CNNVD-202509-429 Information
CNNVD ID
CNNVD-202509-429
Related CVE
- CNNVD Published: 2025-09-04
Description (Chinese)
Argo CD是Argo开源的一个用于Kubernetes的声明性GitOps连续交付工具。 Argo CD存在信息泄露漏洞,该漏洞源于项目级权限API令牌可检索敏感仓库凭据。以下版本受到影响:2.13.0至2.13.8版本、2.14.0至2.14.15版本、3.0.0至3.0.12版本和3.1.0-rc1至3.1.1版本。
Description (English)
Argo CD is a declaratory Gitops continuum delivery tool for Kubernetes, an open source of Argo. The Argo CD has a leaky information loophole, which stems from the project-level access API tokens that can be retrieved from sensitive warehouses. The following versions were affected: 2.1.3 to 2.13.8, 2.1.4 to 2.14.15, 3.0.0 to 3.0.12 and 3.1.0-rc1 to 3.1.1.
Hazard Level
Low
Vulnerability Type
信息泄露
Affected Vendor
Argo
Published
2025-09-04
Last Modified
2026-02-24
References
https://github.com/argoproj/argo-cd/commit/e8f86101f5378662ae6151ce5c3a76e9141900e8 https://github.com/argoproj/argo-cd/security/advisories/GHSA-786q-9hcg-v9ff
Patch
https://argo-cd.readthedocs.io/en/stable/
Share on: