Vulnerability Database
Blog
FAQ
Docs
GO-2022-0497
See a problem?
Source
https://pkg.go.dev/vuln/GO-2022-0497
Import Source
https://vuln.go.dev/ID/GO-2022-0497.json
JSON Data
https://api.osv.dev/v1/vulns/GO-2022-0497
Aliases
CVE-2022-31034
GHSA-2m7h-86qq-fp4v
Published
2024-08-21T15:11:33Z
Modified
2024-08-21T15:26:57.452148Z
Summary
Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
Details
Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
References
https://github.com/argoproj/argo-cd/security/advisories/GHSA-2m7h-86qq-fp4v
https://nvd.nist.gov/vuln/detail/CVE-2022-31034
https://github.com/argoproj/argo-cd/commit/17f7f4f462bdb233e1b9b36f67099f41052d8cb0
Affected packages
Go
/
github.com/argoproj/argo-cd
Package
Name
github.com/argoproj/argo-cd
View open source insights on deps.dev
Purl
pkg:golang/github.com/argoproj/argo-cd
Affected ranges
Type
SEMVER
Events
Introduced
0.11.0
Go
/
github.com/argoproj/argo-cd/v2
Package
Name
github.com/argoproj/argo-cd/v2
View open source insights on deps.dev
Purl
pkg:golang/github.com/argoproj/argo-cd/v2
Affected ranges
Type
SEMVER
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
2.1.16
Introduced
2.2.0
Fixed
2.2.10
Introduced
2.3.0
Fixed
2.3.5
Introduced
2.4.0
Fixed
2.4.1
GO-2022-0497 - OSV