Vulnerabilities > Argoproj > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-23 | CVE-2022-24768 | Missing Authorization vulnerability in Argoproj Argo CD Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. | 8.8 |
| 2022-02-04 | CVE-2022-24348 | Path Traversal vulnerability in Argoproj Argo CD Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. | 7.7 |
| 2021-03-15 | CVE-2021-26923 | Information Exposure vulnerability in Argoproj Argo CD An issue was discovered in Argo CD before 1.8.4. | 7.5 |
| 2020-04-08 | CVE-2020-8828 | Insecure Default Initialization of Resource vulnerability in Argoproj Argo CD As of v1.5.0, the default admin password is set to the argocd-server pod name. | 8.8 |
| 2020-04-08 | CVE-2020-8827 | Improper Restriction of Excessive Authentication Attempts vulnerability in Argoproj Argo CD As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. | 7.5 |
| 2020-04-08 | CVE-2020-8826 | Session Fixation vulnerability in Argoproj Argo CD As of v1.5.0, the Argo web interface authentication system issued immutable tokens. | 7.5 |