Cyber Security News

Max severity Argo CD API flaw leaks repository credentials

BleepingComputer
Max severity Argo CD API flaw leaks repository credentials

A critical vulnerability in Argo CD allows low-permission API tokens to access and retrieve sensitive repository credentials, posing significant security risks. Major organizations rely on Argo CD for mission-critical deployments, making this flaw particularly dangerous. #CVE2025-55190 #ArgoCD #Kubernetes

Keypoints

  • The vulnerability CVE-2025-55190 affects all versions of Argo CD up to 2.13.0.
  • Argo CD API tokens with project-level get permissions can access repository credentials like usernames and passwords.
  • The flaw allows bypassing security mechanisms designed to protect sensitive credential information.
  • Attackers require a valid API token, but low-privileged users could leverage this to access confidential data.
  • Versions 3.1.2, 3.0.14, 2.14.16, and 2.13.9 fix this vulnerability, and users are advised to upgrade immediately.

Read More: https://www.bleepingcomputer.com/news/security/max-severity-argo-cd-api-flaw-leaks-repository-credentials/

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint