CNNVD-202509-4433 Information
CNNVD ID
CNNVD-202509-4433
Related CVE
- CNNVD Published: 2025-09-30
Description (Chinese)
Argo CD是Argo开源的一个用于Kubernetes的声明性GitOps连续交付工具。 Argo CD存在竞争条件问题漏洞,该漏洞源于存储库凭据处理程序存在竞争条件,可能导致拒绝服务攻击。以下版本受到影响:2.1.0版本至2.14.19版本、3.2.0-rc1版本、3.1.0-rc1版本至3.1.7版本和3.0.0-rc1版本至3.0.18版本。
Description (English)
Argo CD is a declaratory Gitops continuum delivery tool for Kubernetes, an open source of Argo. Argo CD has a loophole on the issue of competitive conditions, which stems from the existence of competitive conditions in the repository’s documented procedures, which may lead to denial of service attacks. The following versions were affected: 2.1.0 to 2.14.19, 3.2.0-rc1, 3.1.0-rc1 to 3.1.7 and 3.0.0-rc1 to 3.0.18.
Hazard Level
High
Vulnerability Type
竞争条件问题
Affected Vendor
Argo
Published
2025-09-30
Last Modified
2026-02-24
References
https://github.com/argoproj/argo-cd/commit/701bc50d01c752cad96185f848088d287a97c7b7 https://github.com/argoproj/argo-cd/pull/6103 https://github.com/argoproj/argo-cd/security/advisories/GHSA-g88p-r42r-ppp9
Patch
https://argo-cd.readthedocs.io/en/stable/
Share on: