7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%
github.com/argoproj/argo-cd is vulnerable to Denial of Service (DoS). The vulnerability is due to unsafe manipulation of an array in a multi-threaded environment. When two threads interact with the same array simultaneously this flaw can potentially leads to an application crash.
github.com/argoproj/argo-cd/blob/54601c8fd30b86a4c4b7eb449956264372c8bde0/util/session/sessionmanager.go#L302-L311
github.com/argoproj/argo-cd/commit/2a22e19e06aaf6a1e734443043310a66c234e345
github.com/argoproj/argo-cd/commit/5bbb51ab423f273dda74ab956469843d2db2e208
github.com/argoproj/argo-cd/commit/ce04dc5c6f6e92033221ec6d96b74403b065ca8b
github.com/argoproj/argo-cd/security/advisories/GHSA-6v85-wr92-q4p7
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%