DirectorySecurity Advisories
Sign In
Security Advisories

CGA-fxpp-vhvq-393r

Published

Last updated

https://images.chainguard.dev/security/CGA-fxpp-vhvq-393r
Package

argo-cd-2.11

Latest Update
Fixed
Fixed Version

2.11.13-r0

Aliases
  • CVE-2025-23216
  • GHSA-47g2-qmh2-749v

Severity

6.8

Medium

CVSS V3

Summary

Argo CD does not scrub secret values from patch errors

Description

Impact

A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository.

The vulnerability assumes the user has write access to the repository and can exploit it, either intentionally or unintentionally, by committing an invalid Secret to repository and triggering a Sync. Once exploited, any user with read access to Argo CD can view the exposed secret data.

Patches

A patch for this vulnerability is available in the following Argo CD versions:

  • v2.13.4
  • v2.12.10
  • v2.11.13

Workarounds

There is no workaround other than upgrading.

References

Fixed with commit https://github.com/argoproj/argo-cd/commit/6f5537bdf15ddbaa0f27a1a678632ff0743e4107 & https://github.com/argoproj/gitops-engine/commit/7e21b91e9d0f64104c8a661f3f390c5e6d73ddca

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsPricingOpen SourceCareersNewsroomLegal

Resources

Unchained BlogEventsTrust CenterDocumentation