CVE-2025-23216
MEDIUM6.8EPSS 0.16%Argo CD does not scrub secret values from patch errors in github.com/argoproj/argo-cd
發布日:2025/1/30修改日:2026/2/4
描述
Argo CD does not scrub secret values from patch errors in github.com/argoproj/argo-cd
受影響套件(5)
- Bitnami/argo-cdfrom 0, < 2.13.4
- Go/github.com/argoproj/argo-cdfrom 0, <= 1.8.7
- Go/github.com/argoproj/argo-cdfrom 0
- Go/github.com/argoproj/argo-cd/v2>= 2.13.0, < 2.13.4
- Go/github.com/argoproj/argo-cd/v2from 0, < 2.11.13, >= 2.12.0, < 2.12.10, >= 2.13.0, < 2.13.4
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.8 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-23216
- PATCHhttps://github.com/argoproj/argo-cd
- WEBhttps://github.com/argoproj/argo-cd/commit/6f5537bdf15ddbaa0f27a1a678632ff0743e4107
- WEBhttps://github.com/argoproj/argo-cd/security/advisories/GHSA-47g2-qmh2-749v
- WEBhttps://github.com/argoproj/gitops-engine/commit/7e21b91e9d0f64104c8a661f3f390c5e6d73ddca
- WEBhttps://github.com/argoproj/gitops-engine/security/advisories/GHSA-274v-mgcv-cm8j