cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-41354,https://securityvulnerability.io/vulnerability/CVE-2022-41354,Access Control Flaw in Argo CD by Argo,"An access control vulnerability in Argo CD versions up to 2.4.12 permits unauthenticated users to enumerate existing applications, potentially exposing sensitive information and application configurations. This flaw emphasizes the need for robust authentication measures to prevent unauthorized access and ensure the integrity of application data.",Linux,Argo-cd,4.3,MEDIUM,0.0007399999885819852,false,,false,false,false,,,false,false,,2023-03-27T00:00:00.000Z,0
CVE-2022-24348,https://securityvulnerability.io/vulnerability/CVE-2022-24348,Directory Traversal Vulnerability in Argo CD by Argo Project,"A directory traversal vulnerability in Argo CD enables attackers to exploit improper access controls, allowing them to traverse directories and potentially access sensitive information, such as credentials stored in YAML files. This flaw arises from an issue in the helmTemplate function within repository.go, affecting installations of Argo CD that are prior to versions 2.1.9 or 2.2.4. If successfully exploited, this vulnerability could lead to data breaches, posing significant risks to deployed applications and underlying infrastructure.",Linux,Argo-cd,7.7,HIGH,0.0008200000156648457,false,,false,false,true,2022-02-06T13:39:57.000Z,true,false,false,,2022-02-04T20:26:21.000Z,0
CVE-2021-26924,https://securityvulnerability.io/vulnerability/CVE-2021-26924,,An issue was discovered in Argo CD before 1.8.4. Browser XSS protection is not activated due to the missing XSS protection header.,Linux,Argo-cd,6.1,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2021-03-15T14:42:59.000Z,0
CVE-2021-26923,https://securityvulnerability.io/vulnerability/CVE-2021-26923,,"An issue was discovered in Argo CD before 1.8.4. Accessing the endpoint /api/version leaks internal information for the system, and this endpoint is not protected with authentication.",Linux,Argo-cd,7.5,HIGH,0.0013699999544769526,false,,false,false,false,,,false,false,,2021-03-15T14:40:02.000Z,0