Filters
Versions
2.2.0
10
2.3.0
9
2.4.0
9
1.8.0
5
2.8.0
4
1.5.0
3
2.2.9
3
2.3.4
3
2.5.0
3
2.6.0
3
2.6.0-rc1
3
2.6.0-rc2
3
2.6.0-rc3
3
2.6.0-rc4
3
0.5.0
2
0.7.0
2
1.3.0
2
2.10.0
2
2.11.0
2
2.3.0-rc1
2
2.3.0-rc2
2
2.3.0-rc4
2
2.3.0-rc5
2
2.7.0
2
0.11.0
1
0.6.1
1
1.0.0
1
1.4.0
1
1.4.2
1
1.7.0
1
1.8.2
1
2.1.12
1
2.10.0-rc1
1
2.2.7
1
2.3.1
1
2.6.0-rc5
1
2.6.0-rc6
1
2.6.0-rc7
1
2.6.13
1
2.7.11
1
2.9.0
1
2.9.3
1
go/github.com/argoproj/argo-cd/v2/serverUnauthenticated Access to sensitive settings in Argo CD
7.5
First published (updated )
go/github.com/argoproj/argo-cdArgo CD allows authenticated users to enumerate clusters by name
4.3
First published (updated )
go/github.com/argoproj/argo-cd/v2Cross-Site Request Forgery (CSRF) in github.com/argoproj/argo-cd
8.4
EPSS
0.05%
First published (updated )
Linuxfoundation Argo-cdPath traversal allows leaking out-of-bound Helm charts from Argo CD repo-server
First published (updated )
Linuxfoundation Argo Continuous DeliveryDenial of Service to Argo CD repo-server
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
go/github.com/argoproj/argo-cdArgo CD web terminal session doesn't expire
7.1
First published (updated )
go/github.com/argoproj/argo-cd/v2Cluster secret might leak in cluster details page in Argo CD
9.9
First published (updated )
Linuxfoundation Argo Continuous DeliveryArgo CD leaks repository credentials in user-facing error messages and in logs
6.5
First published (updated )
Linuxfoundation Argo-cdArgo CD users with any cluster secret update access may update out-of-bounds cluster secrets
9.1
First published (updated )
Linuxfoundation Argo-cdargo-cd Controller reconciles apps outside configured namespaces when sharding is enabled
8.6
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Linuxfoundation Argo-cdJWT audience claim is not verified
9.1
First published (updated )
Linuxfoundation Argo-cdCross-site Scripting for Argo CD single sign on users
6.1
First published (updated )
Linuxfoundation Argo-cdArgo CD's certificate verification is skipped for connections to OIDC providers
9.6
First published (updated )
Linuxfoundation Argo-cdAll unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control …
First published (updated )
Linuxfoundation Argo-cdSymlink following allows leaking out-of-bounds YAML files from Argo CD repo-server
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
go/github.com/argoproj/argo-cd/v2Argo CD vulnerable to Uncontrolled Memory Consumption
6.5
First published (updated )
Linuxfoundation Argo-cdExternal URLs for Deployments can include javascript in argo-cd
First published (updated )
go/github.com/argoproj/argo-cd/v2Insecure entropy in argo-cd
8.3
First published (updated )
Linuxfoundation Argo-cdArgo CD will blindly trust JWT claims if anonymous access is enabled
10
First published (updated )
Linuxfoundation Argo-cdArgo CD login screen allows message spoofing if SSO is enabled
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Linuxfoundation Argo-cdSymlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server
4.3
First published (updated )
Linuxfoundation Argo-cdImproper access control allows admin privilege escalation in Argo CD
9.9
First published (updated )
Linuxfoundation Argo-cdPath traversal allows leaking out-of-bound files from Argo CD repo-server
6.8
First published (updated )
Linuxfoundation Argo-cdPath traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server
7.7
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Linuxfoundation Argo-cdAny unprivileged user is able to deploy argocd in his namespace and with the created ServiceAccount …
6.5
First published (updated )
Linuxfoundation Argo Continuous DeliveryArgo CD leaked secret data into error messages and logs on invalid edits via UI
5.9
First published (updated )
Linuxfoundation Argo Continuous DeliveryCross-site Scripting (XSS)
4.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Linuxfoundation Argo Continuous DeliveryIn util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the use…
6.5
First published (updated )
go/github.com/argoproj/argo-cdAs of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with acc…
8.8
First published (updated )
go/github.com/argoproj/argo-cdAs of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, accoun…
7.5
First published (updated )
Linuxfoundation Argo Continuous DeliveryAs of v1.5.0, the Argo web interface authentication system issued immutable tokens. Authentication t…
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
go/github.com/argoproj/argo-cdFixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowe…
5.3
First published (updated )