CVE-2022-1025

Incorrect Authorization in go/github.com/argoproj/argo-cd/v2

Identifiers

GHSA-96jv-vj39-x4j6, CVE-2022-1025

Package Slug

go/github.com/argoproj/argo-cd/v2

Vulnerability

Incorrect Authorization

Description

All unpatched versions of Argo CD starting with v1.0.0 is vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level.

Affected Versions

All versions before 2.1.14, all versions starting from 2.2.0 before 2.2.8, all versions starting from 2.3.0 before 2.3.2

Solution

Upgrade to versions 2.1.14, 2.2.8, 2.3.2 or above.

Last Modified

2022-07-24

source