CVE-2025-23216

Medium CVSS: 6.8

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository. The vulnerability assumes the user has write access to the repository and can exploit it, either intentionally or unintentionally, by committing an invalid Secret to repository and triggering a Sync. Once exploited, any user with read access to Argo CD can view the exposed secret data. The vulnerability is fixed in v2.13.4, v2.12.10, and v2.11.13.

Vendor

Argoproj

Product

Argo Cd

CWE

CWE-200

Yayın Tarihi

2025-01-30 16:15:31

Güncelleme

2025-06-06 15:44:21

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-200 Argo Cd MEDIUM Argoproj 2025

Referanslar

https://github.com/argoproj/argo-cd/commit/6f5537bdf15ddbaa0f27a1a678632ff0743e4107 https://github.com/argoproj/argo-cd/security/advisories/GHSA-47g2-qmh2-749v https://github.com/argoproj/gitops-engine/commit/7e21b91e9d0f64104c8a661f3f390c5e6d73ddca

Benzer Kayıtlar

High

CVE-2026-31892

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.…

Critical

CVE-2026-28229

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior t…

High

CVE-2026-23960

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior t…

High

CVE-2025-66626

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Version…

High

CVE-2025-62156

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Version…

High

CVE-2025-62157

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Wo…