Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Argo\-Cd
(Linuxfoundation)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 3 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-07-12 | CVE-2022-31105 | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.4.0 and prior to 2.2.11, 2.3.6, and 2.4.5 is vulnerable to an improper certificate validation bug which could cause Argo CD to trust a malicious (or otherwise untrustworthy) OpenID Connect (OIDC) provider. A patch for this vulnerability has been released in Argo CD versions 2.4.5, 2.3.6, and 2.2.11. There are no complete workarounds, but a partial workaround is available. Those who use... | Argo_cd, Argo\-Cd | 9.6 | ||
| 2023-03-27 | CVE-2022-41354 | An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications. | Argo\-Cd | 4.3 | ||
| 2024-01-19 | CVE-2024-22424 | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 are vulnerable to a cross-server request forgery (CSRF) attack when the attacker has the ability to write HTML to a page on the same parent domain as Argo CD. A CSRF attack works by tricking an authenticated Argo CD user into loading a web page which contains code to call Argo CD API endpoints on the victim’s behalf. For example, an attacker could... | Argo_cd, Argo\-Cd | 8.3 |