CRITICAL10.0CVE-2022-29165Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd from 0
CRITICAL10.0CVE-2022-29165Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd from 0, < 2.1.15
CRITICAL9.9Argo CD: Project API Token Exposes Repository Credentials
from 0
CRITICAL9.9Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
from 0
CRITICAL9.9Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
>= 0.5.0, < 2.1.14
CRITICAL9.9Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
>= 0.5.0
CRITICAL9.1Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
from 0
CRITICAL9.1Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
>= 2.3.0, < 2.3.17
CRITICAL9.0Argo CD allows cross-site scripting on repositories page
>= 1.2.0-rc1
CRITICAL9.0Argo CD allows cross-site scripting on repositories page
>= 1.2.0-rc1, <= 1.8.7
CRITICAL9.0ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache
from 0
CRITICAL9.0ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache
from 0, <= 1.8.7
CRITICAL9.0Cross-site scripting on application summary component in argo-cd
>= 1.0.0
CRITICAL9.0Cross-site scripting on application summary component in argo-cd
>= 1.0.0, <= 1.8.7
CRITICAL9.0JWT audience claim is not verified in github.com/argoproj/argo-cd
>= 1.8.2
CRITICAL9.0JWT audience claim is not verified in github.com/argoproj/argo-cd
>= 1.8.2, < 2.3.14
CRITICAL9.0Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
>= 1.0.0
CRITICAL9.0Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
>= 1.0.0, < 2.1.16
HIGH8.8Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
>= 0.5.0
HIGH8.8Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
>= 0.5.0, <= 1.8.7
HIGH8.8Argo CD Insecure default administrative password
from 0, <= 1.8.0
HIGH8.5Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
from 0
HIGH8.3github.com/argoproj/argo-cd Cross-Site Request Forgery vulnerability
>= 0.1.0, <= 1.8.7
HIGH8.3Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
>= 0.4.0
HIGH8.3Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
>= 0.4.0, < 2.2.11
HIGH8.3Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
>= 0.11.0, < 2.1.16
HIGH8.3Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
>= 0.11.0
HIGH7.7Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
>= 1.3.0
HIGH7.7Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
>= 1.3.0, < 2.1.11
HIGH7.7Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
from 0
HIGH7.7Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
from 0, < 2.1.9
HIGH7.5Argo CD is Vulnerable to Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook
from 0
HIGH7.5argo-cd is vulnerable to unauthenticated DoS attack via malformed Gogs webhook payload
>= 1.2.0, <= 1.8.7
HIGH7.5argo-cd is vulnerable to unauthenticated DoS attack via malformed Gogs webhook payload
>= 1.2.0
HIGH7.5Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload
>= 1.2.0, <= 1.8.7
HIGH7.5Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload
>= 1.2.0
HIGH7.5Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint
>= 1.0.0
HIGH7.5Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint
>= 1.0.0, <= 1.8.7
HIGH7.5Argo CD Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment
from 0, <= 1.8.7
HIGH7.5Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
from 0, < 1.5.1
HIGH7.5Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
from 0, < 1.5.1
HIGH7.3Argo CD: Stored XSS in application link annotations enables developer-to-admin privilege escalation
from 0, <= 1.8.7
HIGH7.1Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
from 0
MEDIUM6.8Argo CD does not scrub secret values from patch errors
from 0, <= 1.8.7
MEDIUM6.8Argo CD does not scrub secret values from patch errors
from 0
MEDIUM6.8Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
>= 1.5.0, < 2.1.11
MEDIUM6.8Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
>= 1.5.0
MEDIUM6.5Repository Credentials Race Condition Crashes Argo CD Server
from 0
MEDIUM6.5Denial of Service via malicious jqPathExpressions in ignoreDifferences
from 0
MEDIUM6.5Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
from 0
MEDIUM6.5DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
>= 0.7.0
MEDIUM6.5DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
>= 0.7.0, < 2.1.16
MEDIUM6.5Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
from 0, < 1.5.0-rc1
MEDIUM6.5Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
from 0, < 1.5.0-rc1
MEDIUM6.4Users with `create` but not `override` privileges can perform local sync in argo-cd
>= 1.2.0-rc1, <= 1.8.7
MEDIUM6.4Users with `create` but not `override` privileges can perform local sync in argo-cd
>= 1.2.0-rc1
MEDIUM5.3Unauthenticated Access to sensitive settings in Argo CD
from 0
MEDIUM5.3Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
>= 0.5.0
MEDIUM5.3Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
>= 0.5.0, <= 1.8.7
MEDIUM5.3Observable Discrepancy in Argo in github.com/argoproj/argo-cd
>= 1.5.0, < 1.5.1
MEDIUM5.3Observable Discrepancy in Argo in github.com/argoproj/argo-cd
>= 1.5.0, < 1.5.1
MEDIUM5.0Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
from 0, <= 1.8.7
MEDIUM5.0Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
from 0
MEDIUM4.8Argo CD' API server does not enforce project sourceNamespaces
from 0
MEDIUM4.7The Argo CD web terminal session does not handle the revocation of user permissions properly.
from 0
MEDIUM4.7Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
from 0, < 1.7.13, >= 1.8.0, < 1.8.6
MEDIUM4.3Argo CD allows authenticated users to enumerate clusters by name
>= 0.11.0, < 2.9.17
MEDIUM4.3Argo CD allows authenticated users to enumerate clusters by name
>= 0.11.0
MEDIUM4.3Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
>= 1.3.0, < 2.1.16
MEDIUM4.3Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
>= 1.3.0
MEDIUM4.3Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
from 0
MEDIUM4.3Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
from 0, < 2.1.15
MEDIUM4.3Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
from 0
LOW2.6Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
>= 2.3.0, < 2.3.6
LOW2.6Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
from 0