Versions in this module
v1
Mar 3, 2021 GO-2022-0304 +30 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1520: JWT audience claim is not verified in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Feb 26, 2021 GO-2022-0304 +31 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1520: JWT audience claim is not verified in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Feb 20, 2021 GO-2022-0304 +32 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1520: JWT audience claim is not verified in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Feb 5, 2021 GO-2022-0304 +32 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1520: JWT audience claim is not verified in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Jan 21, 2021 GO-2022-0304 +32 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1520: JWT audience claim is not verified in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Jan 10, 2021 GO-2022-0304 +32 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1520: JWT audience claim is not verified in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Dec 10, 2020 GO-2022-0304 +31 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Dec 9, 2020 GO-2022-0304 +31 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Dec 3, 2020 GO-2022-0304 +29 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Nov 25, 2020 GO-2022-0304 +29 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Mar 3, 2021 GO-2022-0304 +29 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Feb 26, 2021 GO-2022-0304 +30 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Feb 5, 2021 GO-2022-0304 +31 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Changes in this version
Dec 10, 2020 GO-2022-0304 +31 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Nov 20, 2020 GO-2022-0304 +31 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Nov 17, 2020 GO-2022-0304 +31 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Oct 15, 2020 GO-2022-0304 +31 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Sep 29, 2020 GO-2022-0304 +31 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Sep 19, 2020 GO-2022-0304 +31 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Sep 15, 2020 GO-2022-0304 +31 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Sep 5, 2020 GO-2022-0304 +31 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Sep 1, 2020 GO-2022-0304 +31 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Aug 27, 2020 GO-2022-0304 +31 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Aug 26, 2020 GO-2022-0304 +31 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Aug 25, 2020 GO-2022-0304 +31 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Changes in this version
Aug 15, 2020 GO-2022-0304 +31 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Jul 31, 2020 GO-2022-0304 +31 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Jun 19, 2020 GO-2022-0304 +31 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Jun 16, 2020 GO-2022-0304 +31 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Changes in this version
type RBACPolicyEnforcer
Jun 9, 2020 GO-2022-0304 +31 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Jun 2, 2020 GO-2022-0304 +31 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Jun 16, 2020 GO-2022-0304 +31 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Jun 9, 2020 GO-2022-0304 +31 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Jun 2, 2020 GO-2022-0304 +31 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
May 16, 2020 GO-2022-0304 +31 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
May 5, 2020 GO-2022-0304 +31 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
May 2, 2020 GO-2022-0304 +31 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Apr 15, 2020 GO-2022-0304 +31 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Apr 6, 2020 GO-2022-0304 +31 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Apr 2, 2020 GO-2022-0304 +33 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0882: Observable Discrepancy in Argo in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Mar 30, 2020 GO-2022-0304 +31 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Mar 26, 2020 GO-2022-0304 +31 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Mar 20, 2020 GO-2022-0304 +31 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Apr 15, 2020 GO-2022-0304 +32 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Jan 24, 2020 GO-2022-0304 +32 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Jan 22, 2020 GO-2022-0304 +32 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Jan 18, 2020 GO-2022-0304 +32 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Changes in this version
Jan 13, 2020 GO-2022-0304 +32 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Dec 10, 2019 GO-2022-0304 +32 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Dec 9, 2019 GO-2022-0304 +32 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Dec 5, 2019 GO-2022-0304 +32 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Dec 5, 2019 GO-2022-0304 +32 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Dec 3, 2019 GO-2022-0304 +32 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Dec 2, 2019 GO-2022-0304 +32 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Nov 13, 2019 GO-2022-0304 +32 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Nov 11, 2019 GO-2022-0304 +30 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Nov 4, 2019 GO-2022-0304 +30 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Oct 29, 2019 GO-2022-0304 +30 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Oct 23, 2019 GO-2022-0304 +30 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Oct 16, 2019 GO-2022-0304 +30 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Oct 29, 2019 GO-2022-0304 +30 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Oct 22, 2019 GO-2022-0304 +30 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Changes in this version
Oct 1, 2019 GO-2022-0304 +30 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Sep 24, 2019 GO-2022-0304 +30 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Sep 12, 2019 GO-2022-0304 +30 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Sep 4, 2019 GO-2022-0304 +30 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Changes in this version
Aug 21, 2019 GO-2022-0304 +30 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Aug 6, 2019 GO-2022-0304 +30 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Jul 30, 2019 GO-2022-0304 +29 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Jul 24, 2019 GO-2022-0304 +29 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Jul 22, 2019 GO-2022-0304 +29 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Changes in this version
Jul 19, 2019 GO-2022-0304 +29 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Jul 17, 2019 GO-2022-0304 +29 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Jul 16, 2019 GO-2022-0304 +29 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Jul 9, 2019 GO-2022-0304 +29 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Jul 3, 2019 GO-2022-0304 +29 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Jun 28, 2019 GO-2022-0304 +29 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Jun 21, 2019 GO-2022-0304 +29 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Jun 14, 2019 GO-2022-0304 +29 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Jun 14, 2019 GO-2022-0304 +29 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
May 28, 2019 GO-2022-0304 +29 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
May 16, 2019 GO-2022-0304 +29 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Changes in this version
type RBACPolicyEnforcer
May 9, 2019 GO-2022-0304 +26 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Apr 30, 2019 GO-2022-0304 +26 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Apr 24, 2019 GO-2022-0304 +26 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
v0
Apr 30, 2019 GO-2022-0304 +26 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Apr 22, 2019 GO-2022-0304 +26 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Apr 9, 2019 GO-2022-0304 +26 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Mar 22, 2019 GO-2022-0304 +26 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Mar 20, 2019 GO-2022-0304 +26 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Mar 19, 2019 GO-2022-0304 +26 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Mar 12, 2019 GO-2022-0304 +26 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Mar 7, 2019 GO-2022-0304 +26 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Mar 6, 2019 GO-2022-0304 +26 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Mar 5, 2019 GO-2022-0304 +26 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Feb 19, 2019 GO-2022-0304 +26 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Jan 18, 2019 GO-2022-0304 +26 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Jan 10, 2019 GO-2022-0304 +26 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Changes in this version
Jan 10, 2019 GO-2022-0304 +24 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Jan 8, 2019 GO-2022-0304 +24 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Jan 4, 2019 GO-2022-0304 +24 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Jan 3, 2019 GO-2022-0304 +24 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Dec 28, 2018 GO-2022-0304 +24 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
Dec 10, 2018 GO-2022-0304 +24 more
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd