Recently modified medium severity vulnerabilities for vendor "argoproj"

go/github.com/argoproj/argo-cd/v2Argo CD' API server does not enforce project sourceNamespaces

medium

6.3

EPSS

0.04%

First published (updated )

CVE-2024-31990

go/github.com/argoproj/argo-cd/v2Uncontrolled Resource Consumption vulnerability in ArgoCD's repo server

medium

6.5

EPSS

0.04%

First published (updated )

CVE-2024-29893

Argo CDArgo CD leaks repository credentials in user-facing error messages and in logs

medium

6.5

First published (updated )

CVE-2023-25163

go/github.com/argoproj/argo-cd/v2Denial of Service via malicious jqPathExpressions in ignoreDifferences

medium

6.5

EPSS

0.04%

First published (updated )

CVE-2024-32476

go/github.com/argoproj/argo-cd/v2The Argo CD web terminal session does not handle the revocation of user permissions properly.

medium

6.5

First published (updated )

CVE-2024-41666

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Argo CDDenial of Service to Argo CD repo-server

medium

6.5

First published (updated )

CVE-2023-40584

go/github.com/argoproj/argo-cd/v2Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server

medium

5

First published (updated )

CVE-2023-40026

Argo CDCross-site Scripting (XSS)

medium

4.8

First published (updated )

CVE-2021-23347

Argo CDArgo CD leaked secret data into error messages and logs on invalid edits via UI

medium

5.9

First published (updated )

CVE-2021-23135

go/github.com/argoproj/argo-cdArgo CD allows authenticated users to enumerate clusters by name

medium

4.3

First published (updated )

CVE-2024-36106

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Argo CDPath traversal allows leaking out-of-bound files from Argo CD repo-server

medium

6.8

First published (updated )

CVE-2022-24731

Argo CDFixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowe…

medium

5.3

First published (updated )

CVE-2020-11576

Argo CDIn util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the use…

medium

6.5

First published (updated )

CVE-2021-26921

redhat/argocdAny unprivileged user is able to deploy argocd in his namespace and with the created ServiceAccount …

medium

6.5

First published (updated )

CVE-2021-3557

Argo CDXSS

medium

6.1

First published (updated )

CVE-2021-26924

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Argo CDInfoleak

medium

6.5

First published (updated )

CVE-2018-21034

go/github.com/argoproj/argo-cd/v2Argo CD vulnerable to Uncontrolled Memory Consumption

medium

6.5

First published (updated )

CVE-2022-31016

Argo CDSymlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server

medium

4.3

First published (updated )

CVE-2022-24904

Argo CDArgo CD login screen allows message spoofing if SSO is enabled

medium

4.3

First published (updated )

CVE-2022-24905

Argo CDSymlink following allows leaking out-of-bounds YAML files from Argo CD repo-server

medium

4.3

First published (updated )

CVE-2022-31036

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Argo CDCross-site Scripting for Argo CD single sign on users

medium

6.1

First published (updated )

CVE-2022-31102

Trending

go/github.com/argoproj/argo-cd/v2Argo CD' API server does not enforce project sourceNamespaces

go/github.com/argoproj/argo-cd/v2Uncontrolled Resource Consumption vulnerability in ArgoCD's repo server

Argo CDArgo CD leaks repository credentials in user-facing error messages and in logs

go/github.com/argoproj/argo-cd/v2Denial of Service via malicious jqPathExpressions in ignoreDifferences

go/github.com/argoproj/argo-cd/v2The Argo CD web terminal session does not handle the revocation of user permissions properly.

Never miss a vulnerability like this again

Argo CDDenial of Service to Argo CD repo-server

go/github.com/argoproj/argo-cd/v2Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server

Argo CDCross-site Scripting (XSS)

Argo CDArgo CD leaked secret data into error messages and logs on invalid edits via UI

go/github.com/argoproj/argo-cdArgo CD allows authenticated users to enumerate clusters by name

Never miss a vulnerability like this again

Argo CDPath traversal allows leaking out-of-bound files from Argo CD repo-server

Argo CDFixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowe…

Argo CDIn util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the use…

redhat/argocdAny unprivileged user is able to deploy argocd in his namespace and with the created ServiceAccount …

Argo CDXSS

Never miss a vulnerability like this again

Argo CDInfoleak

go/github.com/argoproj/argo-cd/v2Argo CD vulnerable to Uncontrolled Memory Consumption

Argo CDSymlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server

Argo CDArgo CD login screen allows message spoofing if SSO is enabled

Argo CDSymlink following allows leaking out-of-bounds YAML files from Argo CD repo-server

Never miss a vulnerability like this again

Argo CDCross-site Scripting for Argo CD single sign on users

Company

Resources

Contact