Page 4 of 26 results (0.010 seconds)

CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in parameters in Oauth2/OIDC login flows. In each case, using a relatively-predictable (time-based) seed in a non-cryptographically-secure pseudo-random number generator made the parameter less random than required by the relevant spec or by general best practices. In some cases, using too short a value made the entropy even less sufficient. • https://github.com/argoproj/argo-cd/commit/17f7f4f462bdb233e1b9b36f67099f41052d8cb0 https://github.com/argoproj/argo-cd/security/advisories/GHSA-2m7h-86qq-fp4v https://access.redhat.com/security/cve/CVE-2022-31034 https://bugzilla.redhat.com/show_bug.cgi?id=2096282 • CWE-330: Use of Insufficiently Random Values CWE-331: Insufficient Entropy CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

Argo CD is a declarative continuous deployment for Kubernetes. Argo CD versions v0.7.0 and later are vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service, resulting in a Denial of Service. The attacker must be an authenticated Argo CD user authorized to deploy Applications from a repository which contains (or can be made to contain) a large file. The fix for this vulnerability is available in versions 2.3.5, 2.2.10, 2.1.16, and later. There are no known workarounds. • https://github.com/argoproj/argo-cd/security/advisories/GHSA-jhqp-vf4w-rpwq https://access.redhat.com/security/cve/CVE-2022-31016 https://bugzilla.redhat.com/show_bug.cgi?id=2096283 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.3.0 are vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A malicious Argo CD user with write access for a repository which is (or may be) used in a Helm-type Application may commit a symlink which points to an out-of-bounds file. If the target file is a valid YAML file, the attacker can read the contents of that file. Sensitive files which could be leaked include manifest files from other Applications' source repositories (potentially decrypted files, if you are using a decryption plugin) or any YAML-formatted secrets which have been mounted as files on the repo-server. • https://github.com/argoproj/argo-cd/commit/04c305396458508a31d03d44afea07b1c620d7cd https://github.com/argoproj/argo-cd/security/advisories/GHSA-q4w5-4gq2-98vm https://access.redhat.com/security/cve/CVE-2022-31036 https://bugzilla.redhat.com/show_bug.cgi?id=2096291 • CWE-20: Improper Input Validation CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •

CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a `javascript:` link in the UI. When clicked by a victim user, the script will execute with the victim's permissions (up to and including admin). The script would be capable of doing anything which is possible in the UI or via the API, such as creating, modifying, and deleting Kubernetes resources. A patch for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. • https://argo-cd.readthedocs.io/en/stable/user-guide/external-url https://github.com/argoproj/argo-cd/commit/8bc3ef690de29c68a36f473908774346a44d4038 https://github.com/argoproj/argo-cd/security/advisories/GHSA-h4w9-6x78-8vrj https://access.redhat.com/security/cve/CVE-2022-31035 https://bugzilla.redhat.com/show_bug.cgi?id=2096278 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.7.0 and prior to versions 2.1.15m 2.2.9, and 2.3.4 is vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive files from Argo CD's repo-server. A malicious Argo CD user with write access for a repository which is (or may be) used in a directory-type Application may commit a symlink which points to an out-of-bounds file. Sensitive files which could be leaked include manifest files from other Applications' source repositories (potentially decrypted files, if you are using a decryption plugin) or any JSON-formatted secrets which have been mounted as files on the repo-server. A patch for this vulnerability has been released in Argo CD versions 2.3.4, 2.2.9, and 2.1.15. • https://github.com/argoproj/argo-cd/releases/tag/v2.1.15 https://github.com/argoproj/argo-cd/releases/tag/v2.2.9 https://github.com/argoproj/argo-cd/releases/tag/v2.3.4 https://github.com/argoproj/argo-cd/security/advisories/GHSA-6gcg-hp2x-q54h https://access.redhat.com/security/cve/CVE-2022-24904 https://bugzilla.redhat.com/show_bug.cgi?id=2081691 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following CWE-787: Out-of-bounds Write •