First published: Mon Mar 27 2023(Updated: )
An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linuxfoundation Argo-cd | >=0.5.0<2.4.28 | |
Linuxfoundation Argo-cd | >=2.5.0<2.5.16 | |
Linuxfoundation Argo-cd | >=2.6.0<2.6.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-41354 is medium (4.3).
CVE-2022-41354 allows unauthenticated attackers to enumerate existing applications in Argo CD v2.4.12 and below.
Argo CD versions 0.5.0 to 2.4.28, 2.5.0 to 2.5.16, and 2.6.0 to 2.6.7 are affected by CVE-2022-41354.
To fix CVE-2022-41354 in Argo CD, update to a version that is not affected by the vulnerability.
You can find more information about CVE-2022-41354 on the Argo CD website and the GitHub security advisories page.