CVE-2022-41354

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-41354
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41354.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-41354
Aliases
Related
Published
2023-03-27T14:15:07.557Z
Modified
2026-04-10T04:51:19.649603Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications.

References

Affected packages

Git / github.com/argoproj/argo-cd

Affected ranges

Type
GIT
Repo
https://github.com/argoproj/argo-cd
Events
Introduced
df0e2e4015c4cff4e16c8743df9d62f5ca1bdc24
Fixed
598f79236ae4160325b37342434baef4ff95d61c
Introduced
b895da457791d56f01522796a8c3cd0f583d5d91
Fixed
84fbc930161f29ebe45a7da3b2e81ee256d119c2
Introduced
acc554f3d99010e0353b498a595844b30090556f
Fixed
5bcd846fa16e4b19d8f477de7da50ec0aef320e5
Database specific 
{
    "versions": [
        {
            "introduced": "0.5.0"
        },
        {
            "fixed": "2.4.28"
        },
        {
            "introduced": "2.5.0"
        },
        {
            "fixed": "2.5.16"
        },
        {
            "introduced": "2.6.0"
        },
        {
            "fixed": "2.6.7"
        }
    ]
}

Affected versions

v0.*
v0.5.0
v0.5.1
v0.5.2
v0.6.0
v0.6.1
v0.7.0
v0.7.1
v0.8.0
v2.*
v2.4.0
v2.4.0-rc1
v2.4.0-rc2
v2.4.0-rc3
v2.4.0-rc4
v2.4.0-rc5
v2.4.1
v2.4.10
v2.4.11
v2.4.12
v2.4.13
v2.4.14
v2.4.15
v2.4.16
v2.4.17
v2.4.18
v2.4.19
v2.4.2
v2.4.20
v2.4.21
v2.4.22
v2.4.23
v2.4.24
v2.4.25
v2.4.26
v2.4.27
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.4.7
v2.4.8
v2.4.9
v2.5.0
v2.5.1
v2.5.10
v2.5.11
v2.5.12
v2.5.13
v2.5.14
v2.5.15
v2.5.2
v2.5.3
v2.5.4
v2.5.5
v2.5.6
v2.5.7
v2.5.8
v2.5.9
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.6.6

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41354.json"