Argo-cd@* Security Vulnerabilities and Issues — Argo-cd@* CVE List

Lucene search

LinuxfoundationArgo-cd*

3 matches found

CVE•added 2024/01/19 1:15 a.m.•333 views

CVE-2024-22424

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 are vulnerable to a cross-server request forgery (CSRF) attack when the attacker has the ability to write HTML to a page on the same parent domain as Argo C...

8.3CVSS8.1AI score0.00064EPSS

CVE•added 2024/03/18 7:15 p.m.•243 views

CVE-2024-21662

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can effectively bypass the rate limit and brute force protections by exploiting the application's weak cache-based mechanism. This loophole in security can be combined ...

9.1CVSS7.9AI score0.00714EPSS

CVE•added 2024/06/06 4:15 p.m.•99 views

CVE-2024-37152

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern. This vulnerability is fixed in 2.11...

7.5CVSS6AI score0.60445EPSS