x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: GHSA-2vgg-9h6w-m454 #2652

GoVulnBot · 2024-03-18T21:01:29Z

In GitHub Security Advisory GHSA-2vgg-9h6w-m454, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/argoproj/argo-cd	2.10.4	>= 2.10.0, < 2.10.4

Cross references:

Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-24348 #304 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-24730 #357 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-24731 #358 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-24768 #359 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: GHSA-6w87-g839-9wv7 #387 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-24904 #453 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-24905 #454 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-29165 #455 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-31016 #495 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-31034 #497 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-31035 #498 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-31036 #499 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-1025 #516 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-31102 #517 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-31105 #518 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd/util/session: GHSA-vj54-cjrx-x696 #882 NOT_IMPORTABLE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd/util/cache: GHSA-xcqr-9h24-vrgw #892 NOT_IMPORTABLE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: GHSA-6p4m-hw2h-6gmw #1512 NOT_IMPORTABLE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: GHSA-q9hr-j4rf-8fjc #1520 NOT_IMPORTABLE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2023-23947 #1577 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd/v2: GHSA-2q5c-qw9c-fmvq #1670 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: GHSA-c8xw-vjgf-94hr #2018 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2023-40029 #2049 NOT_IMPORTABLE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2023-40584 #2050 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2024-22424 #2470 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/argoproj/argo-cd
      versions:
        - introduced: 2.10.0
          fixed: 2.10.4
      packages:
        - package: github.com/argoproj/argo-cd
    - module: github.com/argoproj/argo-cd
      versions:
        - introduced: 2.9.0
          fixed: 2.9.9
      packages:
        - package: github.com/argoproj/argo-cd
    - module: github.com/argoproj/argo-cd
      versions:
        - fixed: 2.8.13
      packages:
        - package: github.com/argoproj/argo-cd
summary: Bypassing Rate Limit and Brute Force Protection Using Cache Overflow
cves:
    - CVE-2024-21662
ghsas:
    - GHSA-2vgg-9h6w-m454
references:
    - advisory: https://github.com/argoproj/argo-cd/security/advisories/GHSA-2vgg-9h6w-m454
    - advisory: https://github.com/advisories/GHSA-2vgg-9h6w-m454

The text was updated successfully, but these errors were encountered:

gopherbot · 2024-03-21T22:44:43Z

Change https://go.dev/cl/573556 mentions this issue: data/reports: add GO-2024-2652.yaml

tatianab · 2024-08-20T19:09:56Z

Review for appropriate use of alias vs related

timothy-king self-assigned this Mar 19, 2024

timothy-king mentioned this issue Mar 21, 2024

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd/v2: GHSA-x32m-mvfj-52xv #2651

Closed

gopherbot closed this as completed in ccfc322 Mar 22, 2024

GoVulnBot mentioned this issue Mar 29, 2024

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd/v2: GHSA-jhwx-mhww-rgc3 #2667

Closed

GoVulnBot mentioned this issue May 21, 2024

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: GHSA-9766-5277-j5hr #2876

Closed

tatianab reopened this Aug 20, 2024

tatianab assigned tatianab and unassigned timothy-king Aug 20, 2024

tatianab closed this as completed Aug 23, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: GHSA-2vgg-9h6w-m454 #2652

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: GHSA-2vgg-9h6w-m454 #2652

GoVulnBot commented Mar 18, 2024

gopherbot commented Mar 21, 2024

tatianab commented Aug 20, 2024

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: GHSA-2vgg-9h6w-m454 #2652

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: GHSA-2vgg-9h6w-m454 #2652

Comments

GoVulnBot commented Mar 18, 2024

gopherbot commented Mar 21, 2024

tatianab commented Aug 20, 2024