CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-22736 – argo-cd Controller reconciles apps outside configured namespaces when sharding is enabled
https://notcve.org/view.php?id=CVE-2023-22736
26 Jan 2023 — Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions starting with 2.5.0-rc1 and above, prior to 2.5.8, and version 2.6.0-rc4, are vulnerable to an authorization bypass bug which allows a malicious Argo CD user to deploy Applications outside the configured allowed namespaces. Reconciled Application namespaces are specified as a comma-delimited list of glob patterns. When sharding is enabled on the Application controller, it does not enforce that list of patterns when reconcilin... • https://github.com/argoproj/argo-cd/security/advisories/GHSA-6p4m-hw2h-6gmw • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0CVE-2023-22482 – JWT audience claim is not verified
https://notcve.org/view.php?id=CVE-2023-22482
25 Jan 2023 — Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions of Argo CD starting with v1.8.2 and prior to 2.3.13, 2.4.19, 2.5.6, and 2.6.0-rc-3 are vulnerable to an improper authorization bug causing the API to accept certain invalid tokens. OIDC providers include an `aud` (audience) claim in signed tokens. The value of that claim specifies the intended audience(s) of the token (i.e. the service or services which are meant to accept the token). Argo CD _does_ validate that the token wa... • https://github.com/argoproj/argo-cd/security/advisories/GHSA-q9hr-j4rf-8fjc • CWE-863: Incorrect Authorization •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31102 – Cross-site Scripting for Argo CD single sign on users
https://notcve.org/view.php?id=CVE-2022-31102
12 Jul 2022 — Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with 2.3.0 and prior to 2.3.6 and 2.4.5 is vulnerable to a cross-site scripting (XSS) bug which could allow an attacker to inject arbitrary JavaScript in the `/auth/callback` page in a victim's browser. This vulnerability only affects Argo CD instances which have single sign on (SSO) enabled. The exploit also assumes the attacker has 1) access to the API server's encryption key, 2) a method to add a cookie to the vict... • https://github.com/argoproj/argo-cd/releases/tag/v2.3.6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.6EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31105 – Argo CD's certificate verification is skipped for connections to OIDC providers
https://notcve.org/view.php?id=CVE-2022-31105
12 Jul 2022 — Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.4.0 and prior to 2.2.11, 2.3.6, and 2.4.5 is vulnerable to an improper certificate validation bug which could cause Argo CD to trust a malicious (or otherwise untrustworthy) OpenID Connect (OIDC) provider. A patch for this vulnerability has been released in Argo CD versions 2.4.5, 2.3.6, and 2.2.11. There are no complete workarounds, but a partial workaround is available. Those who use an external OIDC ... • https://github.com/argoproj/argo-cd/releases/tag/v2.3.6 • CWE-295: Improper Certificate Validation CWE-599: Missing Validation of OpenSSL Certificate •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-31016 – Argo CD vulnerable to Uncontrolled Memory Consumption
https://notcve.org/view.php?id=CVE-2022-31016
22 Jun 2022 — Argo CD is a declarative continuous deployment for Kubernetes. Argo CD versions v0.7.0 and later are vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service, resulting in a Denial of Service. The attacker must be an authenticated Argo CD user authorized to deploy Applications from a repository which contains (or can be made to contain) a large file. The fix for this vulnerability is available in versions 2.3.5, 2.2.10, 2.1.16, and later. T... • https://github.com/argoproj/argo-cd/security/advisories/GHSA-jhqp-vf4w-rpwq • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-31034 – Insecure entropy in argo-cd
https://notcve.org/view.php?id=CVE-2022-31034
22 Jun 2022 — Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in parameters in Oauth2/OIDC login flows. In each case, using a relatively-predictable (time-based) seed in a non-cryptographically-secure pseudo-random number generator made the parameter less random than required by the r... • https://github.com/argoproj/argo-cd/commit/17f7f4f462bdb233e1b9b36f67099f41052d8cb0 • CWE-330: Use of Insufficiently Random Values CWE-331: Insufficient Entropy CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-31035 – External URLs for Deployments can include javascript in argo-cd
https://notcve.org/view.php?id=CVE-2022-31035
22 Jun 2022 — Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a `javascript:` link in the UI. When clicked by a victim user, the script will execute with the victim's permissions (up to and including admin). The script would be capable of doing anything which is possible in the UI or via the API, such as creating, modifying, and deleting Kubernetes resources. A patc... • https://argo-cd.readthedocs.io/en/stable/user-guide/external-url • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-31036 – Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server
https://notcve.org/view.php?id=CVE-2022-31036
22 Jun 2022 — Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.3.0 are vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A malicious Argo CD user with write access for a repository which is (or may be) used in a Helm-type Application may commit a symlink which points to an out-of-bounds file. If the target file is a valid YAML file, the attacker can read the... • https://github.com/argoproj/argo-cd/commit/04c305396458508a31d03d44afea07b1c620d7cd • CWE-20: Improper Input Validation CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-29165 – Argo CD will blindly trust JWT claims if anonymous access is enabled
https://notcve.org/view.php?id=CVE-2022-29165
19 May 2022 — Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2.3.4 which would allow unauthenticated users to impersonate as any Argo CD user or role, including the `admin` user, by sending a specifically crafted JSON Web Token (JWT) along with the request. In order for this vulnerability to be exploited, anonymous access to the Argo CD instance must have been enabled. In... • https://github.com/argoproj/argo-cd/releases/tag/v2.1.15 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-287: Improper Authentication CWE-290: Authentication Bypass by Spoofing CWE-551: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-24904 – Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server
https://notcve.org/view.php?id=CVE-2022-24904
19 May 2022 — Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.7.0 and prior to versions 2.1.15m 2.2.9, and 2.3.4 is vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive files from Argo CD's repo-server. A malicious Argo CD user with write access for a repository which is (or may be) used in a directory-type Application may commit a symlink which points to an out-of-bounds file. Sensitive files which could b... • https://github.com/argoproj/argo-cd/releases/tag/v2.1.15 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following CWE-787: Out-of-bounds Write •