{ "schema_version": "1.3.1", "id": "GO-2022-0454", "modified": "0001-01-01T00:00:00Z", "published": "0001-01-01T00:00:00Z", "aliases": [ "CVE-2022-24905", "GHSA-xmg8-99r8-jc2j" ], "summary": "Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd", "details": "Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd", "affected": [ { "package": { "name": "github.com/argoproj/argo-cd", "ecosystem": "Go" }, "ranges": [ { "type": "SEMVER", "events": [ { "introduced": "0" } ] } ], "ecosystem_specific": {} }, { "package": { "name": "github.com/argoproj/argo-cd/v2", "ecosystem": "Go" }, "ranges": [ { "type": "SEMVER", "events": [ { "introduced": "2.0.0" }, { "fixed": "2.1.15" }, { "introduced": "2.2.0" }, { "fixed": "2.2.9" }, { "introduced": "2.3.0" }, { "fixed": "2.3.4" } ] } ], "ecosystem_specific": {} } ], "references": [ { "type": "ADVISORY", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-xmg8-99r8-jc2j" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24905" }, { "type": "WEB", "url": "https://github.com/argoproj/argo-cd/releases/tag/v2.1.15" }, { "type": "WEB", "url": "https://github.com/argoproj/argo-cd/releases/tag/v2.2.9" }, { "type": "WEB", "url": "https://github.com/argoproj/argo-cd/releases/tag/v2.3.4" } ], "database_specific": { "url": "https://pkg.go.dev/vuln/GO-2022-0454", "review_status": "UNREVIEWED" } }