Vulnerabilities > Argoproj > Argo CD > 1.2.2

DATE CVE VULNERABILITY TITLE RISK
2022-06-27 CVE-2022-31035 Unspecified vulnerability in Argoproj Argo CD
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.
network
low complexity
argoproj
5.4
2022-06-25 CVE-2022-31016 Allocation of Resources Without Limits or Throttling vulnerability in Argoproj Argo CD
Argo CD is a declarative continuous deployment for Kubernetes.
network
low complexity
argoproj CWE-770
6.5
2022-05-20 CVE-2022-24904 Link Following vulnerability in Argoproj Argo CD
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.
network
low complexity
argoproj CWE-59
4.3
2022-05-20 CVE-2022-24905 Unspecified vulnerability in Argoproj Argo CD
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.
network
low complexity
argoproj
4.3
2022-03-23 CVE-2022-24768 Missing Authorization vulnerability in Argoproj Argo CD
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.
network
low complexity
argoproj CWE-862
8.8
2022-02-04 CVE-2022-24348 Path Traversal vulnerability in Argoproj Argo CD
Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go.
network
low complexity
argoproj CWE-22
7.7
2021-03-15 CVE-2021-26924 Cross-site Scripting vulnerability in Argoproj Argo CD
An issue was discovered in Argo CD before 1.8.4.
network
low complexity
argoproj CWE-79
6.1
2021-03-15 CVE-2021-26923 Information Exposure vulnerability in Argoproj Argo CD
An issue was discovered in Argo CD before 1.8.4.
network
low complexity
argoproj CWE-200
7.5
2021-03-03 CVE-2021-23347 Cross-site Scripting vulnerability in Argoproj Argo CD
The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting (XSS) the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user.
network
low complexity
argoproj CWE-79
4.8
2021-02-09 CVE-2021-26921 Insufficient Session Expiration vulnerability in Argoproj Argo CD
In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled.
network
low complexity
argoproj CWE-613
6.5