Argoproj

Argo Cd

56 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.6

CVE-2026-42880

Exploit
  • EPSS 0.04%
  • Veröffentlicht 07.05.2026 22:20:39
  • Zuletzt bearbeitet 11.05.2026 17:46:18

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attack...

7.7

CVE-2026-43824

  • EPSS 0.01%
  • Veröffentlicht 02.05.2026 01:20:33
  • Zuletzt bearbeitet 05.05.2026 19:47:31

In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data.

7.5

CVE-2025-59538

Exploit
  • EPSS 0.03%
  • Veröffentlicht 01.10.2025 21:16:43
  • Zuletzt bearbeitet 07.10.2025 14:28:49

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. For versions 2.9.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.6 and 3.0.17, when the webhook.azuredevops.username and webhook.azuredevops.password are not set in the...

7.5

CVE-2025-59537

Exploit
  • EPSS 0.22%
  • Veröffentlicht 01.10.2025 21:16:43
  • Zuletzt bearbeitet 07.10.2025 14:34:45

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions 1.2.0 through 1.8.7, 2.0.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.7 and 3.0.18 are vulnerable to malicious API requests which can crash the API server a...

7.5

CVE-2025-59531

Exploit
  • EPSS 0.24%
  • Veröffentlicht 01.10.2025 21:16:43
  • Zuletzt bearbeitet 07.10.2025 14:39:29

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions 1.2.0 through 1.8.7, 2.0.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.7 and 3.0.18 are vulnerable to malicious API requests which can crash the API server a...

5.3

CVE-2025-55191

  • EPSS 0.05%
  • Veröffentlicht 30.09.2025 23:15:29
  • Zuletzt bearbeitet 07.10.2025 13:11:21

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions between 2.1.0 and 2.14.19, 3.2.0-rc1, 3.1.0-rc1 through 3.1.7, and 3.0.0-rc1 through 3.0.18 contain a race condition in the repository credentials handler that can cau...

9.9

CVE-2025-55190

Exploit
  • EPSS 5.38%
  • Veröffentlicht 04.09.2025 22:37:52
  • Zuletzt bearbeitet 19.09.2025 15:20:53

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sens...

5.4

CVE-2025-47933

  • EPSS 0.07%
  • Veröffentlicht 29.05.2025 19:30:39
  • Zuletzt bearbeitet 27.08.2025 02:28:01

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacker can perform arbitrary actions on behalf of the victim via the API. Due to the improper filtering of URL protocols in t...

6.8

CVE-2025-23216

  • EPSS 0.16%
  • Veröffentlicht 30.01.2025 16:15:31
  • Zuletzt bearbeitet 06.06.2025 15:44:21

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository...

6.5

CVE-2024-41666

Exploit
  • EPSS 0.11%
  • Veröffentlicht 24.07.2024 18:15:05
  • Zuletzt bearbeitet 09.01.2025 16:54:08

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD has a Web-based terminal that allows users to get a shell inside a running pod, just as they would with kubectl exec. Starting in version 2.6.0, when the administrator ...