CVE-2025-23216 in argo-cd정보

요약

\~에 의해 MITRE • 2025. 01. 30.

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository. The vulnerability assumes the user has write access to the repository and can exploit it, either intentionally or unintentionally, by committing an invalid Secret to repository and triggering a Sync. Once exploited, any user with read access to Argo CD can view the exposed secret data. The vulnerability is fixed in v2.13.4, v2.12.10, and v2.11.13.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

책임이 있는

GitHub M

예약하다

2025. 01. 13.

공개

2025. 01. 30.

모더레이션

수락

항목

VDB-294128

CPE

준비됨

CWE

CWE-209 (확인됨)

CVSS

6.8 (NVD)

EPSS

0.00156

KEV

아니요

활동

매우 낮음

출처

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-23216
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-23216
CVE Details	https://www.cvedetails.com/cve/CVE-2025-23216/

◂ 이전 개요 다음 ▸

Do you need the next level of professionalism?

Upgrade your account now!