CVE-2025-23216
MEDIUMArgoproj Argo CD < 2.11.13 - Information Disclosure
Title source: ruleDescription
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository. The vulnerability assumes the user has write access to the repository and can exploit it, either intentionally or unintentionally, by committing an invalid Secret to repository and triggering a Sync. Once exploited, any user with read access to Argo CD can view the exposed secret data. The vulnerability is fixed in v2.13.4, v2.12.10, and v2.11.13.
Scores
CVSS v3
6.8
EPSS
0.0016
EPSS Percentile
36.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-209
CWE-200
Status
published
Products (3)
argoproj/argo-cd
0Go
argoproj/argo-cd
2.13.0 - 2.13.4Go
argoproj/argo_cd
< 2.11.13
Published
Jan 30, 2025
Tracked Since
Feb 18, 2026