Vulnerabilities > Argoproj > Argo CD > 1.8.5

DATE CVE VULNERABILITY TITLE RISK
2022-02-04 CVE-2022-24348 Path Traversal vulnerability in Argoproj Argo CD
Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go.
network
low complexity
argoproj CWE-22
7.7
2021-05-12 CVE-2021-23135 Information Exposure Through an Error Message vulnerability in Argoproj Argo CD
Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs.
local
low complexity
argoproj CWE-209
5.5
2021-03-03 CVE-2021-23347 Cross-site Scripting vulnerability in Argoproj Argo CD
The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting (XSS) the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user.
network
low complexity
argoproj CWE-79
4.8