Argo CD is a declarative continuous deployment for Kubernetes. Argo CD versions v0.7.0 and later are vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service, resulting in a Denial of Service. The attacker must be an authenticated Argo CD user authorized to deploy Applications from a repository which contains (or can be made to contain) a large file. The fix for this vulnerability is available in versions 2.3.5, 2.2.10, 2.1.16, and later. There are no known workarounds. Users are recommended to upgrade.
History

Wed, 07 Aug 2024 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Argoproj
Argoproj argo Cd
CPEs cpe:2.3:a:linuxfoundation:argo-cd:*:*:*:*:*:*:*:* cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*
Vendors & Products Linuxfoundation
Linuxfoundation argo-cd
Argoproj
Argoproj argo Cd

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-06-25T07:40:10

Updated: 2024-08-03T07:03:40.240Z

Reserved: 2022-05-18T00:00:00

Link: CVE-2022-31016

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-06-25T08:15:09.307

Modified: 2024-11-21T07:03:43.183

Link: CVE-2022-31016

cve-icon Redhat

Severity : Moderate

Publid Date: 2022-06-15T00:00:00Z

Links: CVE-2022-31016 - Bugzilla