-
Notifications
You must be signed in to change notification settings - Fork 57
/
argo-cd-2.12.advisories.yaml
119 lines (113 loc) · 3.46 KB
/
argo-cd-2.12.advisories.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
schema-version: 2.0.2
package:
name: argo-cd-2.12
advisories:
- id: CGA-59fg-fwfg-r72p
aliases:
- CVE-2024-35255
- GHSA-m5vv-6r4h-3vj9
events:
- timestamp: 2024-08-06T23:01:36Z
type: detection
data:
type: scan/v1
data:
subpackageName: argo-cd-2.12
componentID: 6649e83b9b682b57
componentName: github.com/Azure/azure-sdk-for-go/sdk/azidentity
componentVersion: v1.1.0
componentType: go-module
componentLocation: /usr/bin/argocd
scanner: grype
- timestamp: 2024-08-16T12:45:37Z
type: pending-upstream-fix
data:
note: This vulnerability requires upstream changes to upgrade a strict dependency 'github.com/Azure/kubelogin' from the current v0.0.20 version to v0.1.3 which does not contain any vulnerable code.
- id: CGA-cqgw-hf7g-vm4x
aliases:
- CVE-2024-34155
- GHSA-8xfx-rj4p-23jm
events:
- timestamp: 2024-09-10T07:12:40Z
type: detection
data:
type: scan/v1
data:
subpackageName: argo-cd-2.12
componentID: 93ba1e2cd6e62782
componentName: stdlib
componentVersion: go1.23.0
componentType: go-module
componentLocation: /usr/bin/argocd
scanner: grype
- timestamp: 2024-09-12T00:39:32Z
type: fixed
data:
fixed-version: 2.12.3-r1
- id: CGA-w23p-x3vf-72hx
aliases:
- CVE-2024-5321
- GHSA-82m2-cv7p-4m75
events:
- timestamp: 2024-08-06T23:01:35Z
type: detection
data:
type: scan/v1
data:
subpackageName: argo-cd-2.12
componentID: 61c300fe1902f686
componentName: k8s.io/kubernetes
componentVersion: v1.29.6
componentType: go-module
componentLocation: /usr/bin/argocd
scanner: grype
- timestamp: 2024-08-16T12:45:19Z
type: pending-upstream-fix
data:
note: This vulnerability requires code changes in the upstream repository and an upgrade of the used Kubernetes version with potential unexpected results.
- timestamp: 2024-09-12T00:39:32Z
type: fixed
data:
fixed-version: 2.12.3-r1
- id: CGA-x55r-5fg4-3vxv
aliases:
- CVE-2024-34156
- GHSA-crqm-pwhx-j97f
events:
- timestamp: 2024-09-10T07:12:42Z
type: detection
data:
type: scan/v1
data:
subpackageName: argo-cd-2.12
componentID: 93ba1e2cd6e62782
componentName: stdlib
componentVersion: go1.23.0
componentType: go-module
componentLocation: /usr/bin/argocd
scanner: grype
- timestamp: 2024-09-12T00:39:33Z
type: fixed
data:
fixed-version: 2.12.3-r1
- id: CGA-xvph-r2q6-xwhx
aliases:
- CVE-2024-34158
- GHSA-j7vj-rw65-4v26
events:
- timestamp: 2024-09-10T07:12:43Z
type: detection
data:
type: scan/v1
data:
subpackageName: argo-cd-2.12
componentID: 93ba1e2cd6e62782
componentName: stdlib
componentVersion: go1.23.0
componentType: go-module
componentLocation: /usr/bin/argocd
scanner: grype
- timestamp: 2024-09-12T00:39:33Z
type: fixed
data:
fixed-version: 2.12.3-r1