x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-1025 #516

GoVulnBot · 2022-07-12T22:01:09Z

CVE-2022-1025 references github.com/argoproj/argo-cd, which may be a Go module.

Description:
All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level.

Links:

See doc/triage.md for instructions on how to triage this report.

packages:
  - module: github.com/argoproj/argo-cd
    package: ArgoCD
description: |
    All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level.
cves:
  - CVE-2022-1025
links:
    context:
      - https://github.com/argoproj/argo-cd/security/advisories/GHSA-2f5v-8r3f-8pww

The text was updated successfully, but these errors were encountered:

neild · 2022-07-27T22:20:35Z

Vulnerability in tool.

gopherbot · 2024-06-14T19:53:14Z

Change https://go.dev/cl/592768 mentions this issue: data/reports: unexclude 50 reports

gopherbot · 2024-08-20T19:35:34Z

Change https://go.dev/cl/607220 mentions this issue: data/reports: unexclude 20 reports (18)

- data/reports/GO-2022-0507.yaml - data/reports/GO-2022-0508.yaml - data/reports/GO-2022-0509.yaml - data/reports/GO-2022-0510.yaml - data/reports/GO-2022-0511.yaml - data/reports/GO-2022-0512.yaml - data/reports/GO-2022-0516.yaml - data/reports/GO-2022-0517.yaml - data/reports/GO-2022-0518.yaml - data/reports/GO-2022-0540.yaml - data/reports/GO-2022-0547.yaml - data/reports/GO-2022-0550.yaml - data/reports/GO-2022-0554.yaml - data/reports/GO-2022-0556.yaml - data/reports/GO-2022-0559.yaml - data/reports/GO-2022-0560.yaml - data/reports/GO-2022-0561.yaml - data/reports/GO-2022-0562.yaml - data/reports/GO-2022-0566.yaml - data/reports/GO-2022-0570.yaml Updates #507 Updates #508 Updates #509 Updates #510 Updates #511 Updates #512 Updates #516 Updates #517 Updates #518 Updates #540 Updates #547 Updates #550 Updates #554 Updates #556 Updates #559 Updates #560 Updates #561 Updates #562 Updates #566 Updates #570 Change-Id: I3197ea86e01d2ed4ae9e7f17dbd7a3e495c903e4 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/607220 Reviewed-by: Damien Neil <dneil@google.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

neild self-assigned this Jul 27, 2022

neild added the NotGoVuln label Jul 27, 2022

neild closed this as completed Jul 27, 2022

neild added excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. and removed NotGoVuln labels Aug 10, 2022

GoVulnBot mentioned this issue Feb 8, 2023

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2023-25163 #1548

Closed

GoVulnBot mentioned this issue Feb 16, 2023

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2023-23947 #1577

Closed

GoVulnBot mentioned this issue Mar 27, 2023

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-41354 #1679

Closed

This was referenced Aug 23, 2023

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: GHSA-c8xw-vjgf-94hr #2018

Closed

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2023-40025 #2019

Closed

This was referenced Sep 8, 2023

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2023-40029 #2049

Closed

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2023-40584 #2050

Closed

GoVulnBot mentioned this issue Sep 27, 2023

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2023-40026 #2086

Closed

GoVulnBot mentioned this issue Jan 19, 2024

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2024-22424 #2470

Closed

This was referenced Mar 18, 2024

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: GHSA-2vgg-9h6w-m454 #2652

Closed

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: GHSA-6v85-wr92-q4p7 #2654

Closed

GoVulnBot mentioned this issue Apr 15, 2024

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2024-31990 #2728

Closed

GoVulnBot mentioned this issue Apr 26, 2024

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2024-32476 #2792

Closed

This was referenced May 21, 2024

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: GHSA-9766-5277-j5hr #2876

Closed

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2024-31989 #2877

Closed

This was referenced Jun 7, 2024

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2024-36106 #2898

Closed

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2024-37152 #2902

Closed

GoVulnBot mentioned this issue Jul 24, 2024

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2024-41666 #3006

Closed

This was referenced Jan 28, 2025

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd/v2: GHSA-58fx-7v9q-3g56 #3427

Closed

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2025-23216 #3433

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-1025 #516

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-1025 #516

GoVulnBot commented Jul 12, 2022

neild commented Jul 27, 2022

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-1025 #516

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-1025 #516

Comments

GoVulnBot commented Jul 12, 2022

neild commented Jul 27, 2022

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024