CVE-2022-31035 Argo CD v1.0.0 is vulnerable to a cross-site scripting bug allowing a malicious user to inject a `javascript:` link.

CVE-2022-31035 Argo CD v1.0.0 is vulnerable to a cross-site scripting bug allowing a malicious user to inject a `javascript:` link.

If you are using Argo CD 1.0.0 or Argo CD 2.4.1, you must upgrade to one of the patched versions immediately. If you are using Argo CD 2.3.5 or older, you should patch Argo CD immediately. If you are using Argo CD 2.2.10 or older, you should patch Argo CD immediately.

What is Argo CD?

Argo CD is a system for web-based content delivery and publishing. It has been used by a number of institutions, including The Vatican, the United Nations, The British Museum, and Harvard University. Users can upload their own content to Argo CD and then use it to publish websites or blogs in seconds.

How do I patch the Argo CD?

How to patch the Argo CD
Download the patch for your version of Argo CD. Run the file with any tool that can run programs from a disk image, such as 7-Zip or WinRAR. It will patch your Argo CD and update it to one of the patched versions.
If you have a newer version of Argo CD, then follow these steps:
You must use one
Older versions: Patching is required only if you are using ArgoCD 2.3.5 or older

What you should know?

Argo CD is a commercial software for creating digital copies of paper documents. It's been around since 2006, and it has been used by many organizations to produce digital copies of their paper documents for archiving or for compliance purposes. Recently, Argo CD was found to have a critical vulnerability that allows attackers to read the memory from the computer that's running the software.
The security flaw affects all versions of Argo CD and was discovered by Vulnerability Lab researcher Donato Ferrante.

Affected versions

Argo CD 2.3.5 and older
Argo CD 1.0.0 and older
Argo CD 2.4.1 and older
How to Patch Argo CD
To patch Argo CD, please follow these steps:
1) Close all installations of Argo CD on your computer;
2) Download the patched version from our website;  
3) Unzip the downloaded file (Argo_CD_2.4_PATCHED);  
4) Install the downloaded patched version without running any other installation instructions from the package;  
5) Run "setup-arogcd" again for installation as administrator to install the latest drivers if you have problems with installing it step 4

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe