Argo-cd Security Vulnerabilities and Issues — Argo-cd CVE List

LinuxfoundationArgo-cd

3 matches found

CVE•added 2022/07/12 10:5 p.m.•714 views

CVE-2022-31105

Argo CD versions 0.4.0–2.2.11, 2.3.6–2.4.5 are affected by an improper certificate validation when connecting to OIDC providers, risking trust in a malicious provider. Patches were released in 2.2.11, 2.3.6, and 2.4.5. Upgrading to these patched releases (or newer) is the recommended fix. A parti...

9.6CVSS8.6AI score0.00635EPSS

CVE•added 2024/01/19 12:25 a.m.•412 views

CVE-2024-22424

CVE-2024-22424 affects Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 (and related 2.7.16 per some advisories). The root cause is failure to validate that requests carry the correct content type, allowing bypass of browser CORS preflight checks and enabling CSRF via cross-origin...

8.3CVSS8.1AI score0.00386EPSS

CVE•added 2023/03/27 12:0 a.m.•129 views

CVE-2022-41354

CVE-2022-41354 concerns an information-disclosure vulnerability in Argo CD where an access-control flaw allows unauthenticated/unauthorized access to enumerate existing applications via the API. Affected: Argo CD before patches (notably v2.4.12 and earlier). Root cause: RBAC checks occur after fe...

4.3CVSS4.5AI score0.00847EPSS