Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: GHSA-9766-5277-j5hr #2876

Closed
GoVulnBot opened this issue May 21, 2024 · 1 comment
Closed

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: GHSA-9766-5277-j5hr #2876

GoVulnBot opened this issue May 21, 2024 · 1 comment
Labels
duplicate

Comments

@GoVulnBot
Copy link

In GitHub Security Advisory GHSA-9766-5277-j5hr, there is a vulnerability in the following Go packages or modules:

Unit Fixed Vulnerable Ranges
github.com/argoproj/argo-cd <= 1.8.7

Cross references:

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/argoproj/argo-cd
      non_go_versions:
        - {}
      vulnerable_at: 1.8.6
      packages:
        - package: github.com/argoproj/argo-cd
    - module: github.com/argoproj/argo-cd
      non_go_versions:
        - fixed: 2.8.19
      vulnerable_at: 1.8.6
      packages:
        - package: github.com/argoproj/argo-cd/v2
    - module: github.com/argoproj/argo-cd/v2
      versions:
        - introduced: 2.9.0-rc1
          fixed: 2.9.15
        - introduced: 2.10.0-rc1
          fixed: 2.10.10
        - introduced: 2.11.0-rc1
          fixed: 2.11.1
      vulnerable_at: 2.11.0
      packages:
        - package: github.com/argoproj/argo-cd/v2
summary: |-
    ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis
    Cache in github.com/argoproj/argo-cd
cves:
    - CVE-2024-31989
ghsas:
    - GHSA-9766-5277-j5hr
references:
    - advisory: https://github.com/advisories/GHSA-9766-5277-j5hr
    - advisory: https://github.com/argoproj/argo-cd/security/advisories/GHSA-9766-5277-j5hr
    - fix: https://github.com/argoproj/argo-cd/commit/2de0ceade243039c120c28374016c04ff9590d1d
    - fix: https://github.com/argoproj/argo-cd/commit/35a7d6c7fa1534aceba763d6a68697f36c12e678
    - fix: https://github.com/argoproj/argo-cd/commit/4e2fe302c3352a0012ecbe7f03476b0e07f7fc6c
    - fix: https://github.com/argoproj/argo-cd/commit/53570cbd143bced49d4376d6e31bd9c7bd2659ff
    - fix: https://github.com/argoproj/argo-cd/commit/6ef7b62a0f67e74b4aac2aee31c98ae49dd95d12
    - fix: https://github.com/argoproj/argo-cd/commit/9552034a80070a93a161bfa330359585f3b85f07
    - fix: https://github.com/argoproj/argo-cd/commit/bdd889d43969ba738ddd15e1f674d27964048994
    - fix: https://github.com/argoproj/argo-cd/commit/f1a449e83ee73f8f14d441563b6a31b504f8d8b0
source:
    id: GHSA-9766-5277-j5hr
    created: 2024-05-21T19:01:33.911074972Z
review_status: UNREVIEWED
@tatianab
Copy link
Contributor

tatianab commented Jun 5, 2024

Duplicate of #2877

@tatianab tatianab marked this as a duplicate of #2877 Jun 5, 2024
@tatianab tatianab closed this as completed Jun 5, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
duplicate
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tatianab @GoVulnBot