Argoproj Argo-Cd vulnerabilities
42 known vulnerabilities affecting argoproj/argo-cd.
Total CVEs
42
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
CRITICAL7HIGH14MEDIUM21
Vulnerabilities
Page 3 of 3
CVE-2022-24905P4MEDIUMCVSS 4.3fixed in 2.1.15v>= 2.2.0, < 2.2.9+1 more2022-05-20
CVE-2022-24905 [MEDIUM] CWE-20 CVE-2022-24905: Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was found
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was found in Argo CD prior to versions 2.3.4, 2.2.9, and 2.1.15 that allows an attacker to spoof error messages on the login screen when single sign on (SSO) is enabled. In order to exploit this vulnerability, an attacker would have to trick the victim to visit a
nvd
CVE-2024-36106P4MEDIUMCVSS 4.3v> 0.11.0, < 2.9.17v>= 2.10.0, < 2.10.12+1 more2024-06-06
CVE-2024-36106 [MEDIUM] CWE-209 CVE-2024-36106: Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It’s possible for authenti
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It’s possible for authenticated users to enumerate clusters by name by inspecting error messages. It’s also possible to enumerate the names of projects with project-scoped clusters if you know the names of the clusters. This vulnerability is fixed in 2.11.3, 2.10.12, and 2.9.1
nvd
← Previous3 / 3