apk package
chainguard/argo-cd-fips-2.8-compat
pkg:apk/chainguard/argo-cd-fips-2.8-compat
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-6104 | — | < 2.8.20-r5 | 2.8.20-r5 | Jun 24, 2024 | go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7. | ||
| CVE-2024-31989 | — | < 2.8.19-r0 | 2.8.19-r0 | May 21, 2024 | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has been discovered that an unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Despite having installed the latest version of the VPC CNI plugin | ||
| CVE-2024-24788 | Med | 5.9 | < 2.8.18-r1 | 2.8.18-r1 | May 8, 2024 | A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop. | |
| CVE-2024-24787 | Med | 6.4 | < 2.8.18-r1 | 2.8.18-r1 | May 8, 2024 | On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive. | |
| CVE-2024-32476 | — | < 2.8.17-r0 | 2.8.17-r0 | Apr 26, 2024 | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. There is a Denial of Service (DoS) vulnerability via OOM using jq in ignoreDifferences. This vulnerability has been patched in version(s) 2.10.7, 2.9.12 and 2.8.16. | ||
| CVE-2024-31990 | — | < 2.8.16-r0 | 2.8.16-r0 | Apr 15, 2024 | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces which allows attackers to use the UI to edit resources which should only be mutable via gitops. This vulenrability is fixed in 2.10.7, 2.9.12, and 2. | ||
| CVE-2024-29893 | — | < 2.8.14-r0 | 2.8.14-r0 | Mar 29, 2024 | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, it's possible to crash the repo server componen | ||
| CVE-2023-5528 | — | < 0 | 0 | Nov 14, 2023 | A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes. | ||
| CVE-2021-25743 | — | < 0 | 0 | Jan 7, 2022 | kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events. |
- CVE-2024-6104Jun 24, 2024affected < 2.8.20-r5fixed 2.8.20-r5
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.
- CVE-2024-31989May 21, 2024affected < 2.8.19-r0fixed 2.8.19-r0
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has been discovered that an unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Despite having installed the latest version of the VPC CNI plugin
- affected < 2.8.18-r1fixed 2.8.18-r1
A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.
- affected < 2.8.18-r1fixed 2.8.18-r1
On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.
- CVE-2024-32476Apr 26, 2024affected < 2.8.17-r0fixed 2.8.17-r0
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. There is a Denial of Service (DoS) vulnerability via OOM using jq in ignoreDifferences. This vulnerability has been patched in version(s) 2.10.7, 2.9.12 and 2.8.16.
- CVE-2024-31990Apr 15, 2024affected < 2.8.16-r0fixed 2.8.16-r0
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces which allows attackers to use the UI to edit resources which should only be mutable via gitops. This vulenrability is fixed in 2.10.7, 2.9.12, and 2.
- CVE-2024-29893Mar 29, 2024affected < 2.8.14-r0fixed 2.8.14-r0
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, it's possible to crash the repo server componen
- CVE-2023-5528Nov 14, 2023affected < 0fixed 0
A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.
- CVE-2021-25743Jan 7, 2022affected < 0fixed 0
kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.