What is CVE-2022-31105?

CVE-2022-31105 is a high-severity vulnerability in Argoproj Argo-cd, classified under Improper Certificate Validation. CVSS score: 8.3/10. Published 2022-07-12.

How severe is CVE-2022-31105?

High severity. CVSS v3 base score is 8.3 out of 10.

Vulnerability in Argoproj Argo-cd

CVE-2022-31105

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.4.0 and prior to 2.2.11, 2.3.6, and 2.4.5 is vulnerable to an improper certificate validation bug which could cause Argo CD to trust…

Vulnerability class: Improper Certificate Validation

EPSS: 0.003 (48.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.3 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H.

Affected products

Argoproj Argo-cd — versions >= 0.4.0, < 2.2.11, >= 2.3.0, < 2.3.6, >= 2.4.0, < 2.4.5

Weakness classification (CWE)

References

github.com/argoproj/argo-cd/security/advisories/GHSA-7943-82jg-wmw5 (x_refsource_CONFIRM)
github.com/argoproj/argo-cd/releases/tag/v2.3.6 (x_refsource_MISC)
github.com/argoproj/argo-cd/releases/tag/v2.4.5 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-31105?: CVE-2022-31105 is a high-severity vulnerability in Argoproj Argo-cd, classified under Improper Certificate Validation. CVSS score: 8.3/10. Published 2022-07-12.
How severe is CVE-2022-31105?: High severity. CVSS v3 base score is 8.3 out of 10.