Veracode Vulnerability DatabaseVERACODE:36081Denial Of Service (DoS)
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
19.0%
github.com/argoproj/argo-cd is vulnerable to denial of service (DoS) attacks. A remote authenticated attacker with permission to deploy applications from a repository which contains a large file, is able to cause denial of service conditions due to an uncontrolled memory consumption bug.
References
github.com/advisories/GHSA-jhqp-vf4w-rpwq
github.com/argoproj/argo-cd/commit/58cccd526e74a380fb103395c9ab4978c5980257
github.com/argoproj/argo-cd/commit/7fb77d578d42862b1d0ff9bc1202b24f1af3338e
github.com/argoproj/argo-cd/commit/9d67469428d895b37fcb284e7a072cc01d8b3a99
github.com/argoproj/argo-cd/commit/a92a153a4909c928de6bddbc2ec5599c1824307a
github.com/argoproj/argo-cd/security/advisories/GHSA-jhqp-vf4w-rpwq
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
19.0%