CVE-2023-22736

Description

Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

Affected packages (3)

• Go/github.com/argoproj/argo-cdfrom 0
• Go/github.com/argoproj/argo-cd/v2>= 2.5.0-rc1, < 2.5.8
• Go/github.com/argoproj/argo-cd/v2>= 2.5.0-rc1, < 2.5.8, >= 2.6.0-rc4, < 2.6.0-rc5

CVSS scores

References (3)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-22736
• PATCHhttps://github.com/argoproj/argo-cd
• WEBhttps://github.com/argoproj/argo-cd/security/advisories/GHSA-6p4m-hw2h-6gmw