x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: GHSA-9766-5277-j5hr #2876

GoVulnBot · 2024-05-21T19:01:34Z

In GitHub Security Advisory GHSA-9766-5277-j5hr, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/argoproj/argo-cd		<= 1.8.7

Cross references:

Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-24348 #304 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-24730 #357 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-24731 #358 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-24768 #359 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: GHSA-6w87-g839-9wv7 #387 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-24904 #453 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-24905 #454 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-29165 #455 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-31016 #495 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-31034 #497 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-31035 #498 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-31036 #499 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-1025 #516 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-31102 #517 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-31105 #518 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd/v2 appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd/v2: GHSA-qq5v-f4c3-395c #869 NOT_IMPORTABLE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd/util/session: GHSA-vj54-cjrx-x696 #882 NOT_IMPORTABLE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd/util/cache: GHSA-xcqr-9h24-vrgw #892 NOT_IMPORTABLE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: GHSA-6p4m-hw2h-6gmw #1512 NOT_IMPORTABLE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: GHSA-q9hr-j4rf-8fjc #1520 NOT_IMPORTABLE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2023-23947 #1577 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd/v2: GHSA-2q5c-qw9c-fmvq #1670 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd/v2 appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd/v2: GHSA-2q5c-qw9c-fmvq #1670 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd/v2 appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd/v2: GHSA-xj7v-c82w-92q2 #1952 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: GHSA-c8xw-vjgf-94hr #2018 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2023-40029 #2049 NOT_IMPORTABLE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2023-40584 #2050 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd/v2 appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd/v2: GHSA-6jqw-jwf5-rp8h #2085 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2024-22424 #2470 EFFECTIVELY_PRIVATE
Module github.com/argoproj/argo-cd/v2 appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2023-25163 #1548
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd/v2: GHSA-g623-jcgg-mhmm #2643
Module github.com/argoproj/argo-cd/v2 appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd/v2: GHSA-g623-jcgg-mhmm #2643
Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd/v2: GHSA-jwv5-8mqv-g387 #2646
Module github.com/argoproj/argo-cd/v2 appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd/v2: GHSA-jwv5-8mqv-g387 #2646
Module github.com/argoproj/argo-cd/v2 appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: GHSA-2vgg-9h6w-m454 #2652
Module github.com/argoproj/argo-cd/v2 appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: GHSA-6v85-wr92-q4p7 #2654
Module github.com/argoproj/argo-cd/v2 appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd/v2: GHSA-jhwx-mhww-rgc3 #2667

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/argoproj/argo-cd
      non_go_versions:
        - {}
      vulnerable_at: 1.8.6
      packages:
        - package: github.com/argoproj/argo-cd
    - module: github.com/argoproj/argo-cd
      non_go_versions:
        - fixed: 2.8.19
      vulnerable_at: 1.8.6
      packages:
        - package: github.com/argoproj/argo-cd/v2
    - module: github.com/argoproj/argo-cd/v2
      versions:
        - introduced: 2.9.0-rc1
          fixed: 2.9.15
        - introduced: 2.10.0-rc1
          fixed: 2.10.10
        - introduced: 2.11.0-rc1
          fixed: 2.11.1
      vulnerable_at: 2.11.0
      packages:
        - package: github.com/argoproj/argo-cd/v2
summary: |-
    ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis
    Cache in github.com/argoproj/argo-cd
cves:
    - CVE-2024-31989
ghsas:
    - GHSA-9766-5277-j5hr
references:
    - advisory: https://github.com/advisories/GHSA-9766-5277-j5hr
    - advisory: https://github.com/argoproj/argo-cd/security/advisories/GHSA-9766-5277-j5hr
    - fix: https://github.com/argoproj/argo-cd/commit/2de0ceade243039c120c28374016c04ff9590d1d
    - fix: https://github.com/argoproj/argo-cd/commit/35a7d6c7fa1534aceba763d6a68697f36c12e678
    - fix: https://github.com/argoproj/argo-cd/commit/4e2fe302c3352a0012ecbe7f03476b0e07f7fc6c
    - fix: https://github.com/argoproj/argo-cd/commit/53570cbd143bced49d4376d6e31bd9c7bd2659ff
    - fix: https://github.com/argoproj/argo-cd/commit/6ef7b62a0f67e74b4aac2aee31c98ae49dd95d12
    - fix: https://github.com/argoproj/argo-cd/commit/9552034a80070a93a161bfa330359585f3b85f07
    - fix: https://github.com/argoproj/argo-cd/commit/bdd889d43969ba738ddd15e1f674d27964048994
    - fix: https://github.com/argoproj/argo-cd/commit/f1a449e83ee73f8f14d441563b6a31b504f8d8b0
source:
    id: GHSA-9766-5277-j5hr
    created: 2024-05-21T19:01:33.911074972Z
review_status: UNREVIEWED

The text was updated successfully, but these errors were encountered:

tatianab · 2024-06-05T18:41:31Z

Duplicate of #2877

tatianab added the possible duplicate label May 22, 2024

tatianab marked this as a duplicate of #2877 Jun 5, 2024

tatianab closed this as completed Jun 5, 2024

tatianab added duplicate and removed possible duplicate labels Jun 5, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: GHSA-9766-5277-j5hr #2876

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: GHSA-9766-5277-j5hr #2876

GoVulnBot commented May 21, 2024

tatianab commented Jun 5, 2024

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: GHSA-9766-5277-j5hr #2876

x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: GHSA-9766-5277-j5hr #2876

Comments

GoVulnBot commented May 21, 2024

tatianab commented Jun 5, 2024