forked from wolfi-dev/advisories
-
Notifications
You must be signed in to change notification settings - Fork 0
/
argo-cd-2.9.advisories.yaml
118 lines (108 loc) · 3.01 KB
/
argo-cd-2.9.advisories.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
schema-version: 2.0.2
package:
name: argo-cd-2.9
advisories:
- id: CGA-w344-7qr4-66mr
aliases:
- CVE-2021-25743
- GHSA-f9jg-8p32-2f55
events:
- timestamp: 2023-11-28T13:21:30Z
type: false-positive-determination
data:
type: vulnerable-code-not-included-in-package
note: The vulnerable code is specific to kubectl.
- id: CGA-27rm-q66p-qvmc
aliases:
- CVE-2023-46402
- GHSA-3f2q-6294-fmq5
events:
- timestamp: 2023-12-03T14:31:28Z
type: fixed
data:
fixed-version: 2.9.3-r1
- id: CGA-p9gj-9f4f-q6m5
aliases:
- CVE-2023-47108
- GHSA-8pgv-569h-w5rw
events:
- timestamp: 2023-11-28T13:20:25Z
type: fixed
data:
fixed-version: 2.9.2-r1
- id: CGA-v7gm-gqfj-8cc7
aliases:
- CVE-2023-48795
- GHSA-45x7-px36-x8w8
events:
- timestamp: 2023-12-19T18:23:00Z
type: fixed
data:
fixed-version: 2.9.3-r4
- id: CGA-3649-h3j9-rvx6
aliases:
- CVE-2023-49568
- GHSA-mw99-9chc-xw7r
events:
- timestamp: 2023-12-28T17:55:02Z
type: fixed
data:
fixed-version: 2.9.3-r5
- id: CGA-vx54-68rp-7838
aliases:
- CVE-2023-5528
- GHSA-hq6q-c2x6-hmch
events:
- timestamp: 2023-11-28T13:20:36Z
type: false-positive-determination
data:
type: vulnerable-code-not-included-in-package
note: This vulnerability affects the Kubernetes application, not the golang k8s.io/kubernetes library. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.
- id: CGA-7g7c-22jg-fj99
aliases:
- GHSA-2c7c-3mj9-8fqh
events:
- timestamp: 2023-11-28T13:25:42Z
type: fixed
data:
fixed-version: 2.9.2-r1
- id: CGA-ch79-8wjv-h735
aliases:
- GHSA-9763-4f94-gfch
events:
- timestamp: 2024-01-12T07:23:12Z
type: detection
data:
type: scan/v1
data:
subpackageName: argo-cd-2.9
componentID: e7a3d85fdb2480cf
componentName: github.com/cloudflare/circl
componentVersion: v1.3.3
componentType: go-module
componentLocation: /usr/bin/argocd
scanner: grype
- timestamp: 2024-01-19T12:21:46Z
type: fixed
data:
fixed-version: 2.9.4-r0
- id: CGA-77r3-vmhh-vf5x
aliases:
- GHSA-c5q2-7r4c-mv6g
events:
- timestamp: 2024-03-08T07:08:06Z
type: detection
data:
type: scan/v1
data:
subpackageName: argo-cd-2.9-compat
componentID: 3400637b92540817
componentName: github.com/go-jose/go-jose/v3
componentVersion: v3.0.1
componentType: go-module
componentLocation: /usr/local/bin/argocd
scanner: grype
- timestamp: 2024-03-08T10:56:42Z
type: fixed
data:
fixed-version: 2.9.7-r2