Security
Headlines

Headlines Latest CVEs

Headline

GHSA-pcqx-8qww-7f4v: OpenShift GitOps authenticated attackers can obtain cluster root access through forged ArgoCD custom resources

A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources (CRs) that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged workloads that run on master nodes, effectively giving them root access to the entire cluster.

5 days ago

#git #intel #auth

Skip to content

Navigation Menu

- AI CODE CREATION
  - GitHub CopilotWrite better code with AI
  - GitHub SparkBuild and deploy intelligent apps
  - GitHub ModelsManage and compare prompts
  - MCP RegistryNewIntegrate external tools

View all features

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

GitHub Advisory Database
GitHub Reviewed
CVE-2025-13888

OpenShift GitOps authenticated attackers can obtain cluster root access through forged ArgoCD custom resources

Critical severity GitHub Reviewed Published Dec 15, 2025 to the GitHub Advisory Database • Updated Dec 16, 2025

Package

gomod github.com/redhat-developer/gitops-operator (Go)

Affected versions

<= 1.17.0-rc5

Description

Published to the GitHub Advisory Database

Dec 15, 2025

Last updated

Dec 16, 2025

EPSS score

ghsa: Latest News

GHSA-83jg-m2pm-4jxj: Cowrie has a SSRF vulnerability in wget/curl emulation enabling DDoS amplification

13 hours ago

GHSA-f43r-cc68-gpx4: External Control of File Name or Path in Langflow

1 day ago

GHSA-5993-7p27-66g5: Langflow vulnerable to Server-Side Request Forgery

1 day ago

GHSA-24v3-254g-jv85: Tuta Mail has DOM attribute and CSS injection in its Contact Viewer feature

1 day ago

GHSA-4hx9-48xh-5mxr: Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization

1 day ago