-
Notifications
You must be signed in to change notification settings - Fork 5.7k
Security: argoproj/argo-cd
Security Navigation
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Web terminal session doesn't expireGHSA-c8xw-vjgf-94hr published
Aug 23, 2023 by crenshaw-devModerate -
Authenticated but unauthorized users may enumerate Application names via the APIGHSA-2q5c-qw9c-fmvq published
Mar 23, 2023 by crenshaw-devModerate -
Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-serverGHSA-6jqw-jwf5-rp8h published
Sep 27, 2023 by crenshaw-devModerate -
JWT audience claim is not verifiedGHSA-q9hr-j4rf-8fjc published
Jan 25, 2023 by crenshaw-devCritical -
Insecure entropy in PKCE/Oauth2/OIDC paramsGHSA-2m7h-86qq-fp4v published
Jun 21, 2022 by crenshaw-devHigh -
DoS through large directory app manifest filesGHSA-jhqp-vf4w-rpwq published
Jun 21, 2022 by crenshaw-devModerate -
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-serverGHSA-q4w5-4gq2-98vm published
Jun 21, 2022 by crenshaw-devModerate -
A leaked API server encryption key can allow XSS for SSO usersGHSA-pmjg-52h9-72qv published
Jul 12, 2022 by crenshaw-devLow -
External URLs for Deployments can include javascriptGHSA-h4w9-6x78-8vrj published
Jun 21, 2022 by crenshaw-devCritical -
Argo CD will trust invalid JWT claims if anonymous access is enabledGHSA-r642-gv9p-2wjj published
May 18, 2022 by jannfisCritical