-
Notifications
You must be signed in to change notification settings - Fork 60
/
argo-cd-2.11.advisories.yaml
134 lines (126 loc) · 4.06 KB
/
argo-cd-2.11.advisories.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
schema-version: 2.0.2
package:
name: argo-cd-2.11
advisories:
- id: CGA-3p4m-43fq-9wcj
aliases:
- CVE-2024-31989
- GHSA-9766-5277-j5hr
events:
- timestamp: 2024-05-22T09:28:07Z
type: fixed
data:
fixed-version: 2.11.1-r0
- id: CGA-7jjf-w6c7-6c3h
aliases:
- CVE-2024-35255
- GHSA-m5vv-6r4h-3vj9
events:
- timestamp: 2024-06-12T07:15:26Z
type: detection
data:
type: scan/v1
data:
subpackageName: argo-cd-2.11
componentID: 7bb65defce74b22c
componentName: github.com/Azure/azure-sdk-for-go/sdk/azidentity
componentVersion: v1.1.0
componentType: go-module
componentLocation: /usr/bin/argocd
scanner: grype
- timestamp: 2024-06-27T01:35:56Z
type: pending-upstream-fix
data:
note: This vulnerability requires upstream changes to upgrade a strict dependency 'github.com/Azure/kubelogin' from the current v0.0.20 version to v0.1.3 which does not contain any vulnerable code.
- id: CGA-85j3-qgpc-pc4f
aliases:
- CVE-2024-40634
- GHSA-jmvp-698c-4x3w
events:
- timestamp: 2024-07-23T09:28:00Z
type: fixed
data:
fixed-version: 2.11.6-r0
- id: CGA-8x39-9j48-5wcw
aliases:
- CVE-2024-6104
- GHSA-v6v8-xj6m-xwqh
events:
- timestamp: 2024-06-25T07:05:44Z
type: detection
data:
type: scan/v1
data:
subpackageName: argo-cd-2.11
componentID: 6b5d20c11cef20fb
componentName: github.com/hashicorp/go-retryablehttp
componentVersion: v0.7.4
componentType: go-module
componentLocation: /usr/bin/argocd
scanner: grype
- timestamp: 2024-06-26T21:39:47Z
type: fixed
data:
fixed-version: 2.11.3-r1
- id: CGA-gh74-cvjm-rgxp
aliases:
- CVE-2024-3177
- GHSA-pxhw-596r-rwq5
events:
- timestamp: 2024-05-13T21:15:53Z
type: detection
data:
type: scan/v1
data:
subpackageName: argo-cd-2.11
componentID: 72104acd8274410c
componentName: k8s.io/kubernetes
componentVersion: v1.26.11
componentType: go-module
componentLocation: /usr/bin/argocd
scanner: grype
- timestamp: 2024-05-16T14:35:56Z
type: pending-upstream-fix
data:
note: Any upgrade on the Kubernetes dependencies causes conflicts due to a strict dependency on github.com/argoproj/gitops-engine which supports Kubernetes v1.23 while the non-vulnerable code is on Kubernetes v1.27.13.
- id: CGA-mjhh-6qj8-p5gj
aliases:
- CVE-2024-5321
- GHSA-82m2-cv7p-4m75
events:
- timestamp: 2024-07-19T07:05:14Z
type: detection
data:
type: scan/v1
data:
subpackageName: argo-cd-2.11
componentID: 3226efae9ba98fa4
componentName: k8s.io/kubernetes
componentVersion: v1.26.11
componentType: go-module
componentLocation: /usr/bin/argocd
scanner: grype
- timestamp: 2024-07-25T16:45:06Z
type: pending-upstream-fix
data:
note: Any upgrade on the Kubernetes dependencies causes conflicts due to a strict dependency on github.com/argoproj/gitops-engine which supports Kubernetes v1.23 while the non-vulnerable code is on Kubernetes v1.27.16.
- id: CGA-w6mf-rxg5-j7gh
aliases:
- GHSA-mh55-gqvf-xfwm
events:
- timestamp: 2024-07-06T08:07:12Z
type: detection
data:
type: scan/v1
data:
subpackageName: argo-cd-2.11
componentID: 6e7965b9739267b9
componentName: github.com/rs/cors
componentVersion: v1.9.0
componentType: go-module
componentLocation: /usr/bin/argocd
scanner: grype
- timestamp: 2024-07-06T09:16:26Z
type: fixed
data:
fixed-version: 2.11.4-r2