Insufficient Entropy Affecting github.com/argoproj/argo-cd/util/oidc package, versions >=0.11.0
Snyk CVSS
Attack Complexity
High
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Threat Intelligence
EPSS
0.35% (72nd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-GOLANG-GITHUBCOMARGOPROJARGOCDUTILOIDC-2933572
- published 22 Jun 2022
- disclosed 15 Jun 2022
- credit crenshaw-dev, AdamKorcz and DavidKorczynski
Introduced: 15 Jun 2022
CVE-2022-31034 Open this link in a new tabHow to fix?
There is no fixed version for github.com/argoproj/argo-cd/util/oidc
.
Overview
Affected versions of this package are vulnerable to Insufficient Entropy when an SSO
login is initiated from the CLI or UI. This is due to the use of insufficiently random values in parameters in Oauth2/OIDC
login flows.