Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

argoproj — Vulnerabilities & Security Advisories 55

Browse all 55 CVE security advisories affecting argoproj. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by argoproj:argo-cdargo-workflowsargo-eventsargo-helm
CVE IDTitleCVSSSeverityPublished
CVE-2023-50726 Users with `create` but not `override` privileges can perform local sync in argo-cd — argo-cdCWE-269 6.4 Medium2024-03-13
CVE-2024-28175 Cross-site scripting on application summary component in argo-cd — argo-cdCWE-79 9.1 Critical2024-03-13
CVE-2024-22424 Cross-Site Request Forgery (CSRF) in github.com/argoproj/argo-cd — argo-cdCWE-352 8.4 High2024-01-19
CVE-2023-40026 Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server — argo-cdCWE-22 5.0 Medium2023-09-27
CVE-2023-40584 Denial of Service to Argo CD repo-server — argo-cdCWE-400 6.5 Medium2023-09-07
CVE-2023-40029 Cluster secret might leak in cluster details page in Argo CD — argo-cdCWE-200 9.9 Critical2023-09-07
CVE-2023-40025 Argo CD web terminal session doesn't expire — argo-cdCWE-613 4.7 Medium2023-08-23
CVE-2023-23947 Argo CD users with any cluster secret update access may update out-of-bounds cluster secrets — argo-cdCWE-863 9.1 Critical2023-02-16
CVE-2023-25163 Argo CD leaks repository credentials in user-facing error messages and in logs — argo-cdCWE-532 6.3 Medium2023-02-08
CVE-2023-22736 argo-cd Controller reconciles apps outside configured namespaces when sharding is enabled — argo-cdCWE-862 8.6 High2023-01-26
CVE-2023-22482 JWT audience claim is not verified — argo-cdCWE-863 9.1 Critical2023-01-25
CVE-2022-31102 Cross-site Scripting for Argo CD single sign on users — argo-cdCWE-79 2.6 Low2022-07-12
CVE-2022-31105 Argo CD's certificate verification is skipped for connections to OIDC providers — argo-cdCWE-295 8.3 High2022-07-12
CVE-2022-31036 Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server — argo-cdCWE-20 4.3 Medium2022-06-27
CVE-2022-31035 External URLs for Deployments can include javascript in argo-cd — argo-cdCWE-79 9.0 Critical2022-06-27
CVE-2022-31034 Insecure entropy in argo-cd — argo-cdCWE-330 8.3 High2022-06-27
CVE-2022-31016 Argo CD vulnerable to Uncontrolled Memory Consumption — argo-cdCWE-400 6.5 Medium2022-06-25
CVE-2022-31054 Uses of deprecated API can be used to cause DoS in user-facing endpoints in Argo Events — argo-eventsCWE-400 7.5 High2022-06-13
CVE-2022-29165 Argo CD will blindly trust JWT claims if anonymous access is enabled — argo-cdCWE-200 10.0 Critical2022-05-20
CVE-2022-24905 Argo CD login screen allows message spoofing if SSO is enabled — argo-cdCWE-20 4.3 Medium2022-05-20
CVE-2022-24904 Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server — argo-cdCWE-61 4.3 Medium2022-05-20
CVE-2022-29164 Privilege Escalation in argo-workflows — argo-workflowsCWE-269 7.1 High2022-05-05
CVE-2022-24768 Improper access control allows admin privilege escalation in Argo CD — argo-cdCWE-200 9.9 Critical2022-03-23
CVE-2022-24731 Path traversal allows leaking out-of-bound files from Argo CD repo-server — argo-cdCWE-22 6.8 Medium2022-03-23
CVE-2022-24730 Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server — argo-cdCWE-22 7.7 High2022-03-23

This page lists every published CVE security advisory associated with argoproj. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.