CNNVD-202510-011 Information
CNNVD ID
CNNVD-202510-011
Related CVE
- CNNVD Published: 2025-10-01
Description (Chinese)
Argo CD是Argo开源的一个用于Kubernetes的声明性GitOps连续交付工具。 Argo CD存在安全漏洞,该漏洞源于处理恶意API请求时未配置webhook.bitbucketserver.secret,可能导致拒绝服务攻击。以下版本受到影响:1.8.7及之前版本、2.14.19及之前版本、3.2.0-rc1及之前版本、3.1.7版本和3.0.18版本。
Description (English)
Argo CD is a declaratory Gitops continuum delivery tool for Kubernetes, an open source of Argo. The Argo CD has a security loophole, which stems from the fact that webhouk.bitbucketserver.secret is not equipped to process malicious API requests and may lead to a denial of service attack. The following versions were affected: 1.8.7 and earlier, 2.14.19 and earlier, 3.2.0-rc1 and earlier, 3.1.7 and 3.0.18.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Argo
Published
2025-10-01
Last Modified
2026-02-24
References
https://github.com/argoproj/argo-cd/commit/5c466a4e39802e059e75c0008ae7b7b8e842538f https://github.com/argoproj/argo-cd/security/advisories/GHSA-f9gq-prrc-hrhc
Patch
https://argo-cd.readthedocs.io/en/stable/
Share on: