CVSS: 5.3EPSS: 1%CPEs: 3EXPL: 0CVE-2022-41354 – ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API
https://notcve.org/view.php?id=CVE-2022-41354
24 Mar 2023 — An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications. An information disclosure flaw was found in Argo CD. This issue may allow unauthorized users to enumerate application names by inspecting API error messages and could use the discovered application names as the starting point of another attack. For example, the attacker might use their knowledge of an application name to convince an administrator to grant higher privileges. An update is ... • http://argo.com • CWE-203: Observable Discrepancy •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0CVE-2023-22482 – JWT audience claim is not verified
https://notcve.org/view.php?id=CVE-2023-22482
25 Jan 2023 — Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions of Argo CD starting with v1.8.2 and prior to 2.3.13, 2.4.19, 2.5.6, and 2.6.0-rc-3 are vulnerable to an improper authorization bug causing the API to accept certain invalid tokens. OIDC providers include an `aud` (audience) claim in signed tokens. The value of that claim specifies the intended audience(s) of the token (i.e. the service or services which are meant to accept the token). Argo CD _does_ validate that the token wa... • https://github.com/argoproj/argo-cd/security/advisories/GHSA-q9hr-j4rf-8fjc • CWE-863: Incorrect Authorization •
CVSS: 9.6EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31105 – Argo CD's certificate verification is skipped for connections to OIDC providers
https://notcve.org/view.php?id=CVE-2022-31105
12 Jul 2022 — Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.4.0 and prior to 2.2.11, 2.3.6, and 2.4.5 is vulnerable to an improper certificate validation bug which could cause Argo CD to trust a malicious (or otherwise untrustworthy) OpenID Connect (OIDC) provider. A patch for this vulnerability has been released in Argo CD versions 2.4.5, 2.3.6, and 2.2.11. There are no complete workarounds, but a partial workaround is available. Those who use an external OIDC ... • https://github.com/argoproj/argo-cd/releases/tag/v2.3.6 • CWE-295: Improper Certificate Validation CWE-599: Missing Validation of OpenSSL Certificate •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-31016 – Argo CD vulnerable to Uncontrolled Memory Consumption
https://notcve.org/view.php?id=CVE-2022-31016
22 Jun 2022 — Argo CD is a declarative continuous deployment for Kubernetes. Argo CD versions v0.7.0 and later are vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service, resulting in a Denial of Service. The attacker must be an authenticated Argo CD user authorized to deploy Applications from a repository which contains (or can be made to contain) a large file. The fix for this vulnerability is available in versions 2.3.5, 2.2.10, 2.1.16, and later. T... • https://github.com/argoproj/argo-cd/security/advisories/GHSA-jhqp-vf4w-rpwq • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-31034 – Insecure entropy in argo-cd
https://notcve.org/view.php?id=CVE-2022-31034
22 Jun 2022 — Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in parameters in Oauth2/OIDC login flows. In each case, using a relatively-predictable (time-based) seed in a non-cryptographically-secure pseudo-random number generator made the parameter less random than required by the r... • https://github.com/argoproj/argo-cd/commit/17f7f4f462bdb233e1b9b36f67099f41052d8cb0 • CWE-330: Use of Insufficiently Random Values CWE-331: Insufficient Entropy CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-31035 – External URLs for Deployments can include javascript in argo-cd
https://notcve.org/view.php?id=CVE-2022-31035
22 Jun 2022 — Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a `javascript:` link in the UI. When clicked by a victim user, the script will execute with the victim's permissions (up to and including admin). The script would be capable of doing anything which is possible in the UI or via the API, such as creating, modifying, and deleting Kubernetes resources. A patc... • https://argo-cd.readthedocs.io/en/stable/user-guide/external-url • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-31036 – Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server
https://notcve.org/view.php?id=CVE-2022-31036
22 Jun 2022 — Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.3.0 are vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A malicious Argo CD user with write access for a repository which is (or may be) used in a Helm-type Application may commit a symlink which points to an out-of-bounds file. If the target file is a valid YAML file, the attacker can read the... • https://github.com/argoproj/argo-cd/commit/04c305396458508a31d03d44afea07b1c620d7cd • CWE-20: Improper Input Validation CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-24904 – Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server
https://notcve.org/view.php?id=CVE-2022-24904
19 May 2022 — Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.7.0 and prior to versions 2.1.15m 2.2.9, and 2.3.4 is vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive files from Argo CD's repo-server. A malicious Argo CD user with write access for a repository which is (or may be) used in a directory-type Application may commit a symlink which points to an out-of-bounds file. Sensitive files which could b... • https://github.com/argoproj/argo-cd/releases/tag/v2.1.15 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-24905 – Argo CD login screen allows message spoofing if SSO is enabled
https://notcve.org/view.php?id=CVE-2022-24905
19 May 2022 — Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was found in Argo CD prior to versions 2.3.4, 2.2.9, and 2.1.15 that allows an attacker to spoof error messages on the login screen when single sign on (SSO) is enabled. In order to exploit this vulnerability, an attacker would have to trick the victim to visit a specially crafted URL which contains the message to be displayed. As far as the research of the Argo CD team concluded, it is not possible to specify any acti... • https://github.com/argoproj/argo-cd/releases/tag/v2.1.15 • CWE-20: Improper Input Validation CWE-290: Authentication Bypass by Spoofing •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-29165 – Argo CD will blindly trust JWT claims if anonymous access is enabled
https://notcve.org/view.php?id=CVE-2022-29165
19 May 2022 — Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2.3.4 which would allow unauthenticated users to impersonate as any Argo CD user or role, including the `admin` user, by sending a specifically crafted JSON Web Token (JWT) along with the request. In order for this vulnerability to be exploited, anonymous access to the Argo CD instance must have been enabled. In... • https://github.com/argoproj/argo-cd/releases/tag/v2.1.15 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-287: Improper Authentication CWE-290: Authentication Bypass by Spoofing CWE-551: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization •