CNNVD-202601-4445 Information
CNNVD ID
CNNVD-202601-4445
Related CVE
- CNNVD Published: 2026-01-27
Description (Chinese)
kargo是Akuity开源的一个持续交付工具。 kargo 1.8.7之前版本、1.7.7之前版本和1.6.3之前版本存在安全漏洞,该漏洞源于GetConfig和RefreshResource API端点的身份验证检查存在缺陷,可能导致未经身份验证的用户访问配置数据或执行拒绝服务攻击。
Description (English)
Kargo is an ongoing delivery tool for Akuity. There is a security loophole in previous versions of kargo 1.8.7, 1.7.7 and 1.6.3, which stems from deficiencies in the identification checks at the GetConfig and RefreshResource API endpoints, which may lead to uncertified users accessing configuration data or performing denial service attacks.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Akuity
Published
2026-01-27
Last Modified
2026-02-24
References
https://github.com/akuity/kargo/commit/23646eaefb449a6cc2e76a8033e8a57f71369772 https://github.com/akuity/kargo/commit/aa28f81ac15ad871c6eba329fc2f0417a08c39d7 https://github.com/akuity/kargo/commit/b3297ace0d3b9e7f7128858c5c4288d77f072b8c https://github.com/akuity/kargo/security/advisories/GHSA-w5wv-wvrp-v5m5
Patch
https://github.com/akuity/kargo/releases
Share on: