forked from wolfi-dev/advisories
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathargo-cd-2.12.advisories.yaml
137 lines (130 loc) · 3.97 KB
/
argo-cd-2.12.advisories.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
schema-version: 2.0.2
package:
name: argo-cd-2.12
advisories:
- id: CGA-59fg-fwfg-r72p
aliases:
- CVE-2024-35255
- GHSA-m5vv-6r4h-3vj9
events:
- timestamp: 2024-08-06T23:01:36Z
type: detection
data:
type: scan/v1
data:
subpackageName: argo-cd-2.12
componentID: 6649e83b9b682b57
componentName: github.com/Azure/azure-sdk-for-go/sdk/azidentity
componentVersion: v1.1.0
componentType: go-module
componentLocation: /usr/bin/argocd
scanner: grype
- timestamp: 2024-08-16T12:45:37Z
type: pending-upstream-fix
data:
note: This vulnerability requires upstream changes to upgrade a strict dependency 'github.com/Azure/kubelogin' from the current v0.0.20 version to v0.1.3 which does not contain any vulnerable code.
- id: CGA-cqgw-hf7g-vm4x
aliases:
- CVE-2024-34155
- GHSA-8xfx-rj4p-23jm
events:
- timestamp: 2024-09-10T07:12:40Z
type: detection
data:
type: scan/v1
data:
subpackageName: argo-cd-2.12
componentID: 93ba1e2cd6e62782
componentName: stdlib
componentVersion: go1.23.0
componentType: go-module
componentLocation: /usr/bin/argocd
scanner: grype
- timestamp: 2024-09-12T00:39:32Z
type: fixed
data:
fixed-version: 2.12.3-r1
- id: CGA-vh5m-4339-22x7
aliases:
- CVE-2024-51744
- GHSA-29wx-vh33-7x7r
events:
- timestamp: 2024-11-05T09:11:08Z
type: detection
data:
type: scan/v1
data:
subpackageName: argo-cd-2.12-compat
componentID: 08c5531f09b43f1b
componentName: github.com/golang-jwt/jwt/v4
componentVersion: v4.5.0
componentType: go-module
componentLocation: /usr/local/bin/argocd
scanner: grype
- id: CGA-w23p-x3vf-72hx
aliases:
- CVE-2024-5321
- GHSA-82m2-cv7p-4m75
events:
- timestamp: 2024-08-06T23:01:35Z
type: detection
data:
type: scan/v1
data:
subpackageName: argo-cd-2.12
componentID: 61c300fe1902f686
componentName: k8s.io/kubernetes
componentVersion: v1.29.6
componentType: go-module
componentLocation: /usr/bin/argocd
scanner: grype
- timestamp: 2024-08-16T12:45:19Z
type: pending-upstream-fix
data:
note: This vulnerability requires code changes in the upstream repository and an upgrade of the used Kubernetes version with potential unexpected results.
- timestamp: 2024-09-12T00:39:32Z
type: fixed
data:
fixed-version: 2.12.3-r1
- id: CGA-x55r-5fg4-3vxv
aliases:
- CVE-2024-34156
- GHSA-crqm-pwhx-j97f
events:
- timestamp: 2024-09-10T07:12:42Z
type: detection
data:
type: scan/v1
data:
subpackageName: argo-cd-2.12
componentID: 93ba1e2cd6e62782
componentName: stdlib
componentVersion: go1.23.0
componentType: go-module
componentLocation: /usr/bin/argocd
scanner: grype
- timestamp: 2024-09-12T00:39:33Z
type: fixed
data:
fixed-version: 2.12.3-r1
- id: CGA-xvph-r2q6-xwhx
aliases:
- CVE-2024-34158
- GHSA-j7vj-rw65-4v26
events:
- timestamp: 2024-09-10T07:12:43Z
type: detection
data:
type: scan/v1
data:
subpackageName: argo-cd-2.12
componentID: 93ba1e2cd6e62782
componentName: stdlib
componentVersion: go1.23.0
componentType: go-module
componentLocation: /usr/bin/argocd
scanner: grype
- timestamp: 2024-09-12T00:39:33Z
type: fixed
data:
fixed-version: 2.12.3-r1