Latest medium severity vulnerabilities for vendor "argoproj"

go/github.com/argoproj/argo-cd/v2The Argo CD web terminal session does not handle the revocation of user permissions properly.

medium

6.5

First published (updated )

CVE-2024-41666

go/github.com/argoproj/argo-cdArgo CD allows authenticated users to enumerate clusters by name

medium

4.3

First published (updated )

CVE-2024-36106

go/github.com/argoproj/argo-cd/v2Denial of Service via malicious jqPathExpressions in ignoreDifferences

medium

6.5

EPSS

0.04%

First published (updated )

CVE-2024-32476

go/github.com/argoproj/argo-cd/v2Argo CD' API server does not enforce project sourceNamespaces

medium

6.3

EPSS

0.04%

First published (updated )

CVE-2024-31990

go/github.com/argoproj/argo-cd/v2Uncontrolled Resource Consumption vulnerability in ArgoCD's repo server

medium

6.5

EPSS

0.04%

First published (updated )

CVE-2024-29893

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

go/github.com/argoproj/argo-cd/v2Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server

medium

5

First published (updated )

CVE-2023-40026

Argo CDDenial of Service to Argo CD repo-server

medium

6.5

First published (updated )

CVE-2023-40584

Argo CDArgo CD leaks repository credentials in user-facing error messages and in logs

medium

6.5

First published (updated )

CVE-2023-25163

Argo CDCross-site Scripting for Argo CD single sign on users

medium

6.1

First published (updated )

CVE-2022-31102

Argo CDSymlink following allows leaking out-of-bounds YAML files from Argo CD repo-server

medium

4.3

First published (updated )

CVE-2022-31036

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

go/github.com/argoproj/argo-cd/v2Argo CD vulnerable to Uncontrolled Memory Consumption

medium

6.5

First published (updated )

CVE-2022-31016

Argo CDArgo CD login screen allows message spoofing if SSO is enabled

medium

4.3

First published (updated )

CVE-2022-24905

Argo CDSymlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server

medium

4.3

First published (updated )

CVE-2022-24904

Argo CDPath traversal allows leaking out-of-bound files from Argo CD repo-server

medium

6.8

First published (updated )

CVE-2022-24731

redhat/argocdAny unprivileged user is able to deploy argocd in his namespace and with the created ServiceAccount …

medium

6.5

First published (updated )

CVE-2021-3557

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Argo CDArgo CD leaked secret data into error messages and logs on invalid edits via UI

medium

5.9

First published (updated )

CVE-2021-23135

Argo CDXSS

medium

6.1

First published (updated )

CVE-2021-26924

Argo CDCross-site Scripting (XSS)

medium

4.8

First published (updated )

CVE-2021-23347

Argo CDIn util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the use…

medium

6.5

First published (updated )

CVE-2021-26921

Argo CDInfoleak

medium

6.5

First published (updated )

CVE-2018-21034

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Argo CDFixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowe…

medium

5.3

First published (updated )

CVE-2020-11576

Trending

go/github.com/argoproj/argo-cd/v2The Argo CD web terminal session does not handle the revocation of user permissions properly.

go/github.com/argoproj/argo-cdArgo CD allows authenticated users to enumerate clusters by name

go/github.com/argoproj/argo-cd/v2Denial of Service via malicious jqPathExpressions in ignoreDifferences

go/github.com/argoproj/argo-cd/v2Argo CD' API server does not enforce project sourceNamespaces

go/github.com/argoproj/argo-cd/v2Uncontrolled Resource Consumption vulnerability in ArgoCD's repo server

Never miss a vulnerability like this again

go/github.com/argoproj/argo-cd/v2Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server

Argo CDDenial of Service to Argo CD repo-server

Argo CDArgo CD leaks repository credentials in user-facing error messages and in logs

Argo CDCross-site Scripting for Argo CD single sign on users

Argo CDSymlink following allows leaking out-of-bounds YAML files from Argo CD repo-server

Never miss a vulnerability like this again

go/github.com/argoproj/argo-cd/v2Argo CD vulnerable to Uncontrolled Memory Consumption

Argo CDArgo CD login screen allows message spoofing if SSO is enabled

Argo CDSymlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server

Argo CDPath traversal allows leaking out-of-bound files from Argo CD repo-server

redhat/argocdAny unprivileged user is able to deploy argocd in his namespace and with the created ServiceAccount …

Never miss a vulnerability like this again

Argo CDArgo CD leaked secret data into error messages and logs on invalid edits via UI

Argo CDXSS

Argo CDCross-site Scripting (XSS)

Argo CDIn util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the use…

Argo CDInfoleak

Never miss a vulnerability like this again

Argo CDFixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowe…

Company

Resources

Contact