https://db.gcve.eu/sightings/feed 2026-04-30T20:51:23.326649+00:00 Vulnerability-Lookup info@gcve.eu python-feedgen Contains only the most 10 recent sightings. https://db.gcve.eu/sighting/15ed3a78-abf3-45aa-9dc4-1eee9a25edf8/export 2026-04-30T20:51:23.690541+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "15ed3a78-abf3-45aa-9dc4-1eee9a25edf8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-274V-MGCV-CM8J", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3500", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: GHSA-47g2-qmh2-749v\n\ud83d\udd25 CVSS Score: 5.9 (CVSS_V3)\n\ud83d\udd39 Description: ### Impact\n\nA vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository. \n\nThe vulnerability assumes the user has write access to the repository and can exploit it, either intentionally or unintentionally, by committing an invalid Secret to repository and triggering a Sync. Once exploited, any user with read access to Argo CD can view the exposed secret data.\n\n### Patches\nA patch for this vulnerability is available in the following Argo CD versions:\n- v2.13.4\n- v2.12.10\n- v2.11.13\n\n### Workarounds\nThere is no workaround other than upgrading.\n\n### References\nFixed with commit https://github.com/argoproj/argo-cd/commit/6f5537bdf15ddbaa0f27a1a678632ff0743e4107 & https://github.com/argoproj/gitops-engine/commit/7e21b91e9d0f64104c8a661f3f390c5e6d73ddca\n\n\ud83d\udccf Published: 2025-01-30T17:52:45Z\n\ud83d\udccf Modified: 2025-01-30T17:52:45Z\n\ud83d\udd17 References:\n1. https://github.com/argoproj/argo-cd/security/advisories/GHSA-47g2-qmh2-749v\n2. https://github.com/argoproj/gitops-engine/security/advisories/GHSA-274v-mgcv-cm8j\n3. https://github.com/argoproj/argo-cd/commit/6f5537bdf15ddbaa0f27a1a678632ff0743e4107\n4. https://github.com/argoproj/gitops-engine/commit/7e21b91e9d0f64104c8a661f3f390c5e6d73ddca\n5. https://github.com/argoproj/argo-cd", "creation_timestamp": "2025-01-30T18:12:25.000000Z"} 2025-01-30T18:12:25+00:00 https://db.gcve.eu/sighting/01cb136c-c762-44de-899b-db36167ecffc/export 2026-04-30T20:51:23.687862+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "01cb136c-c762-44de-899b-db36167ecffc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-274V-MGCV-CM8J", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3502", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: GHSA-274v-mgcv-cm8j\n\ud83d\udd25 CVSS Score: 5.9 (CVSS_V3)\n\ud83d\udd39 Description: ### Impact\nA vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository. \n\nThe vulnerability assumes the user has write access to the repository and can exploit it, either intentionally or unintentionally, by committing an invalid Secret to repository and triggering a Sync. Once exploited, any user with read access to Argo CD can view the exposed secret data.\n\n### Patches\nA patch for this vulnerability is available in the following Argo CD versions:\n- v2.13.4\n- v2.12.10\n- v2.11.13\n\n### Workarounds\nThere is no workaround other than upgrading.\n\n### References\nFixed with commit https://github.com/argoproj/argo-cd/commit/6f5537bdf15ddbaa0f27a1a678632ff0743e4107 & https://github.com/argoproj/gitops-engine/commit/7e21b91e9d0f64104c8a661f3f390c5e6d73ddca\n\n\ud83d\udccf Published: 2025-01-30T17:51:33Z\n\ud83d\udccf Modified: 2025-01-30T17:51:33Z\n\ud83d\udd17 References:\n1. https://github.com/argoproj/argo-cd/security/advisories/GHSA-47g2-qmh2-749v\n2. https://github.com/argoproj/gitops-engine/security/advisories/GHSA-274v-mgcv-cm8j\n3. https://github.com/argoproj/argo-cd/commit/6f5537bdf15ddbaa0f27a1a678632ff0743e4107\n4. https://github.com/argoproj/gitops-engine/commit/7e21b91e9d0f64104c8a661f3f390c5e6d73ddca\n5. https://github.com/argoproj/gitops-engine", "creation_timestamp": "2025-01-30T18:12:30.000000Z"} 2025-01-30T18:12:30+00:00