csaf_redhat - rhsa-2022

rhsa-2022_5153

Vulnerability from csaf_redhat

Published

2022-06-27 12:42

Modified

2024-11-22 19:33

Summary

Red Hat Security Advisory: Red Hat OpenShift GitOps security update

Notes

Topic

An update is now available for Red Hat OpenShift GitOps 1.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Security Fix(es): * argocd: vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or the UI. (CVE-2022-31034) * argocd: cross-site scripting (XSS) allow a malicious user to inject a javascript link in the UI (CVE-2022-31035) * argocd: vulnerable to an uncontrolled memory consumption bug (CVE-2022-31016) * argocd: vulnerable to a symlink following bug allowing a malicious user with repository write access (CVE-2022-31036) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat OpenShift GitOps 1.4.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.\n\nSecurity Fix(es):\n\n* argocd: vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or the UI. (CVE-2022-31034)\n\n* argocd: cross-site scripting (XSS) allow a malicious user to inject a javascript link in the UI (CVE-2022-31035)\n\n* argocd: vulnerable to an uncontrolled memory consumption bug (CVE-2022-31016)\n\n* argocd: vulnerable to a symlink following bug allowing a malicious user with repository write access (CVE-2022-31036)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:5153",
        "url": "https://access.redhat.com/errata/RHSA-2022:5153"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2096278",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096278"
      },
      {
        "category": "external",
        "summary": "2096282",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096282"
      },
      {
        "category": "external",
        "summary": "2096283",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096283"
      },
      {
        "category": "external",
        "summary": "2096291",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096291"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_5153.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat OpenShift GitOps security update",
    "tracking": {
      "current_release_date": "2024-11-22T19:33:57+00:00",
      "generator": {
        "date": "2024-11-22T19:33:57+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2022:5153",
      "initial_release_date": "2022-06-27T12:42:55+00:00",
      "revision_history": [
        {
          "date": "2022-06-27T12:42:55+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-06-27T12:42:55+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T19:33:57+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift GitOps 1.4",
                "product": {
                  "name": "Red Hat OpenShift GitOps 1.4",
                  "product_id": "8Base-GitOps-1.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift_gitops:1.4::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift GitOps"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-gitops-1/applicationset-rhel8@sha256:374aa562f7af0db1c11766dc2b0e5dd4a76549fee1de40508ea597a0d60ed73b_amd64",
                "product": {
                  "name": "openshift-gitops-1/applicationset-rhel8@sha256:374aa562f7af0db1c11766dc2b0e5dd4a76549fee1de40508ea597a0d60ed73b_amd64",
                  "product_id": "openshift-gitops-1/applicationset-rhel8@sha256:374aa562f7af0db1c11766dc2b0e5dd4a76549fee1de40508ea597a0d60ed73b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/applicationset-rhel8@sha256:374aa562f7af0db1c11766dc2b0e5dd4a76549fee1de40508ea597a0d60ed73b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/applicationset-rhel8\u0026tag=v1.4.9-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/argocd-rhel8@sha256:7ee44440267be3c3d435b8097fb612bf5dd6fe0cc17ecfe0ca0bbf9bd136ca25_amd64",
                "product": {
                  "name": "openshift-gitops-1/argocd-rhel8@sha256:7ee44440267be3c3d435b8097fb612bf5dd6fe0cc17ecfe0ca0bbf9bd136ca25_amd64",
                  "product_id": "openshift-gitops-1/argocd-rhel8@sha256:7ee44440267be3c3d435b8097fb612bf5dd6fe0cc17ecfe0ca0bbf9bd136ca25_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/argocd-rhel8@sha256:7ee44440267be3c3d435b8097fb612bf5dd6fe0cc17ecfe0ca0bbf9bd136ca25?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.4.9-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/gitops-rhel8@sha256:1226d32dfdd148450802a938830a7f1306aa2a78a2e0ce0ff712408511f5f55c_amd64",
                "product": {
                  "name": "openshift-gitops-1/gitops-rhel8@sha256:1226d32dfdd148450802a938830a7f1306aa2a78a2e0ce0ff712408511f5f55c_amd64",
                  "product_id": "openshift-gitops-1/gitops-rhel8@sha256:1226d32dfdd148450802a938830a7f1306aa2a78a2e0ce0ff712408511f5f55c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/gitops-rhel8@sha256:1226d32dfdd148450802a938830a7f1306aa2a78a2e0ce0ff712408511f5f55c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.4.9-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/dex-rhel8@sha256:c9aad6e71e7065524dd22dc292ae0f2109d261f5725a26f5a659d7fdb983976c_amd64",
                "product": {
                  "name": "openshift-gitops-1/dex-rhel8@sha256:c9aad6e71e7065524dd22dc292ae0f2109d261f5725a26f5a659d7fdb983976c_amd64",
                  "product_id": "openshift-gitops-1/dex-rhel8@sha256:c9aad6e71e7065524dd22dc292ae0f2109d261f5725a26f5a659d7fdb983976c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/dex-rhel8@sha256:c9aad6e71e7065524dd22dc292ae0f2109d261f5725a26f5a659d7fdb983976c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.4.9-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:70e6fad8c61c08777893e3dc3bbaf3ba4416314bd5e7a6e5436bf25fd2d1b110_amd64",
                "product": {
                  "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:70e6fad8c61c08777893e3dc3bbaf3ba4416314bd5e7a6e5436bf25fd2d1b110_amd64",
                  "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:70e6fad8c61c08777893e3dc3bbaf3ba4416314bd5e7a6e5436bf25fd2d1b110_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kam-delivery-rhel8@sha256:70e6fad8c61c08777893e3dc3bbaf3ba4416314bd5e7a6e5436bf25fd2d1b110?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.4.9-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/gitops-operator-bundle@sha256:d20149f6061e14edf0214ef2da7018eeb8c90b53d04ce3951429391391e59556_amd64",
                "product": {
                  "name": "openshift-gitops-1/gitops-operator-bundle@sha256:d20149f6061e14edf0214ef2da7018eeb8c90b53d04ce3951429391391e59556_amd64",
                  "product_id": "openshift-gitops-1/gitops-operator-bundle@sha256:d20149f6061e14edf0214ef2da7018eeb8c90b53d04ce3951429391391e59556_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/gitops-operator-bundle@sha256:d20149f6061e14edf0214ef2da7018eeb8c90b53d04ce3951429391391e59556?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-operator-bundle\u0026tag=v1.4.9-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:d6f784052a3d27884d5b8b5f6cb9f9ac653a0ecf8aa25212345030c3d30ddeba_amd64",
                "product": {
                  "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:d6f784052a3d27884d5b8b5f6cb9f9ac653a0ecf8aa25212345030c3d30ddeba_amd64",
                  "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:d6f784052a3d27884d5b8b5f6cb9f9ac653a0ecf8aa25212345030c3d30ddeba_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/gitops-rhel8-operator@sha256:d6f784052a3d27884d5b8b5f6cb9f9ac653a0ecf8aa25212345030c3d30ddeba?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.4.9-3"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/applicationset-rhel8@sha256:374aa562f7af0db1c11766dc2b0e5dd4a76549fee1de40508ea597a0d60ed73b_amd64 as a component of Red Hat OpenShift GitOps 1.4",
          "product_id": "8Base-GitOps-1.4:openshift-gitops-1/applicationset-rhel8@sha256:374aa562f7af0db1c11766dc2b0e5dd4a76549fee1de40508ea597a0d60ed73b_amd64"
        },
        "product_reference": "openshift-gitops-1/applicationset-rhel8@sha256:374aa562f7af0db1c11766dc2b0e5dd4a76549fee1de40508ea597a0d60ed73b_amd64",
        "relates_to_product_reference": "8Base-GitOps-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/argocd-rhel8@sha256:7ee44440267be3c3d435b8097fb612bf5dd6fe0cc17ecfe0ca0bbf9bd136ca25_amd64 as a component of Red Hat OpenShift GitOps 1.4",
          "product_id": "8Base-GitOps-1.4:openshift-gitops-1/argocd-rhel8@sha256:7ee44440267be3c3d435b8097fb612bf5dd6fe0cc17ecfe0ca0bbf9bd136ca25_amd64"
        },
        "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:7ee44440267be3c3d435b8097fb612bf5dd6fe0cc17ecfe0ca0bbf9bd136ca25_amd64",
        "relates_to_product_reference": "8Base-GitOps-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/dex-rhel8@sha256:c9aad6e71e7065524dd22dc292ae0f2109d261f5725a26f5a659d7fdb983976c_amd64 as a component of Red Hat OpenShift GitOps 1.4",
          "product_id": "8Base-GitOps-1.4:openshift-gitops-1/dex-rhel8@sha256:c9aad6e71e7065524dd22dc292ae0f2109d261f5725a26f5a659d7fdb983976c_amd64"
        },
        "product_reference": "openshift-gitops-1/dex-rhel8@sha256:c9aad6e71e7065524dd22dc292ae0f2109d261f5725a26f5a659d7fdb983976c_amd64",
        "relates_to_product_reference": "8Base-GitOps-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/gitops-operator-bundle@sha256:d20149f6061e14edf0214ef2da7018eeb8c90b53d04ce3951429391391e59556_amd64 as a component of Red Hat OpenShift GitOps 1.4",
          "product_id": "8Base-GitOps-1.4:openshift-gitops-1/gitops-operator-bundle@sha256:d20149f6061e14edf0214ef2da7018eeb8c90b53d04ce3951429391391e59556_amd64"
        },
        "product_reference": "openshift-gitops-1/gitops-operator-bundle@sha256:d20149f6061e14edf0214ef2da7018eeb8c90b53d04ce3951429391391e59556_amd64",
        "relates_to_product_reference": "8Base-GitOps-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:d6f784052a3d27884d5b8b5f6cb9f9ac653a0ecf8aa25212345030c3d30ddeba_amd64 as a component of Red Hat OpenShift GitOps 1.4",
          "product_id": "8Base-GitOps-1.4:openshift-gitops-1/gitops-rhel8-operator@sha256:d6f784052a3d27884d5b8b5f6cb9f9ac653a0ecf8aa25212345030c3d30ddeba_amd64"
        },
        "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:d6f784052a3d27884d5b8b5f6cb9f9ac653a0ecf8aa25212345030c3d30ddeba_amd64",
        "relates_to_product_reference": "8Base-GitOps-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/gitops-rhel8@sha256:1226d32dfdd148450802a938830a7f1306aa2a78a2e0ce0ff712408511f5f55c_amd64 as a component of Red Hat OpenShift GitOps 1.4",
          "product_id": "8Base-GitOps-1.4:openshift-gitops-1/gitops-rhel8@sha256:1226d32dfdd148450802a938830a7f1306aa2a78a2e0ce0ff712408511f5f55c_amd64"
        },
        "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:1226d32dfdd148450802a938830a7f1306aa2a78a2e0ce0ff712408511f5f55c_amd64",
        "relates_to_product_reference": "8Base-GitOps-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:70e6fad8c61c08777893e3dc3bbaf3ba4416314bd5e7a6e5436bf25fd2d1b110_amd64 as a component of Red Hat OpenShift GitOps 1.4",
          "product_id": "8Base-GitOps-1.4:openshift-gitops-1/kam-delivery-rhel8@sha256:70e6fad8c61c08777893e3dc3bbaf3ba4416314bd5e7a6e5436bf25fd2d1b110_amd64"
        },
        "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:70e6fad8c61c08777893e3dc3bbaf3ba4416314bd5e7a6e5436bf25fd2d1b110_amd64",
        "relates_to_product_reference": "8Base-GitOps-1.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-31016",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2022-06-13T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-GitOps-1.4:openshift-gitops-1/applicationset-rhel8@sha256:374aa562f7af0db1c11766dc2b0e5dd4a76549fee1de40508ea597a0d60ed73b_amd64",
            "8Base-GitOps-1.4:openshift-gitops-1/dex-rhel8@sha256:c9aad6e71e7065524dd22dc292ae0f2109d261f5725a26f5a659d7fdb983976c_amd64",
            "8Base-GitOps-1.4:openshift-gitops-1/gitops-operator-bundle@sha256:d20149f6061e14edf0214ef2da7018eeb8c90b53d04ce3951429391391e59556_amd64",
            "8Base-GitOps-1.4:openshift-gitops-1/gitops-rhel8-operator@sha256:d6f784052a3d27884d5b8b5f6cb9f9ac653a0ecf8aa25212345030c3d30ddeba_amd64",
            "8Base-GitOps-1.4:openshift-gitops-1/gitops-rhel8@sha256:1226d32dfdd148450802a938830a7f1306aa2a78a2e0ce0ff712408511f5f55c_amd64",
            "8Base-GitOps-1.4:openshift-gitops-1/kam-delivery-rhel8@sha256:70e6fad8c61c08777893e3dc3bbaf3ba4416314bd5e7a6e5436bf25fd2d1b110_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2096283"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in ArgoCD, which is vulnerable to an uncontrolled memory consumption bug. A crafted manifest file can lead the ArgoCD\u0027s repo-server component to crash, causing a denial of service. The attacker must be an authenticated user to exploit this vulnerability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "argocd: vulnerable to an uncontrolled memory consumption bug",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-GitOps-1.4:openshift-gitops-1/argocd-rhel8@sha256:7ee44440267be3c3d435b8097fb612bf5dd6fe0cc17ecfe0ca0bbf9bd136ca25_amd64"
        ],
        "known_not_affected": [
          "8Base-GitOps-1.4:openshift-gitops-1/applicationset-rhel8@sha256:374aa562f7af0db1c11766dc2b0e5dd4a76549fee1de40508ea597a0d60ed73b_amd64",
          "8Base-GitOps-1.4:openshift-gitops-1/dex-rhel8@sha256:c9aad6e71e7065524dd22dc292ae0f2109d261f5725a26f5a659d7fdb983976c_amd64",
          "8Base-GitOps-1.4:openshift-gitops-1/gitops-operator-bundle@sha256:d20149f6061e14edf0214ef2da7018eeb8c90b53d04ce3951429391391e59556_amd64",
          "8Base-GitOps-1.4:openshift-gitops-1/gitops-rhel8-operator@sha256:d6f784052a3d27884d5b8b5f6cb9f9ac653a0ecf8aa25212345030c3d30ddeba_amd64",
          "8Base-GitOps-1.4:openshift-gitops-1/gitops-rhel8@sha256:1226d32dfdd148450802a938830a7f1306aa2a78a2e0ce0ff712408511f5f55c_amd64",
          "8Base-GitOps-1.4:openshift-gitops-1/kam-delivery-rhel8@sha256:70e6fad8c61c08777893e3dc3bbaf3ba4416314bd5e7a6e5436bf25fd2d1b110_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-31016"
        },
        {
          "category": "external",
          "summary": "RHBZ#2096283",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096283"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31016",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-31016"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31016",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31016"
        },
        {
          "category": "external",
          "summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-jhqp-vf4w-rpwq",
          "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-jhqp-vf4w-rpwq"
        }
      ],
      "release_date": "2022-06-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-06-27T12:42:55+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-GitOps-1.4:openshift-gitops-1/argocd-rhel8@sha256:7ee44440267be3c3d435b8097fb612bf5dd6fe0cc17ecfe0ca0bbf9bd136ca25_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:5153"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-GitOps-1.4:openshift-gitops-1/argocd-rhel8@sha256:7ee44440267be3c3d435b8097fb612bf5dd6fe0cc17ecfe0ca0bbf9bd136ca25_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "argocd: vulnerable to an uncontrolled memory consumption bug"
    },
    {
      "cve": "CVE-2022-31034",
      "cwe": {
        "id": "CWE-331",
        "name": "Insufficient Entropy"
      },
      "discovery_date": "2022-06-13T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-GitOps-1.4:openshift-gitops-1/applicationset-rhel8@sha256:374aa562f7af0db1c11766dc2b0e5dd4a76549fee1de40508ea597a0d60ed73b_amd64",
            "8Base-GitOps-1.4:openshift-gitops-1/dex-rhel8@sha256:c9aad6e71e7065524dd22dc292ae0f2109d261f5725a26f5a659d7fdb983976c_amd64",
            "8Base-GitOps-1.4:openshift-gitops-1/gitops-operator-bundle@sha256:d20149f6061e14edf0214ef2da7018eeb8c90b53d04ce3951429391391e59556_amd64",
            "8Base-GitOps-1.4:openshift-gitops-1/gitops-rhel8-operator@sha256:d6f784052a3d27884d5b8b5f6cb9f9ac653a0ecf8aa25212345030c3d30ddeba_amd64",
            "8Base-GitOps-1.4:openshift-gitops-1/gitops-rhel8@sha256:1226d32dfdd148450802a938830a7f1306aa2a78a2e0ce0ff712408511f5f55c_amd64",
            "8Base-GitOps-1.4:openshift-gitops-1/kam-delivery-rhel8@sha256:70e6fad8c61c08777893e3dc3bbaf3ba4416314bd5e7a6e5436bf25fd2d1b110_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2096282"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Several Single sign-on (SSO) vulnerabilities were found in ArgoCD when the login process is initiated via CLI or UI interfaces. The vulnerabilities are related to using insufficiently random value parameters during the login process. This flaw gives the attacker elevated privileges, including the possibility of administrative rights.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "argocd: vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or the UI.",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-GitOps-1.4:openshift-gitops-1/argocd-rhel8@sha256:7ee44440267be3c3d435b8097fb612bf5dd6fe0cc17ecfe0ca0bbf9bd136ca25_amd64"
        ],
        "known_not_affected": [
          "8Base-GitOps-1.4:openshift-gitops-1/applicationset-rhel8@sha256:374aa562f7af0db1c11766dc2b0e5dd4a76549fee1de40508ea597a0d60ed73b_amd64",
          "8Base-GitOps-1.4:openshift-gitops-1/dex-rhel8@sha256:c9aad6e71e7065524dd22dc292ae0f2109d261f5725a26f5a659d7fdb983976c_amd64",
          "8Base-GitOps-1.4:openshift-gitops-1/gitops-operator-bundle@sha256:d20149f6061e14edf0214ef2da7018eeb8c90b53d04ce3951429391391e59556_amd64",
          "8Base-GitOps-1.4:openshift-gitops-1/gitops-rhel8-operator@sha256:d6f784052a3d27884d5b8b5f6cb9f9ac653a0ecf8aa25212345030c3d30ddeba_amd64",
          "8Base-GitOps-1.4:openshift-gitops-1/gitops-rhel8@sha256:1226d32dfdd148450802a938830a7f1306aa2a78a2e0ce0ff712408511f5f55c_amd64",
          "8Base-GitOps-1.4:openshift-gitops-1/kam-delivery-rhel8@sha256:70e6fad8c61c08777893e3dc3bbaf3ba4416314bd5e7a6e5436bf25fd2d1b110_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-31034"
        },
        {
          "category": "external",
          "summary": "RHBZ#2096282",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096282"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31034",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-31034"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31034",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31034"
        },
        {
          "category": "external",
          "summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2m7h-86qq-fp4v",
          "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2m7h-86qq-fp4v"
        }
      ],
      "release_date": "2022-06-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-06-27T12:42:55+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-GitOps-1.4:openshift-gitops-1/argocd-rhel8@sha256:7ee44440267be3c3d435b8097fb612bf5dd6fe0cc17ecfe0ca0bbf9bd136ca25_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:5153"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-GitOps-1.4:openshift-gitops-1/argocd-rhel8@sha256:7ee44440267be3c3d435b8097fb612bf5dd6fe0cc17ecfe0ca0bbf9bd136ca25_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "argocd: vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or the UI."
    },
    {
      "cve": "CVE-2022-31035",
      "cwe": {
        "id": "CWE-80",
        "name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
      },
      "discovery_date": "2022-06-13T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-GitOps-1.4:openshift-gitops-1/applicationset-rhel8@sha256:374aa562f7af0db1c11766dc2b0e5dd4a76549fee1de40508ea597a0d60ed73b_amd64",
            "8Base-GitOps-1.4:openshift-gitops-1/dex-rhel8@sha256:c9aad6e71e7065524dd22dc292ae0f2109d261f5725a26f5a659d7fdb983976c_amd64",
            "8Base-GitOps-1.4:openshift-gitops-1/gitops-operator-bundle@sha256:d20149f6061e14edf0214ef2da7018eeb8c90b53d04ce3951429391391e59556_amd64",
            "8Base-GitOps-1.4:openshift-gitops-1/gitops-rhel8-operator@sha256:d6f784052a3d27884d5b8b5f6cb9f9ac653a0ecf8aa25212345030c3d30ddeba_amd64",
            "8Base-GitOps-1.4:openshift-gitops-1/gitops-rhel8@sha256:1226d32dfdd148450802a938830a7f1306aa2a78a2e0ce0ff712408511f5f55c_amd64",
            "8Base-GitOps-1.4:openshift-gitops-1/kam-delivery-rhel8@sha256:70e6fad8c61c08777893e3dc3bbaf3ba4416314bd5e7a6e5436bf25fd2d1b110_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2096278"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A Cross-site scripting (XSS) flaw was found in ArgoCD. This flaw allows a malicious actor to trigger a Cross-site scripting (XSS) vulnerability by storing a link point to a javascript code in ArgoCD UI. A successful attack depends on a user clicking the malicious link and triggering the function available in the UI without the user\u0027s knowledge. The actions done by the malicious code will run with the same victim\u0027s level of access, including administrative privileges, if the victim has this level of permission.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "argocd: cross-site scripting (XSS) allow a malicious user to inject a javascript link in the UI",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-GitOps-1.4:openshift-gitops-1/argocd-rhel8@sha256:7ee44440267be3c3d435b8097fb612bf5dd6fe0cc17ecfe0ca0bbf9bd136ca25_amd64"
        ],
        "known_not_affected": [
          "8Base-GitOps-1.4:openshift-gitops-1/applicationset-rhel8@sha256:374aa562f7af0db1c11766dc2b0e5dd4a76549fee1de40508ea597a0d60ed73b_amd64",
          "8Base-GitOps-1.4:openshift-gitops-1/dex-rhel8@sha256:c9aad6e71e7065524dd22dc292ae0f2109d261f5725a26f5a659d7fdb983976c_amd64",
          "8Base-GitOps-1.4:openshift-gitops-1/gitops-operator-bundle@sha256:d20149f6061e14edf0214ef2da7018eeb8c90b53d04ce3951429391391e59556_amd64",
          "8Base-GitOps-1.4:openshift-gitops-1/gitops-rhel8-operator@sha256:d6f784052a3d27884d5b8b5f6cb9f9ac653a0ecf8aa25212345030c3d30ddeba_amd64",
          "8Base-GitOps-1.4:openshift-gitops-1/gitops-rhel8@sha256:1226d32dfdd148450802a938830a7f1306aa2a78a2e0ce0ff712408511f5f55c_amd64",
          "8Base-GitOps-1.4:openshift-gitops-1/kam-delivery-rhel8@sha256:70e6fad8c61c08777893e3dc3bbaf3ba4416314bd5e7a6e5436bf25fd2d1b110_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-31035"
        },
        {
          "category": "external",
          "summary": "RHBZ#2096278",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096278"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31035",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-31035"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31035",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31035"
        },
        {
          "category": "external",
          "summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-h4w9-6x78-8vrj",
          "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-h4w9-6x78-8vrj"
        }
      ],
      "release_date": "2022-06-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-06-27T12:42:55+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-GitOps-1.4:openshift-gitops-1/argocd-rhel8@sha256:7ee44440267be3c3d435b8097fb612bf5dd6fe0cc17ecfe0ca0bbf9bd136ca25_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:5153"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-GitOps-1.4:openshift-gitops-1/argocd-rhel8@sha256:7ee44440267be3c3d435b8097fb612bf5dd6fe0cc17ecfe0ca0bbf9bd136ca25_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "argocd: cross-site scripting (XSS) allow a malicious user to inject a javascript link in the UI"
    },
    {
      "cve": "CVE-2022-31036",
      "cwe": {
        "id": "CWE-61",
        "name": "UNIX Symbolic Link (Symlink) Following"
      },
      "discovery_date": "2022-06-13T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-GitOps-1.4:openshift-gitops-1/applicationset-rhel8@sha256:374aa562f7af0db1c11766dc2b0e5dd4a76549fee1de40508ea597a0d60ed73b_amd64",
            "8Base-GitOps-1.4:openshift-gitops-1/dex-rhel8@sha256:c9aad6e71e7065524dd22dc292ae0f2109d261f5725a26f5a659d7fdb983976c_amd64",
            "8Base-GitOps-1.4:openshift-gitops-1/gitops-operator-bundle@sha256:d20149f6061e14edf0214ef2da7018eeb8c90b53d04ce3951429391391e59556_amd64",
            "8Base-GitOps-1.4:openshift-gitops-1/gitops-rhel8-operator@sha256:d6f784052a3d27884d5b8b5f6cb9f9ac653a0ecf8aa25212345030c3d30ddeba_amd64",
            "8Base-GitOps-1.4:openshift-gitops-1/gitops-rhel8@sha256:1226d32dfdd148450802a938830a7f1306aa2a78a2e0ce0ff712408511f5f55c_amd64",
            "8Base-GitOps-1.4:openshift-gitops-1/kam-delivery-rhel8@sha256:70e6fad8c61c08777893e3dc3bbaf3ba4416314bd5e7a6e5436bf25fd2d1b110_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2096291"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A symlink following vulnerability was found in ArgoCD. A malicious user with write access can commit a symlink pointing to a file outside the expected directories. Once the Helm-type application consumes this symlink, the attacker can read the content of the file referenced by the symbolic link, compromising the confidentiality of other projects under the same ArgoCD installation.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "argocd: vulnerable to a symlink following bug allowing a malicious user with repository write access",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-GitOps-1.4:openshift-gitops-1/argocd-rhel8@sha256:7ee44440267be3c3d435b8097fb612bf5dd6fe0cc17ecfe0ca0bbf9bd136ca25_amd64"
        ],
        "known_not_affected": [
          "8Base-GitOps-1.4:openshift-gitops-1/applicationset-rhel8@sha256:374aa562f7af0db1c11766dc2b0e5dd4a76549fee1de40508ea597a0d60ed73b_amd64",
          "8Base-GitOps-1.4:openshift-gitops-1/dex-rhel8@sha256:c9aad6e71e7065524dd22dc292ae0f2109d261f5725a26f5a659d7fdb983976c_amd64",
          "8Base-GitOps-1.4:openshift-gitops-1/gitops-operator-bundle@sha256:d20149f6061e14edf0214ef2da7018eeb8c90b53d04ce3951429391391e59556_amd64",
          "8Base-GitOps-1.4:openshift-gitops-1/gitops-rhel8-operator@sha256:d6f784052a3d27884d5b8b5f6cb9f9ac653a0ecf8aa25212345030c3d30ddeba_amd64",
          "8Base-GitOps-1.4:openshift-gitops-1/gitops-rhel8@sha256:1226d32dfdd148450802a938830a7f1306aa2a78a2e0ce0ff712408511f5f55c_amd64",
          "8Base-GitOps-1.4:openshift-gitops-1/kam-delivery-rhel8@sha256:70e6fad8c61c08777893e3dc3bbaf3ba4416314bd5e7a6e5436bf25fd2d1b110_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-31036"
        },
        {
          "category": "external",
          "summary": "RHBZ#2096291",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096291"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31036",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-31036"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31036",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31036"
        },
        {
          "category": "external",
          "summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-q4w5-4gq2-98vm",
          "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-q4w5-4gq2-98vm"
        }
      ],
      "release_date": "2022-06-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-06-27T12:42:55+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-GitOps-1.4:openshift-gitops-1/argocd-rhel8@sha256:7ee44440267be3c3d435b8097fb612bf5dd6fe0cc17ecfe0ca0bbf9bd136ca25_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:5153"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-GitOps-1.4:openshift-gitops-1/argocd-rhel8@sha256:7ee44440267be3c3d435b8097fb612bf5dd6fe0cc17ecfe0ca0bbf9bd136ca25_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "argocd: vulnerable to a symlink following bug allowing a malicious user with repository write access"
    }
  ]
}

cve-2022-31016

Vulnerability from cvelistv5

Published

2022-06-25 07:40

Modified

2024-08-03 07:03

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

Argo CD vulnerable to Uncontrolled Memory Consumption

References

▼	URL	Tags
	https://github.com/argoproj/argo-cd/security/advisories/GHSA-jhqp-vf4w-rpwq	x_refsource_CONFIRM

Impacted products

▼	Vendor	Product
	argoproj	argo-cd

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:03:40.240Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-jhqp-vf4w-rpwq"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "argo-cd",
          "vendor": "argoproj",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.7.0, \u003c 2.1.16"
            },
            {
              "status": "affected",
              "version": "\u003e 2.0.0, \u003c 2.2.10"
            },
            {
              "status": "affected",
              "version": "\u003e 2.3.0, \u003c 2.3.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Argo CD is a declarative continuous deployment for Kubernetes. Argo CD versions v0.7.0 and later are vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service, resulting in a Denial of Service. The attacker must be an authenticated Argo CD user authorized to deploy Applications from a repository which contains (or can be made to contain) a large file. The fix for this vulnerability is available in versions 2.3.5, 2.2.10, 2.1.16, and later. There are no known workarounds. Users are recommended to upgrade."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-25T07:40:10",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-jhqp-vf4w-rpwq"
        }
      ],
      "source": {
        "advisory": "GHSA-jhqp-vf4w-rpwq",
        "discovery": "UNKNOWN"
      },
      "title": "Argo CD vulnerable to Uncontrolled Memory Consumption",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-31016",
          "STATE": "PUBLIC",
          "TITLE": "Argo CD vulnerable to Uncontrolled Memory Consumption"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "argo-cd",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 0.7.0, \u003c 2.1.16"
                          },
                          {
                            "version_value": "\u003e 2.0.0, \u003c 2.2.10"
                          },
                          {
                            "version_value": "\u003e 2.3.0, \u003c 2.3.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "argoproj"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Argo CD is a declarative continuous deployment for Kubernetes. Argo CD versions v0.7.0 and later are vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service, resulting in a Denial of Service. The attacker must be an authenticated Argo CD user authorized to deploy Applications from a repository which contains (or can be made to contain) a large file. The fix for this vulnerability is available in versions 2.3.5, 2.2.10, 2.1.16, and later. There are no known workarounds. Users are recommended to upgrade."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-400: Uncontrolled Resource Consumption"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-jhqp-vf4w-rpwq",
              "refsource": "CONFIRM",
              "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-jhqp-vf4w-rpwq"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-jhqp-vf4w-rpwq",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-31016",
    "datePublished": "2022-06-25T07:40:10",
    "dateReserved": "2022-05-18T00:00:00",
    "dateUpdated": "2024-08-03T07:03:40.240Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-31035

Vulnerability from cvelistv5

Published

2022-06-27 19:10

Modified

2024-08-03 07:03

Severity ?

9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Summary

External URLs for Deployments can include javascript in argo-cd

References

▼	URL	Tags
	https://github.com/argoproj/argo-cd/security/advisories/GHSA-h4w9-6x78-8vrj	x_refsource_CONFIRM
	https://github.com/argoproj/argo-cd/commit/8bc3ef690de29c68a36f473908774346a44d4038	x_refsource_MISC
	https://argo-cd.readthedocs.io/en/stable/user-guide/external-url/	x_refsource_MISC

Impacted products

▼	Vendor	Product
	argoproj	argo-cd

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:03:40.293Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-h4w9-6x78-8vrj"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/argoproj/argo-cd/commit/8bc3ef690de29c68a36f473908774346a44d4038"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://argo-cd.readthedocs.io/en/stable/user-guide/external-url/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "argo-cd",
          "vendor": "argoproj",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.0.0, \u003c 2.1.16"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.2.0, \u003c 2.2.10"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.3.0, \u003c 2.3.5"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.4.0, \u003c 2.4.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a `javascript:` link in the UI. When clicked by a victim user, the script will execute with the victim\u0027s permissions (up to and including admin). The script would be capable of doing anything which is possible in the UI or via the API, such as creating, modifying, and deleting Kubernetes resources. A patch for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. There are no completely-safe workarounds besides upgrading."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-27T19:10:11",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-h4w9-6x78-8vrj"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/argoproj/argo-cd/commit/8bc3ef690de29c68a36f473908774346a44d4038"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://argo-cd.readthedocs.io/en/stable/user-guide/external-url/"
        }
      ],
      "source": {
        "advisory": "GHSA-h4w9-6x78-8vrj",
        "discovery": "UNKNOWN"
      },
      "title": "External URLs for Deployments can include javascript in argo-cd",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-31035",
          "STATE": "PUBLIC",
          "TITLE": "External URLs for Deployments can include javascript in argo-cd"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "argo-cd",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 1.0.0, \u003c 2.1.16"
                          },
                          {
                            "version_value": "\u003e= 2.2.0, \u003c 2.2.10"
                          },
                          {
                            "version_value": "\u003e= 2.3.0, \u003c 2.3.5"
                          },
                          {
                            "version_value": "\u003e= 2.4.0, \u003c 2.4.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "argoproj"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a `javascript:` link in the UI. When clicked by a victim user, the script will execute with the victim\u0027s permissions (up to and including admin). The script would be capable of doing anything which is possible in the UI or via the API, such as creating, modifying, and deleting Kubernetes resources. A patch for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. There are no completely-safe workarounds besides upgrading."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-h4w9-6x78-8vrj",
              "refsource": "CONFIRM",
              "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-h4w9-6x78-8vrj"
            },
            {
              "name": "https://github.com/argoproj/argo-cd/commit/8bc3ef690de29c68a36f473908774346a44d4038",
              "refsource": "MISC",
              "url": "https://github.com/argoproj/argo-cd/commit/8bc3ef690de29c68a36f473908774346a44d4038"
            },
            {
              "name": "https://argo-cd.readthedocs.io/en/stable/user-guide/external-url/",
              "refsource": "MISC",
              "url": "https://argo-cd.readthedocs.io/en/stable/user-guide/external-url/"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-h4w9-6x78-8vrj",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-31035",
    "datePublished": "2022-06-27T19:10:11",
    "dateReserved": "2022-05-18T00:00:00",
    "dateUpdated": "2024-08-03T07:03:40.293Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-31034

Vulnerability from cvelistv5

Published

2022-06-27 19:00

Modified

2024-08-03 07:03

Severity ?

8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Summary

Insecure entropy in argo-cd

References

▼	URL	Tags
	https://github.com/argoproj/argo-cd/security/advisories/GHSA-2m7h-86qq-fp4v	x_refsource_CONFIRM
	https://github.com/argoproj/argo-cd/commit/17f7f4f462bdb233e1b9b36f67099f41052d8cb0	x_refsource_MISC

Impacted products

▼	Vendor	Product
	argoproj	argo-cd

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:03:40.296Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2m7h-86qq-fp4v"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/argoproj/argo-cd/commit/17f7f4f462bdb233e1b9b36f67099f41052d8cb0"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "argo-cd",
          "vendor": "argoproj",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.11.0, \u003c 2.1.16"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.2.0, \u003c 2.2.10"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.3.0, \u003c 2.3.5"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.4.0, \u003c 2.4.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in parameters in Oauth2/OIDC login flows. In each case, using a relatively-predictable (time-based) seed in a non-cryptographically-secure pseudo-random number generator made the parameter less random than required by the relevant spec or by general best practices. In some cases, using too short a value made the entropy even less sufficient. The attacks on login flows which are meant to be mitigated by these parameters are difficult to accomplish but can have a high impact potentially granting an attacker admin access to Argo CD. Patches for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. There are no known workarounds for this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-330",
              "description": "CWE-330: Use of Insufficiently Random Values",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-27T19:00:19",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2m7h-86qq-fp4v"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/argoproj/argo-cd/commit/17f7f4f462bdb233e1b9b36f67099f41052d8cb0"
        }
      ],
      "source": {
        "advisory": "GHSA-2m7h-86qq-fp4v",
        "discovery": "UNKNOWN"
      },
      "title": "Insecure entropy in argo-cd",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-31034",
          "STATE": "PUBLIC",
          "TITLE": "Insecure entropy in argo-cd"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "argo-cd",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 0.11.0, \u003c 2.1.16"
                          },
                          {
                            "version_value": "\u003e= 2.2.0, \u003c 2.2.10"
                          },
                          {
                            "version_value": "\u003e= 2.3.0, \u003c 2.3.5"
                          },
                          {
                            "version_value": "\u003e= 2.4.0, \u003c 2.4.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "argoproj"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in parameters in Oauth2/OIDC login flows. In each case, using a relatively-predictable (time-based) seed in a non-cryptographically-secure pseudo-random number generator made the parameter less random than required by the relevant spec or by general best practices. In some cases, using too short a value made the entropy even less sufficient. The attacks on login flows which are meant to be mitigated by these parameters are difficult to accomplish but can have a high impact potentially granting an attacker admin access to Argo CD. Patches for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. There are no known workarounds for this vulnerability."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-330: Use of Insufficiently Random Values"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2m7h-86qq-fp4v",
              "refsource": "CONFIRM",
              "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2m7h-86qq-fp4v"
            },
            {
              "name": "https://github.com/argoproj/argo-cd/commit/17f7f4f462bdb233e1b9b36f67099f41052d8cb0",
              "refsource": "MISC",
              "url": "https://github.com/argoproj/argo-cd/commit/17f7f4f462bdb233e1b9b36f67099f41052d8cb0"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-2m7h-86qq-fp4v",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-31034",
    "datePublished": "2022-06-27T19:00:19",
    "dateReserved": "2022-05-18T00:00:00",
    "dateUpdated": "2024-08-03T07:03:40.296Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-31036

Vulnerability from cvelistv5

Published

2022-06-27 19:15

Modified

2024-08-03 07:03

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server

References

▼	URL	Tags
	https://github.com/argoproj/argo-cd/security/advisories/GHSA-q4w5-4gq2-98vm	x_refsource_CONFIRM
	https://github.com/argoproj/argo-cd/commit/04c305396458508a31d03d44afea07b1c620d7cd	x_refsource_MISC

Impacted products

▼	Vendor	Product
	argoproj	argo-cd

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:03:40.299Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-q4w5-4gq2-98vm"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/argoproj/argo-cd/commit/04c305396458508a31d03d44afea07b1c620d7cd"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "argo-cd",
          "vendor": "argoproj",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.3.0, \u003c 2.1.16"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.2.0, \u003c 2.2.10"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.3.0, \u003c 2.3.5"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.4.0, \u003c 2.4.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.3.0 are vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD\u0027s repo-server. A malicious Argo CD user with write access for a repository which is (or may be) used in a Helm-type Application may commit a symlink which points to an out-of-bounds file. If the target file is a valid YAML file, the attacker can read the contents of that file. Sensitive files which could be leaked include manifest files from other Applications\u0027 source repositories (potentially decrypted files, if you are using a decryption plugin) or any YAML-formatted secrets which have been mounted as files on the repo-server. Patches for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. If you are using a version \u003e=v2.3.0 and do not have any Helm-type Applications you may disable the Helm config management tool as a workaround."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-61",
              "description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-27T19:15:16",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-q4w5-4gq2-98vm"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/argoproj/argo-cd/commit/04c305396458508a31d03d44afea07b1c620d7cd"
        }
      ],
      "source": {
        "advisory": "GHSA-q4w5-4gq2-98vm",
        "discovery": "UNKNOWN"
      },
      "title": "Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-31036",
          "STATE": "PUBLIC",
          "TITLE": "Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "argo-cd",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 1.3.0, \u003c 2.1.16"
                          },
                          {
                            "version_value": "\u003e= 2.2.0, \u003c 2.2.10"
                          },
                          {
                            "version_value": "\u003e= 2.3.0, \u003c 2.3.5"
                          },
                          {
                            "version_value": "\u003e= 2.4.0, \u003c 2.4.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "argoproj"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.3.0 are vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD\u0027s repo-server. A malicious Argo CD user with write access for a repository which is (or may be) used in a Helm-type Application may commit a symlink which points to an out-of-bounds file. If the target file is a valid YAML file, the attacker can read the contents of that file. Sensitive files which could be leaked include manifest files from other Applications\u0027 source repositories (potentially decrypted files, if you are using a decryption plugin) or any YAML-formatted secrets which have been mounted as files on the repo-server. Patches for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. If you are using a version \u003e=v2.3.0 and do not have any Helm-type Applications you may disable the Helm config management tool as a workaround."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20: Improper Input Validation"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-61: UNIX Symbolic Link (Symlink) Following"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-q4w5-4gq2-98vm",
              "refsource": "CONFIRM",
              "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-q4w5-4gq2-98vm"
            },
            {
              "name": "https://github.com/argoproj/argo-cd/commit/04c305396458508a31d03d44afea07b1c620d7cd",
              "refsource": "MISC",
              "url": "https://github.com/argoproj/argo-cd/commit/04c305396458508a31d03d44afea07b1c620d7cd"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-q4w5-4gq2-98vm",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-31036",
    "datePublished": "2022-06-27T19:15:16",
    "dateReserved": "2022-05-18T00:00:00",
    "dateUpdated": "2024-08-03T07:03:40.299Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

rhsa-2022_5153

Vulnerability from csaf_redhat

cve-2022-31016

Vulnerability from cvelistv5

cve-2022-31035

Vulnerability from cvelistv5

cve-2022-31034

Vulnerability from cvelistv5

cve-2022-31036

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature