CVE-2025-47933

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-47933
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-47933.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-47933
Aliases
Related
Published
2025-05-29T20:15:27Z
Modified
2025-05-31T06:27:09.890132Z
Downstream
Summary
[none]
Details

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacker can perform arbitrary actions on behalf of the victim via the API. Due to the improper filtering of URL protocols in the repository page, an attacker can achieve cross-site scripting with permission to edit the repository. This issue has been patched in versions 2.13.8, 2.14.13, and 3.0.4.

References

Affected packages

Git / github.com/argoproj/argo-cd

Affected ranges

Type
GIT
Repo
https://github.com/argoproj/argo-cd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a5b4041a79c54bc7b3d090805d070bcdb9a9e4d1

Affected versions

v0.*

v0.1.0
v0.2.0
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.4.0
v0.4.0-alpha1
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.4.5
v0.5.0
v0.5.1
v0.5.2
v0.6.0
v0.6.1
v0.7.0
v0.7.1
v0.8.0