CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-22482

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions of Argo CD starting with v1.8.2 and prior to 2.3.13, 2.4.19, 2.5.6, and 2.6.0-rc-3 are vulnerable to an improper authorization bug causing the API to accept certain invalid tokens. OIDC providers include an `aud` (audience) claim in signed tokens. The value of that claim specifies the intended audience(s) of the token (i.e. the service or services which are meant to accept the token). Argo CD _does_ validate that the token was signed by Argo CD's configured OIDC provider. But Argo CD _does not_ validate the audience claim, so it will accept tokens that are not intended for Argo CD. If Argo CD's configured OIDC provider also serves other audiences (for example, a file storage service), then Argo CD will accept a token intended for one of those other audiences. Argo CD will grant the user privileges based on the token's `groups` claim, even though those groups were not intended to be used by Argo CD. This bug also increases the impact of a stolen token. If an attacker steals a valid token for a different audience, they can use it to access Argo CD. A patch for this vulnerability has been released in versions 2.6.0-rc3, 2.5.6, 2.4.19, and 2.3.13. There are no workarounds.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 48.2%

CVSS Severity

CVSS v3 Score 9.0

References

Products affected by CVE-2023-22482

Argoproj » Argo Cd » Version: 1.8.2

cpe:2.3:a:argoproj:argo_cd:1.8.2
Argoproj » Argo Cd » Version: 1.8.3

cpe:2.3:a:argoproj:argo_cd:1.8.3
Argoproj » Argo Cd » Version: 1.8.4

cpe:2.3:a:argoproj:argo_cd:1.8.4
Argoproj » Argo Cd » Version: 1.8.5

cpe:2.3:a:argoproj:argo_cd:1.8.5
Argoproj » Argo Cd » Version: 1.8.6

cpe:2.3:a:argoproj:argo_cd:1.8.6
Argoproj » Argo Cd » Version: 1.8.7

cpe:2.3:a:argoproj:argo_cd:1.8.7
Argoproj » Argo Cd » Version: 2.0.0

cpe:2.3:a:argoproj:argo_cd:2.0.0
Argoproj » Argo Cd » Version: 2.0.1

cpe:2.3:a:argoproj:argo_cd:2.0.1
Argoproj » Argo Cd » Version: 2.0.2

cpe:2.3:a:argoproj:argo_cd:2.0.2
Argoproj » Argo Cd » Version: 2.0.3

cpe:2.3:a:argoproj:argo_cd:2.0.3
Argoproj » Argo Cd » Version: 2.0.4

cpe:2.3:a:argoproj:argo_cd:2.0.4
Argoproj » Argo Cd » Version: 2.0.5

cpe:2.3:a:argoproj:argo_cd:2.0.5
Argoproj » Argo Cd » Version: 2.1.0

cpe:2.3:a:argoproj:argo_cd:2.1.0
Argoproj » Argo Cd » Version: 2.1.1

cpe:2.3:a:argoproj:argo_cd:2.1.1
Argoproj » Argo Cd » Version: 2.1.10

cpe:2.3:a:argoproj:argo_cd:2.1.10
Argoproj » Argo Cd » Version: 2.1.11

cpe:2.3:a:argoproj:argo_cd:2.1.11
Argoproj » Argo Cd » Version: 2.1.12

cpe:2.3:a:argoproj:argo_cd:2.1.12
Argoproj » Argo Cd » Version: 2.1.13

cpe:2.3:a:argoproj:argo_cd:2.1.13
Argoproj » Argo Cd » Version: 2.1.14

cpe:2.3:a:argoproj:argo_cd:2.1.14
Argoproj » Argo Cd » Version: 2.1.15

cpe:2.3:a:argoproj:argo_cd:2.1.15
Argoproj » Argo Cd » Version: 2.1.16

cpe:2.3:a:argoproj:argo_cd:2.1.16
Argoproj » Argo Cd » Version: 2.1.2

cpe:2.3:a:argoproj:argo_cd:2.1.2
Argoproj » Argo Cd » Version: 2.1.3

cpe:2.3:a:argoproj:argo_cd:2.1.3
Argoproj » Argo Cd » Version: 2.1.4

cpe:2.3:a:argoproj:argo_cd:2.1.4
Argoproj » Argo Cd » Version: 2.1.5

cpe:2.3:a:argoproj:argo_cd:2.1.5
Argoproj » Argo Cd » Version: 2.1.6

cpe:2.3:a:argoproj:argo_cd:2.1.6
Argoproj » Argo Cd » Version: 2.1.7

cpe:2.3:a:argoproj:argo_cd:2.1.7
Argoproj » Argo Cd » Version: 2.1.8

cpe:2.3:a:argoproj:argo_cd:2.1.8
Argoproj » Argo Cd » Version: 2.1.9

cpe:2.3:a:argoproj:argo_cd:2.1.9
Argoproj » Argo Cd » Version: 2.2.0

cpe:2.3:a:argoproj:argo_cd:2.2.0
Argoproj » Argo Cd » Version: 2.2.1

cpe:2.3:a:argoproj:argo_cd:2.2.1
Argoproj » Argo Cd » Version: 2.2.10

cpe:2.3:a:argoproj:argo_cd:2.2.10
Argoproj » Argo Cd » Version: 2.2.11

cpe:2.3:a:argoproj:argo_cd:2.2.11
Argoproj » Argo Cd » Version: 2.2.12

cpe:2.3:a:argoproj:argo_cd:2.2.12
Argoproj » Argo Cd » Version: 2.2.13

cpe:2.3:a:argoproj:argo_cd:2.2.13
Argoproj » Argo Cd » Version: 2.2.14

cpe:2.3:a:argoproj:argo_cd:2.2.14
Argoproj » Argo Cd » Version: 2.2.15

cpe:2.3:a:argoproj:argo_cd:2.2.15
Argoproj » Argo Cd » Version: 2.2.16

cpe:2.3:a:argoproj:argo_cd:2.2.16
Argoproj » Argo Cd » Version: 2.2.2

cpe:2.3:a:argoproj:argo_cd:2.2.2
Argoproj » Argo Cd » Version: 2.2.3

cpe:2.3:a:argoproj:argo_cd:2.2.3
Argoproj » Argo Cd » Version: 2.2.4

cpe:2.3:a:argoproj:argo_cd:2.2.4
Argoproj » Argo Cd » Version: 2.2.5

cpe:2.3:a:argoproj:argo_cd:2.2.5
Argoproj » Argo Cd » Version: 2.2.6

cpe:2.3:a:argoproj:argo_cd:2.2.6
Argoproj » Argo Cd » Version: 2.2.7

cpe:2.3:a:argoproj:argo_cd:2.2.7
Argoproj » Argo Cd » Version: 2.2.8

cpe:2.3:a:argoproj:argo_cd:2.2.8
Argoproj » Argo Cd » Version: 2.2.8-1

cpe:2.3:a:argoproj:argo_cd:2.2.8-1
Argoproj » Argo Cd » Version: 2.2.9

cpe:2.3:a:argoproj:argo_cd:2.2.9
Argoproj » Argo Cd » Version: 2.3.0

cpe:2.3:a:argoproj:argo_cd:2.3.0
Argoproj » Argo Cd » Version: 2.3.1

cpe:2.3:a:argoproj:argo_cd:2.3.1
Argoproj » Argo Cd » Version: 2.3.10

cpe:2.3:a:argoproj:argo_cd:2.3.10
Argoproj » Argo Cd » Version: 2.3.11

cpe:2.3:a:argoproj:argo_cd:2.3.11
Argoproj » Argo Cd » Version: 2.3.12

cpe:2.3:a:argoproj:argo_cd:2.3.12
Argoproj » Argo Cd » Version: 2.3.13

cpe:2.3:a:argoproj:argo_cd:2.3.13
Argoproj » Argo Cd » Version: 2.3.2

cpe:2.3:a:argoproj:argo_cd:2.3.2
Argoproj » Argo Cd » Version: 2.3.3

cpe:2.3:a:argoproj:argo_cd:2.3.3
Argoproj » Argo Cd » Version: 2.3.4

cpe:2.3:a:argoproj:argo_cd:2.3.4
Argoproj » Argo Cd » Version: 2.3.5

cpe:2.3:a:argoproj:argo_cd:2.3.5
Argoproj » Argo Cd » Version: 2.3.6

cpe:2.3:a:argoproj:argo_cd:2.3.6
Argoproj » Argo Cd » Version: 2.3.7

cpe:2.3:a:argoproj:argo_cd:2.3.7
Argoproj » Argo Cd » Version: 2.3.8

cpe:2.3:a:argoproj:argo_cd:2.3.8
Argoproj » Argo Cd » Version: 2.3.9

cpe:2.3:a:argoproj:argo_cd:2.3.9
Argoproj » Argo Cd » Version: 2.4.0

cpe:2.3:a:argoproj:argo_cd:2.4.0
Argoproj » Argo Cd » Version: 2.4.1

cpe:2.3:a:argoproj:argo_cd:2.4.1
Argoproj » Argo Cd » Version: 2.4.10

cpe:2.3:a:argoproj:argo_cd:2.4.10
Argoproj » Argo Cd » Version: 2.4.11

cpe:2.3:a:argoproj:argo_cd:2.4.11
Argoproj » Argo Cd » Version: 2.4.12

cpe:2.3:a:argoproj:argo_cd:2.4.12
Argoproj » Argo Cd » Version: 2.4.13

cpe:2.3:a:argoproj:argo_cd:2.4.13
Argoproj » Argo Cd » Version: 2.4.14

cpe:2.3:a:argoproj:argo_cd:2.4.14
Argoproj » Argo Cd » Version: 2.4.15

cpe:2.3:a:argoproj:argo_cd:2.4.15
Argoproj » Argo Cd » Version: 2.4.16

cpe:2.3:a:argoproj:argo_cd:2.4.16
Argoproj » Argo Cd » Version: 2.4.17

cpe:2.3:a:argoproj:argo_cd:2.4.17
Argoproj » Argo Cd » Version: 2.4.18

cpe:2.3:a:argoproj:argo_cd:2.4.18
Argoproj » Argo Cd » Version: 2.4.19

cpe:2.3:a:argoproj:argo_cd:2.4.19
Argoproj » Argo Cd » Version: 2.4.2

cpe:2.3:a:argoproj:argo_cd:2.4.2
Argoproj » Argo Cd » Version: 2.4.3

cpe:2.3:a:argoproj:argo_cd:2.4.3
Argoproj » Argo Cd » Version: 2.4.4

cpe:2.3:a:argoproj:argo_cd:2.4.4
Argoproj » Argo Cd » Version: 2.4.5

cpe:2.3:a:argoproj:argo_cd:2.4.5
Argoproj » Argo Cd » Version: 2.4.6

cpe:2.3:a:argoproj:argo_cd:2.4.6
Argoproj » Argo Cd » Version: 2.4.7

cpe:2.3:a:argoproj:argo_cd:2.4.7
Argoproj » Argo Cd » Version: 2.4.8

cpe:2.3:a:argoproj:argo_cd:2.4.8
Argoproj » Argo Cd » Version: 2.4.9

cpe:2.3:a:argoproj:argo_cd:2.4.9
Argoproj » Argo Cd » Version: 2.5.0

cpe:2.3:a:argoproj:argo_cd:2.5.0
Argoproj » Argo Cd » Version: 2.5.1

cpe:2.3:a:argoproj:argo_cd:2.5.1
Argoproj » Argo Cd » Version: 2.5.2

cpe:2.3:a:argoproj:argo_cd:2.5.2
Argoproj » Argo Cd » Version: 2.5.3

cpe:2.3:a:argoproj:argo_cd:2.5.3
Argoproj » Argo Cd » Version: 2.5.4

cpe:2.3:a:argoproj:argo_cd:2.5.4
Argoproj » Argo Cd » Version: 2.5.5

cpe:2.3:a:argoproj:argo_cd:2.5.5
Argoproj » Argo Cd » Version: 2.5.6

cpe:2.3:a:argoproj:argo_cd:2.5.6
Argoproj » Argo Cd » Version: 2.5.7

cpe:2.3:a:argoproj:argo_cd:2.5.7
Argoproj » Argo Cd » Version: 2.6.0

cpe:2.3:a:argoproj:argo_cd:2.6.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-22482

Products

Pricing

Contact Us