CVE-2025-23216

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-23216

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-23216.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-23216

Aliases

Downstream

SUSE-SU-2025:0429-1

openSUSE-SU-2025:14732-1

Related

Published

2025-01-30T15:30:05.405Z

Modified

2026-03-14T12:42:13.034997Z

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N CVSS Calculator

Summary

Argo CD does not scrub secret values from patch errors

Details

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository. The vulnerability assumes the user has write access to the repository and can exploit it, either intentionally or unintentionally, by committing an invalid Secret to repository and triggering a Sync. Once exploited, any user with read access to Argo CD can view the exposed secret data. The vulnerability is fixed in v2.13.4, v2.12.10, and v2.11.13.

Database specific

{
    "cwe_ids": [
        "CWE-200",
        "CWE-209"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/23xxx/CVE-2025-23216.json"
}

References

Affected packages

Git / github.com/argoproj/argo-cd

Affected ranges

Type

GIT

Repo

https://github.com/argoproj/argo-cd

Events

Introduced

347f221adba5599ef4d5f12ee572b2c17d01db4d

Fixed

102853d31a22e2031ad76bdc0b673d61c7c2cd89

Database specific

{
    "versions": [
        {
            "introduced": "2.13.0"
        },
        {
            "fixed": "2.13.4"
        }
    ]
}

Type

GIT

Repo

https://github.com/argoproj/argo-cd

Events

Introduced

ec30a48bce7a60046836e481cd2160e28c59231d

Fixed

6c2db334e9540279717c9dd91dda5a93cd466cfe

Database specific

{
    "versions": [
        {
            "introduced": "2.12.0"
        },
        {
            "fixed": "2.12.10"
        }
    ]
}

Type

GIT

Repo

https://github.com/argoproj/argo-cd

Events

Introduced

Fixed

bc51fa16de64271ba7aa973af94479e87b579899

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.11.13"
        }
    ]
}

Affected versions

v0.*

v0.1.0

v0.2.0

v0.3.0

v0.3.1

v0.3.2

v0.3.3

v0.4.0

v0.4.0-alpha1

v0.4.1

v0.4.2

v0.4.3

v0.4.4

v0.4.5

v0.5.0

v0.5.1

v0.5.2

v0.6.0

v0.6.1

v0.7.0

v0.7.1

v0.8.0

v2.*

v2.11.0

v2.11.0-rc1

v2.11.0-rc2

v2.11.0-rc3

v2.11.1

v2.11.10

v2.11.11

v2.11.12

v2.11.2

v2.11.3

v2.11.4

v2.11.5

v2.11.6

v2.11.7

v2.11.8

v2.11.9

v2.12.0

v2.12.1

v2.12.2

v2.12.3

v2.12.4

v2.12.5

v2.12.6

v2.12.7

v2.12.8

v2.12.9

v2.13.0

v2.13.1

v2.13.2

v2.13.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-23216.json"

Git / github.com/argoproj/gitops-engine

Affected ranges

Type: GIT
Repo: https://github.com/argoproj/gitops-engine
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7e21b91e9d0f64104c8a661f3f390c5e6d73ddca

Affected versions

v0.*

v0.1.0

v0.1.1

v0.1.2

v0.2.0

v0.3.0

v0.4.0

v0.5.0

v0.6.0

v0.7.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-23216.json"