products / argo_cd
Argo CD
Argo CD is a declarative GitOps continuous delivery tool for Kubernetes. NVD tracks it as argoproj:argo_cd with strong semver-style CPE ranges.
api usage
Querying Argo CD
product slug
argo_cdversion format
2.1.8, 2.12.0bash
curl "https://api.attestd.io/v1/check?product=argo_cd&version=2.1.8" \
-H "Authorization: Bearer $ATTESTD_KEY"2.1.8 is affected by CVE-2022-24348, a path traversal allowing unauthorized access to other applications' data from the repo-server.
json
{
"product": "argo_cd",
"version": "2.1.8",
"supported": true,
"risk_state": "high",
"risk_factors": ["information_disclosure", "patch_available"],
"actively_exploited": false,
"remote_exploitable": true,
"authentication_required": false,
"patch_available": true,
"fixed_version": "2.1.9",
"confidence": 0.88,
"cve_ids": ["CVE-2022-24348"],
"last_updated": "2026-04-25T00:00:00Z"
}safe version
2.12.0 is used as a patched-line example; verify with live API after NVD cycles.
bash
curl "https://api.attestd.io/v1/check?product=argo_cd&version=2.14.20" \
-H "Authorization: Bearer $ATTESTD_KEY"notable cves
CVE history
| CVE | Description | Affects | CVSS |
|---|---|---|---|
CVE-2022-24348 | Path traversal in repo-server leading to credential theft. | 2.1.x | 7.7 |
CVE-2022-31035 | XSS in UI under certain redirect handling. | 2.2–2.4 | 6.1 |
CVE-2022-31016 | Symlink following in repo-server checkout. | 2.2–2.4 | 6.2 |
CVE-2023-22736 | RBAC bypass for application resource access. | 2.6.x | 8.8 |
CVE-2024-21662 | Unauthenticated access to repo-server in misconfigurations. | 2.x | 9.8 |
related