Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

argoproj — Vulnerabilities & Security Advisories 62

Browse all 62 CVE security advisories affecting argoproj. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Argo Projects is an open-source cloud-native toolset primarily used for Kubernetes workflow orchestration and continuous delivery. Its core components, including Argo Workflows and Argo CD, facilitate complex pipeline automation and GitOps practices. Historically, the ecosystem has faced numerous security challenges, with records indicating approximately 56 Common Vulnerabilities and Exposures (CVEs). These issues predominantly involve privilege escalation, cross-site scripting (XSS), and remote code execution (RCE), often stemming from improper input validation or insufficient access controls within the web interfaces and API servers. While no single catastrophic incident has defined the project’s history, the high volume of vulnerabilities highlights the complexity of managing stateful applications in dynamic environments. Users are advised to maintain strict version control and apply security patches promptly to mitigate risks associated with these historically common vulnerability classes.

Top products by argoproj: argo-cd argo-workflows argo-events argo-helm Argo CD
CVE IDTitleCVSSSeverityPublished
CVE-2024-31989 ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache — argo-cdCWE-327 9.1 Critical2024-05-21
CVE-2024-32476 Denial of Service via malicious jqPathExpressions in ignoreDifferences — argo-cdCWE-400 6.5 Medium2024-04-26
CVE-2024-31990 Argo CD' API server does not enforce project sourceNamespaces — argo-cdCWE-863 4.8 Medium2024-04-15
CVE-2024-29893 Uncontrolled Resource Consumption vulnerability in ArgoCD's repo server — argo-cdCWE-400 6.5 Medium2024-03-29
CVE-2024-21662 Argo CD vulnerable to Bypassing of Rate Limit and Brute Force Protection Using Cache Overflow — argo-cdCWE-307 7.5 High2024-03-18
CVE-2024-21661 Argo CD Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment — argo-cdCWE-787 7.5 High2024-03-18
CVE-2024-21652 Argo CD vulnerable to Bypassing of Brute Force Protection via Application Crash and In-Memory Data Loss — argo-cdCWE-307 9.8 Critical2024-03-18
CVE-2023-50726 Users with `create` but not `override` privileges can perform local sync in argo-cd — argo-cdCWE-269 6.4 Medium2024-03-13
CVE-2024-28175 Cross-site scripting on application summary component in argo-cd — argo-cdCWE-79 9.1 Critical2024-03-13
CVE-2024-22424 Cross-Site Request Forgery (CSRF) in github.com/argoproj/argo-cd — argo-cdCWE-352 8.4 High2024-01-19
CVE-2023-40026 Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server — argo-cdCWE-22 5.0 Medium2023-09-27
CVE-2023-40584 Denial of Service to Argo CD repo-server — argo-cdCWE-400 6.5 Medium2023-09-07
CVE-2023-40029 Cluster secret might leak in cluster details page in Argo CD — argo-cdCWE-200 9.9 Critical2023-09-07
CVE-2023-40025 Argo CD web terminal session doesn't expire — argo-cdCWE-613 4.7 Medium2023-08-23
CVE-2023-23947 Argo CD users with any cluster secret update access may update out-of-bounds cluster secrets — argo-cdCWE-863 9.1 Critical2023-02-16
CVE-2023-25163 Argo CD leaks repository credentials in user-facing error messages and in logs — argo-cdCWE-532 6.3 Medium2023-02-08
CVE-2023-22736 argo-cd Controller reconciles apps outside configured namespaces when sharding is enabled — argo-cdCWE-862 8.6 High2023-01-26
CVE-2023-22482 JWT audience claim is not verified — argo-cdCWE-863 9.1 Critical2023-01-25
CVE-2022-31102 Cross-site Scripting for Argo CD single sign on users — argo-cdCWE-79 2.6 Low2022-07-12
CVE-2022-31105 Argo CD's certificate verification is skipped for connections to OIDC providers — argo-cdCWE-295 8.3 High2022-07-12
CVE-2022-31036 Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server — argo-cdCWE-20 4.3 Medium2022-06-27
CVE-2022-31035 External URLs for Deployments can include javascript in argo-cd — argo-cdCWE-79 9.0 Critical2022-06-27
CVE-2022-31034 Insecure entropy in argo-cd — argo-cdCWE-330 8.3 High2022-06-27
CVE-2022-31016 Argo CD vulnerable to Uncontrolled Memory Consumption — argo-cdCWE-400 6.5 Medium2022-06-25
CVE-2022-31054 Uses of deprecated API can be used to cause DoS in user-facing endpoints in Argo Events — argo-eventsCWE-400 7.5 High2022-06-13
CVE-2022-29165 Argo CD will blindly trust JWT claims if anonymous access is enabled — argo-cdCWE-200 10.0 Critical2022-05-20
CVE-2022-24905 Argo CD login screen allows message spoofing if SSO is enabled — argo-cdCWE-20 4.3 Medium2022-05-20
CVE-2022-24904 Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server — argo-cdCWE-61 4.3 Medium2022-05-20
CVE-2022-29164 Privilege Escalation in argo-workflows — argo-workflowsCWE-269 7.1 High2022-05-05
CVE-2022-24768 Improper access control allows admin privilege escalation in Argo CD — argo-cdCWE-200 9.9 Critical2022-03-23

This page lists every published CVE security advisory associated with argoproj. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.