Filtered by vendor Redhat
Subscriptions
Filtered by product Openshift Gitops
Subscriptions
Total
68 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-24348 | 2 Argoproj, Redhat | 2 Argo Cd, Openshift Gitops | 2024-11-21 | 7.7 High |
| Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file. | ||||
| CVE-2022-1996 | 3 Fedoraproject, Go-restful Project, Redhat | 6 Fedora, Go-restful, Container Native Virtualization and 3 more | 2024-11-21 | 9.1 Critical |
| Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0. | ||||
| CVE-2022-1025 | 2 Argoproj, Redhat | 2 Argo Cd, Openshift Gitops | 2024-11-21 | 8.8 High |
| All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level. | ||||
| CVE-2021-3557 | 2 Argoproj, Redhat | 2 Argo Cd, Openshift Gitops | 2024-11-21 | 6.5 Medium |
| A flaw was found in argocd. Any unprivileged user is able to deploy argocd in their namespace and with the created ServiceAccount argocd-argocd-server, the unprivileged user is able to read all resources of the cluster including all secrets which might enable privilege escalations. The highest threat from this vulnerability is to data confidentiality. | ||||
| CVE-2024-43800 | 2 Openjsf, Redhat | 11 Serve-static, Discovery, Network Observ Optr and 8 more | 2024-09-20 | 5 Medium |
| serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0. | ||||
| CVE-2024-43799 | 2 Redhat, Send Project | 11 Discovery, Network Observ Optr, Openshift and 8 more | 2024-09-20 | 5 Medium |
| Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0. | ||||
| CVE-2024-45590 | 3 Expressjs, Openjsf, Redhat | 13 Body-parser, Body-parser, Advanced Cluster Security and 10 more | 2024-09-20 | 7.5 High |
| body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3. | ||||
| CVE-2024-43796 | 2 Openjsf, Redhat | 11 Express, Discovery, Network Observ Optr and 8 more | 2024-09-20 | 5 Medium |
| Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0. | ||||