forked from wolfi-dev/advisories
-
Notifications
You must be signed in to change notification settings - Fork 0
/
argo-cd-2.10.advisories.yaml
141 lines (132 loc) · 3.79 KB
/
argo-cd-2.10.advisories.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
schema-version: 2.0.2
package:
name: argo-cd-2.10
advisories:
- id: CGA-2j44-w39x-mfj4
aliases:
- CVE-2023-45288
- GHSA-4v7x-pqxf-cx7m
events:
- timestamp: 2024-04-20T11:02:24Z
type: detection
data:
type: scan/v1
data:
subpackageName: argo-cd-2.10
componentID: 62b4925500852005
componentName: golang.org/x/net
componentVersion: v0.19.0
componentType: go-module
componentLocation: /usr/bin/argocd
scanner: grype
- timestamp: 2024-04-23T17:02:14Z
type: fixed
data:
fixed-version: 2.10.7-r1
- id: CGA-266g-996x-r5hq
aliases:
- CVE-2024-21652
- GHSA-x32m-mvfj-52xv
events:
- timestamp: 2024-03-19T10:19:27Z
type: fixed
data:
fixed-version: 2.10.4-r0
- id: CGA-5c7f-x484-w4h7
aliases:
- CVE-2024-24786
- GHSA-8r3f-844c-mc37
events:
- timestamp: 2024-03-14T07:20:15Z
type: detection
data:
type: scan/v1
data:
subpackageName: argo-cd-2.10
componentID: 70948ddb718ad7e5
componentName: google.golang.org/protobuf
componentVersion: v1.31.0
componentType: go-module
componentLocation: /usr/bin/argocd
scanner: grype
- timestamp: 2024-03-15T00:35:37Z
type: fixed
data:
fixed-version: 2.10.3-r1
- id: CGA-33gc-vj8r-9xwx
aliases:
- CVE-2024-28180
- GHSA-c5q2-7r4c-mv6g
events:
- timestamp: 2024-03-08T07:04:01Z
type: detection
data:
type: scan/v1
data:
subpackageName: argo-cd-2.10
componentID: 01bb87cfc9651e9f
componentName: github.com/go-jose/go-jose/v3
componentVersion: v3.0.1
componentType: go-module
componentLocation: /usr/bin/argocd
scanner: grype
- timestamp: 2024-03-08T22:43:36Z
type: fixed
data:
fixed-version: 2.10.2-r2
- id: CGA-vj6q-q3x6-mqrw
aliases:
- CVE-2024-3177
- GHSA-pxhw-596r-rwq5
events:
- timestamp: 2024-04-25T08:18:34Z
type: detection
data:
type: scan/v1
data:
subpackageName: argo-cd-2.10
componentID: 9ace5b3ed7ffe696
componentName: k8s.io/kubernetes
componentVersion: v1.26.11
componentType: go-module
componentLocation: /usr/bin/argocd
scanner: grype
- timestamp: 2024-05-06T08:51:24Z
type: pending-upstream-fix
data:
note: Any upgrade on the Kubernetes dependencies causes conflicts due to a strict dependency on github.com/argoproj/gitops-engine which supports Kubernetes v1.23 while the non-vulnerable code is on Kubernetes v1.27.13.
- id: CGA-3j7f-7v4g-h2v9
aliases:
- CVE-2024-31989
- GHSA-9766-5277-j5hr
events:
- timestamp: 2024-05-22T07:06:53Z
type: detection
data:
type: scan/v1
data:
subpackageName: argo-cd-2.10
componentID: 8f20ce86d68597f2
componentName: github.com/argoproj/argo-cd/v2
componentVersion: v2.10.9
componentType: go-module
componentLocation: /usr/bin/argocd
scanner: grype
- id: CGA-5875-cfhm-6fxh
aliases:
- CVE-2024-31990
- GHSA-2gvw-w6fj-7m3c
events:
- timestamp: 2024-04-16T07:05:25Z
type: fixed
data:
fixed-version: 2.10.7-r0
- id: CGA-5ggg-3mq8-5pfr
aliases:
- CVE-2024-32476
- GHSA-9m6p-x4h2-6frq
events:
- timestamp: 2024-04-27T09:02:19Z
type: fixed
data:
fixed-version: 2.10.8-r0