Approved changes feed: RSS · Atom
cpe:2.3:a:kubernetes:argo-cd:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Kubernetes (3ee05930-9e42-51b2-ad52-30832f573b15) |
|---|---|
| Product | Argo Cd (1d7448d2-9582-5a1c-ae3b-5caaf6c900fe) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-31990 |
vulnerable | 2026-06-03 14:55:40.497081 |
Argo CD' API server does not enforce project sourceNamespaces
MEDIUM (4.8)
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces which allows attackers to use the UI to edit resources which should only be mutable via gitops. This vulenrability is fixed in 2.10.7, 2.9.12, and 2.8.16.
Published: 2024-04-15T19:52:55.718Z
Updated: 2024-08-02T01:59:50.786Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.