CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41354 – ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API
https://notcve.org/view.php?id=CVE-2022-41354
An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications. An information disclosure flaw was found in Argo CD. This issue may allow unauthorized users to enumerate application names by inspecting API error messages and could use the discovered application names as the starting point of another attack. For example, the attacker might use their knowledge of an application name to convince an administrator to grant higher privileges. • http://argo.com https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq https://github.com/chunklhit/cve/blob/master/argo/argo-cd/application_enumeration.md https://access.redhat.com/security/cve/CVE-2022-41354 https://bugzilla.redhat.com/show_bug.cgi?id=2167820 • CWE-203: Observable Discrepancy •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0CVE-2023-22482 – JWT audience claim is not verified
https://notcve.org/view.php?id=CVE-2023-22482
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions of Argo CD starting with v1.8.2 and prior to 2.3.13, 2.4.19, 2.5.6, and 2.6.0-rc-3 are vulnerable to an improper authorization bug causing the API to accept certain invalid tokens. OIDC providers include an `aud` (audience) claim in signed tokens. The value of that claim specifies the intended audience(s) of the token (i.e. the service or services which are meant to accept the token). Argo CD _does_ validate that the token was signed by Argo CD's configured OIDC provider. • https://github.com/argoproj/argo-cd/security/advisories/GHSA-q9hr-j4rf-8fjc https://access.redhat.com/security/cve/CVE-2023-22482 https://bugzilla.redhat.com/show_bug.cgi?id=2160492 • CWE-863: Incorrect Authorization •
CVSS: 9.6EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31105 – Argo CD's certificate verification is skipped for connections to OIDC providers
https://notcve.org/view.php?id=CVE-2022-31105
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.4.0 and prior to 2.2.11, 2.3.6, and 2.4.5 is vulnerable to an improper certificate validation bug which could cause Argo CD to trust a malicious (or otherwise untrustworthy) OpenID Connect (OIDC) provider. A patch for this vulnerability has been released in Argo CD versions 2.4.5, 2.3.6, and 2.2.11. There are no complete workarounds, but a partial workaround is available. Those who use an external OIDC provider (not the bundled Dex instance), can mitigate the issue by setting the `oidc.config.rootCA` field in the `argocd-cm` ConfigMap. • https://github.com/argoproj/argo-cd/releases/tag/v2.3.6 https://github.com/argoproj/argo-cd/releases/tag/v2.4.5 https://github.com/argoproj/argo-cd/security/advisories/GHSA-7943-82jg-wmw5 • CWE-295: Improper Certificate Validation CWE-599: Missing Validation of OpenSSL Certificate •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-31016 – Argo CD vulnerable to Uncontrolled Memory Consumption
https://notcve.org/view.php?id=CVE-2022-31016
Argo CD is a declarative continuous deployment for Kubernetes. Argo CD versions v0.7.0 and later are vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service, resulting in a Denial of Service. The attacker must be an authenticated Argo CD user authorized to deploy Applications from a repository which contains (or can be made to contain) a large file. The fix for this vulnerability is available in versions 2.3.5, 2.2.10, 2.1.16, and later. There are no known workarounds. • https://github.com/argoproj/argo-cd/security/advisories/GHSA-jhqp-vf4w-rpwq https://access.redhat.com/security/cve/CVE-2022-31016 https://bugzilla.redhat.com/show_bug.cgi?id=2096283 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-31034 – Insecure entropy in argo-cd
https://notcve.org/view.php?id=CVE-2022-31034
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in parameters in Oauth2/OIDC login flows. In each case, using a relatively-predictable (time-based) seed in a non-cryptographically-secure pseudo-random number generator made the parameter less random than required by the relevant spec or by general best practices. In some cases, using too short a value made the entropy even less sufficient. • https://github.com/argoproj/argo-cd/commit/17f7f4f462bdb233e1b9b36f67099f41052d8cb0 https://github.com/argoproj/argo-cd/security/advisories/GHSA-2m7h-86qq-fp4v https://access.redhat.com/security/cve/CVE-2022-31034 https://bugzilla.redhat.com/show_bug.cgi?id=2096282 • CWE-330: Use of Insufficiently Random Values CWE-331: Insufficient Entropy CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) •