Lucene search
GoogleOSV:GO-2024-2643HistoryMar 22, 2024 - 6:12 p.m.
Bypass manifest during application creation in github.com/argoproj/argo-cd/v2
2024-03-2218:12:03
Google
osv.dev
11
github
argo cd
validation bug
manifest approval
CVSS3
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
AI Score
6.5
Confidence
Low
EPSS
0
Percentile
15.5%
An improper validation bug allows users who have create privileges to sync a local manifest during application creation. This allows for bypassing the restriction that the manifests come from some approved git/Helm/OCI source.
Related
prion
prion
Input validation
2024-03-13 21:15:00
osv
osv
CGA-2hpg-6cmm-v45c
2024-06-06 12:21:02
CGA-jgmf-m3v3-cw6g
2024-06-06 12:26:06
Users with `create` but not `override` privileges can perform local sync
2024-03-15 16:33:19
cve
cve
CVE-2023-50726
2024-03-13 21:15:54
redhatcve
redhatcve
CVE-2023-50726
2024-03-14 05:07:12
cvelist
cvelist
nvd
nvd
CVE-2023-50726
2024-03-13 21:15:54
cgr
cgr
CVE-2023-50726 vulnerabilities
2024-05-19 03:07:16
github
github
Users with `create` but not `override` privileges can perform local sync
2024-03-15 16:33:19
veracode
veracode
Improper Privilege Management
2024-03-15 06:13:08
nessus
nessus
redhat
redhat
CVSS3
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
AI Score
6.5
Confidence
Low
EPSS
0
Percentile
15.5%
Related for OSV:GO-2024-2643