CVE-2025-55190 — AI Deep Analysis Summary

🚨 **Essence**: Argo CD has an **Information Disclosure** flaw. Project-level API tokens can leak sensitive **repository credentials** (usernames/passwords).…

🛡️ **Root Cause**: **CWE-200** (Information Exposure). The API endpoint for project details fails to properly restrict access to sensitive fields.…

📦 **Affected Versions**: • **2.13.0** to **2.13.8** • **2.14.0** to **2.14.15** • **3.0.0** to **3.0.12** • **3.1.0-rc1** to **3.1.1** 👉 *Note: Also affects v2.2.0-rc1 and later generally.*

💀 **Attacker Capabilities**: With a valid **project-level API token**, an attacker can: 1. Access the **Project Details API**. 2. Retrieve **sensitive repository credentials**. 3.…

🔑 **Exploitation Threshold**: **Medium**. Requires **Low Complexity** and **Network** access. Crucially, it requires **Privileges Required: Low** (just a valid project-level token). No User Interaction needed. ⚠️

🔍 **Public Exploit**: Yes. A **Nuclei template** is available on GitHub (projectdiscovery/nuclei-templates). It allows automated scanning. 📜 *Note: Requires valid ArgoCD credentials to test.*

🔎 **Self-Check**: Use the provided **Nuclei template** for scanning. Alternatively, manually verify if API tokens with project `get` permissions return repository credentials in the response body. 🧪

🛠️ **Official Fix**: Yes. The vendor (**argoproj**) has released a fix. See commit `e8f86101f5378662ae6151ce5c3a76e9141900e8` and advisory `GHSA-786q-9hcg-v9ff`. 📝

🚧 **Workaround**: If patching is delayed, **restrict API token permissions**. Ensure tokens do not have unnecessary `project get` permissions that expose sensitive data. Rotate compromised credentials immediately. 🔒

🔥 **Urgency**: **HIGH**. CVSS Vector indicates **High** severity across all metrics. Immediate patching or mitigation is recommended to prevent credential theft. 🚨