, the said component extracts a user-controlled tar.gz file without validating t...

6.5CVSS6.4AI score0.00183EPSS