CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-25163 – Argo CD leaks repository credentials in user-facing error messages and in logs
https://notcve.org/view.php?id=CVE-2023-25163
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v2.6.0-rc1 have an output sanitization bug which leaks repository access credentials in error messages. These error messages are visible to the user, and they are logged. The error message is visible when a user attempts to create or update an Application via the Argo CD API (and therefor the UI or CLI). The user must have `applications, create` or `applications, update` RBAC access to reach the code which may produce the error. • https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac https://github.com/argoproj/argo-cd/issues/12309 https://github.com/argoproj/argo-cd/pull/12320 https://github.com/argoproj/argo-cd/security/advisories/GHSA-mv6w-j4xc-qpfw • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-25151 – DoS vulnerability for high cardinality metrics in opentelemetry-go-contrib
https://notcve.org/view.php?id=CVE-2023-25151
opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` uses the `httpconv.ServerRequest` function to annotate metric measurements for the `http.server.request_content_length`, `http.server.response_content_length`, and `http.server.duration` instruments. The `ServerRequest` function sets the `http.target` attribute value to be the whole request URI (including the query string)[^1]. The metric instruments do not "forget" previous measurement attributes when `cumulative` temporality is used, this means the cardinality of the measurements allocated is directly correlated with the unique URIs handled. If the query string is constantly random, this will result in a constant increase in memory allocation that can be used in a denial-of-service attack. • https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-5r5m-65gx-7vrh https://github.com/open-telemetry/opentelemetry-go/blob/v1.12.0/semconv/internal/v2/http.go#L159 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-22736 – argo-cd Controller reconciles apps outside configured namespaces when sharding is enabled
https://notcve.org/view.php?id=CVE-2023-22736
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions starting with 2.5.0-rc1 and above, prior to 2.5.8, and version 2.6.0-rc4, are vulnerable to an authorization bypass bug which allows a malicious Argo CD user to deploy Applications outside the configured allowed namespaces. Reconciled Application namespaces are specified as a comma-delimited list of glob patterns. When sharding is enabled on the Application controller, it does not enforce that list of patterns when reconciling Applications. For example, if Application namespaces are configured to be argocd-*, the Application controller may reconcile an Application installed in a namespace called other, even though it does not start with argocd-. • https://github.com/argoproj/argo-cd/security/advisories/GHSA-6p4m-hw2h-6gmw https://access.redhat.com/security/cve/CVE-2023-22736 https://bugzilla.redhat.com/show_bug.cgi?id=2162517 • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0CVE-2023-22482 – JWT audience claim is not verified
https://notcve.org/view.php?id=CVE-2023-22482
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions of Argo CD starting with v1.8.2 and prior to 2.3.13, 2.4.19, 2.5.6, and 2.6.0-rc-3 are vulnerable to an improper authorization bug causing the API to accept certain invalid tokens. OIDC providers include an `aud` (audience) claim in signed tokens. The value of that claim specifies the intended audience(s) of the token (i.e. the service or services which are meant to accept the token). Argo CD _does_ validate that the token was signed by Argo CD's configured OIDC provider. • https://github.com/argoproj/argo-cd/security/advisories/GHSA-q9hr-j4rf-8fjc https://access.redhat.com/security/cve/CVE-2023-22482 https://bugzilla.redhat.com/show_bug.cgi?id=2160492 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2022-25882
https://notcve.org/view.php?id=CVE-2022-25882
Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd" Las versiones del paquete onnx anteriores a la 1.13.0 son vulnerables a Directory Traversal ya que el campo external_data del tensor proto puede tener una ruta al archivo que está fuera del directorio actual del modelo o del directorio proporcionado por el usuario, por ejemplo "../.. /../etc/contraseña" • https://gist.github.com/jnovikov/02a9aff9bf2188033e77bd91ff062856 https://github.com/onnx/onnx/blob/96516aecd4c110b0ac57eba08ac236ebf7205728/onnx/checker.cc%23L129 https://github.com/onnx/onnx/commit/f369b0e859024095d721f1d1612da5a8fa38988d https://github.com/onnx/onnx/issues/3991 https://github.com/onnx/onnx/pull/4400 https://security.snyk.io/vuln/SNYK-PYTHON-ONNX-2395479 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •