GHSA-96jv-vj39-x4j6, CVE-2022-1025
go/github.com/argoproj/argo-cd/v2
Incorrect Authorization
All unpatched versions of Argo CD starting with v1.0.0 is vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level.
All versions before 2.1.14, all versions starting from 2.2.0 before 2.2.8, all versions starting from 2.3.0 before 2.3.2
Upgrade to versions 2.1.14, 2.2.8, 2.3.2 or above.
2022-07-24
source |