8000 x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2025-23216 · Issue #3433 · golang/vulndb · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2025-23216 #3433
New issue
New issue
Closed
Closed
x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2025-23216#3433
Labels
cve-year-2025triaged
@GoVulnBot

Description

@GoVulnBot
GoVulnBot
opened on Jan 30, 2025

Advisory CVE-2025-23216 references a vulnerability in the following Go modules:

Module
github.com/argoproj/argo-cd

Description:
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository. The vulnerability assumes the user has write access to the repository and can exploit it, either intentionally or unintentionally, by committing an invalid Secret to repository and triggering a Sync. Once exploited, any user with read access to Argo CD can view the exposed secret data. The vulnerability is fixed in v2.13.4, v2.12.10, and v2.11.13...

References:

Cross references:

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/argoproj/argo-cd
      vulnerable_at: 1.8.6
summary: CVE-2025-23216 in github.com/argoproj/argo-cd
cves:
    - CVE-2025-23216
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-23216
    - fix: https://github.com/argoproj/argo-cd/commit/6f5537bdf15ddbaa0f27a1a678632ff0743e4107
    - fix: https://github.com/argoproj/gitops-engine/commit/7e21b91e9d0f64104c8a661f3f390c5e6d73ddca
    - web: https://github.com/argoproj/argo-cd/security/advisories/GHSA-47g2-qmh2-749v
source:
    id: CVE-2025-23216
    created: 2025-01-30T17:01:22.197962218Z
review_status: UNREVIEWED

Metadata

Metadata

Assignees

No one assigned

    Labels

    cve-year-2025triaged

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0