Filters

go/github.com/argoproj/argo-cd/v2/serverUnauthenticated Access to sensitive settings in Argo CD

7.5
First published (updated )

go/github.com/argoproj/argo-cdArgo CD allows authenticated users to enumerate clusters by name

First published (updated )

go/github.com/argoproj/argo-cd/v2Cross-Site Request Forgery (CSRF) in github.com/argoproj/argo-cd

8.4
EPSS
0.05%
First published (updated )

Linuxfoundation Argo-cdPath traversal allows leaking out-of-bound Helm charts from Argo CD repo-server

First published (updated )

Linuxfoundation Argo Continuous DeliveryDenial of Service to Argo CD repo-server

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

go/github.com/argoproj/argo-cdArgo CD web terminal session doesn't expire

7.1
First published (updated )

go/github.com/argoproj/argo-cd/v2Cluster secret might leak in cluster details page in Argo CD

First published (updated )

Linuxfoundation Argo Continuous DeliveryArgo CD leaks repository credentials in user-facing error messages and in logs

First published (updated )

Linuxfoundation Argo-cdArgo CD users with any cluster secret update access may update out-of-bounds cluster secrets

First published (updated )

Linuxfoundation Argo-cdargo-cd Controller reconciles apps outside configured namespaces when sharding is enabled

8.6
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Linuxfoundation Argo-cdJWT audience claim is not verified

First published (updated )

Linuxfoundation Argo-cdCross-site Scripting for Argo CD single sign on users

First published (updated )

Linuxfoundation Argo-cdArgo CD's certificate verification is skipped for connections to OIDC providers

First published (updated )

Linuxfoundation Argo-cdAll unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control …

First published (updated )

Linuxfoundation Argo-cdSymlink following allows leaking out-of-bounds YAML files from Argo CD repo-server

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

go/github.com/argoproj/argo-cd/v2Argo CD vulnerable to Uncontrolled Memory Consumption

First published (updated )

Linuxfoundation Argo-cdExternal URLs for Deployments can include javascript in argo-cd

First published (updated )

go/github.com/argoproj/argo-cd/v2Insecure entropy in argo-cd

8.3
First published (updated )

Linuxfoundation Argo-cdArgo CD will blindly trust JWT claims if anonymous access is enabled

First published (updated )

Linuxfoundation Argo-cdArgo CD login screen allows message spoofing if SSO is enabled

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Linuxfoundation Argo-cdSymlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server

First published (updated )

Linuxfoundation Argo-cdImproper access control allows admin privilege escalation in Argo CD

First published (updated )

Linuxfoundation Argo-cdPath traversal allows leaking out-of-bound files from Argo CD repo-server

First published (updated )

Linuxfoundation Argo-cdPath traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server

7.7
First published (updated )

Linuxfoundation Argo-cdPath Traversal, Infoleak

7.7
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Linuxfoundation Argo-cdAny unprivileged user is able to deploy argocd in his namespace and with the created ServiceAccount …

First published (updated )

Linuxfoundation Argo Continuous DeliveryArgo CD leaked secret data into error messages and logs on invalid edits via UI

First published (updated )

Linuxfoundation Argo-cdXSS

First published (updated )

Linuxfoundation Argo-cdInfoleak

7.5
First published (updated )

Linuxfoundation Argo Continuous DeliveryCross-site Scripting (XSS)

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Linuxfoundation Argo Continuous DeliveryIn util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the use…

First published (updated )

go/github.com/argoproj/argo-cdInfoleak

First published (updated )

go/github.com/argoproj/argo-cdAs of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with acc…

8.8
First published (updated )

go/github.com/argoproj/argo-cdAs of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, accoun…

7.5
First published (updated )

Linuxfoundation Argo Continuous DeliveryAs of v1.5.0, the Argo web interface authentication system issued immutable tokens. Authentication t…

7.5
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

go/github.com/argoproj/argo-cdFixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowe…

First published (updated )

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203