-
Notifications
You must be signed in to change notification settings - Fork 5.5k
Security: argoproj/argo-cd
Security Navigation
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
The Argo CD web terminal session does not handle the revocation of user permissions properly.GHSA-v8wx-v5jq-qhhw published
Jul 24, 2024 by pasha-codefreshModerate -
Denial of Service via malicious jqPathExpressions in ignoreDifferencesGHSA-9m6p-x4h2-6frq published
Apr 26, 2024 by pasha-codefreshModerate -
Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in Argo CDGHSA-jmvp-698c-4x3w published
Jul 22, 2024 by pasha-codefreshHigh -
Uncontrolled Resource Consumption vulnerability in ArgoCD's repo serverGHSA-jhwx-mhww-rgc3 published
Mar 28, 2024 by pasha-codefreshModerate -
Use of Risky or Missing Cryptographic Algorithms in Redis CacheGHSA-9766-5277-j5hr published
May 21, 2024 by pasha-codefreshCritical -
Cross-Site Request Forgery (CSRF) in github.com/argoproj/argo-cdGHSA-92mw-q256-5vwg published
Jan 18, 2024 by crenshaw-devHigh -
Unauthenticated Access to sensitive settings in Argo CDGHSA-87p9-x75h-p4j2 published
Jun 6, 2024 by pasha-codefreshModerate -
Users with `create` but not `override` privileges can perform local syncGHSA-g623-jcgg-mhmm published
Mar 13, 2024 by crenshaw-devModerate -
Bypassing Rate Limit and Brute Force Protection Using Cache OverflowGHSA-2vgg-9h6w-m454 published
Mar 18, 2024 by crenshaw-devModerate -
Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded EnvironmentGHSA-6v85-wr92-q4p7 published
Mar 18, 2024 by crenshaw-devHigh