Vendor
high
threat
Argo CD Stored XSS in Application Link Annotations Enables Privilege Escalation
2 rules 1 TTPArgo CD is vulnerable to stored cross-site scripting (XSS) via manipulated application link annotations, allowing a low-privileged user to execute arbitrary JavaScript in a higher-privileged user's session, leading to privilege escalation.
Argo CD
xss
privilege-escalation
argocd
cloud
2r
1t
medium
advisory
Argo Workflows Controller Denial-of-Service via Malformed Pod Annotation
2 rules 2 TTPsA malformed `workflows.argoproj.io/pod-gc-strategy` annotation in an Argo Workflow pod can trigger an unchecked array index in the `podGCFromPod()` function, leading to a controller-wide panic and denial-of-service.
Argo Workflows
argo-workflows
denial-of-service
kubernetes
2r
2t