cbcvebase.
CVE-2022-1025
published 2022-07-12

CVE-2022-1025: All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate…

PriorityP348high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.11%
61.9th percentile
All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level.

Affected

8 ranges
VendorProductVersion rangeFixed in
argoprojargo_cd0.5.0 – 2.1.12
argoprojargo_cd2.2.0 – 2.2.7
argoprojargo_cd2.3.0 – 2.3.1
github.comargoproj_argo-cd0.5.0 – 1.8.7
github.comargoproj_argo-cd>= 0.5.0
github.comargoproj_argo-cd_v2>= 0 < 2.1.142.1.14
github.comargoproj_argo-cd_v2>= 2.2.0 < 2.2.82.2.8
github.comargoproj_argo-cd_v2>= 2.3.0 < 2.3.22.3.2

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.