PT-2025-4855 · Argo Cd+1 · Argo Cd+1
Jannfis
+1
·
Publicado
2025-01-30
·
Atualizado
2025-06-06
·
CVE-2025-23216
CVSS v3.1
6.8
Média
| Vetor | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Argo CD versions prior to v2.13.4
Argo CD versions prior to v2.12.10
Argo CD versions prior to v2.11.13
Description
A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository. The vulnerability assumes the user has write access to the repository and can exploit it, either intentionally or unintentionally, by committing an invalid Secret to repository and triggering a Sync. Once exploited, any user with read access to Argo CD can view the exposed secret data.
Recommendations
For versions prior to v2.13.4, update to v2.13.4 or later to fix the vulnerability.
For versions prior to v2.12.10, update to v2.12.10 or later to fix the vulnerability.
For versions prior to v2.11.13, update to v2.11.13 or later to fix the vulnerability.
As a temporary workaround is not available, upgrading to the specified versions is the recommended course of action.
Exploit
Correção
Generation of Error Message Containing Sensitive Information
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Argo Cd
Suse