Argo CD Security-Hardened Images
Security Scan 2024-10-14
Argo CD security-hardened images include precisely what is needed to run Argo CD. As a result, we build smaller-sized images with a reduced number of CVEs. By not including a package manager and inserting the needed runtime dependencies, the attack surface is significantly reduced.
Below you will find the weekly-updated security scans of Akuity's security-hardened Argo CD images compared with the open source images.
Akuity v2.12.4-distroless vs Argo CD v2.12.4
Full list of open source Argo CD vulnerabilities in this release
quay.io/akuity/argocd:v2.12.4-distroless
Vulnerabilities (0)
usr/local/bin/argocd
Vulnerabilities (1)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
stdlib | CVE-2024-34156 | HIGH | 1.22.4 | 1.22.7, 1.23.1 |
usr/local/bin/gpg-wrapper.sh
Vulnerabilities (1)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
stdlib | CVE-2024-34156 | HIGH | 1.21.13 | 1.22.7, 1.23.1 |
usr/local/bin/helm
Vulnerabilities (2)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
github.com/docker/docker | CVE-2024-41110 | CRITICAL | v25.0.5+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 |
stdlib | CVE-2024-34156 | HIGH | 1.22.4 | 1.22.7, 1.23.1 |
usr/local/bin/kustomize
Vulnerabilities (2)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
stdlib | CVE-2024-24790 | CRITICAL | 1.21.10 | 1.21.11, 1.22.4 |
stdlib | CVE-2024-34156 | HIGH | 1.21.10 | 1.22.7, 1.23.1 |
Akuity v2.11.9-distroless vs Argo CD v2.11.9
Full list of open source Argo CD vulnerabilities in this release
quay.io/akuity/argocd:v2.11.9-distroless
Vulnerabilities (0)
usr/local/bin/argocd
Vulnerabilities (3)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
github.com/cloudflare/circl | GHSA-9763-4f94-gfch | HIGH | v1.3.3 | 1.3.7 |
stdlib | CVE-2024-24790 | CRITICAL | 1.21.10 | 1.21.11, 1.22.4 |
stdlib | CVE-2024-34156 | HIGH | 1.21.10 | 1.22.7, 1.23.1 |
usr/local/bin/gpg-wrapper.sh
Vulnerabilities (1)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
stdlib | CVE-2024-34156 | HIGH | 1.21.13 | 1.22.7, 1.23.1 |
usr/local/bin/helm
Vulnerabilities (3)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
github.com/docker/docker | CVE-2024-41110 | CRITICAL | v24.0.9+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 |
stdlib | CVE-2024-24790 | CRITICAL | 1.21.9 | 1.21.11, 1.22.4 |
stdlib | CVE-2024-34156 | HIGH | 1.21.9 | 1.22.7, 1.23.1 |
usr/local/bin/kustomize
Vulnerabilities (4)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
stdlib | CVE-2024-24790 | CRITICAL | 1.20.10 | 1.21.11, 1.22.4 |
stdlib | CVE-2023-45283 | HIGH | 1.20.10 | 1.20.11, 1.21.4, 1.20.12, 1.21.5 |
stdlib | CVE-2023-45288 | HIGH | 1.20.10 | 1.21.9, 1.22.2 |
stdlib | CVE-2024-34156 | HIGH | 1.20.10 | 1.22.7, 1.23.1 |
Akuity v2.10.17-distroless vs Argo CD v2.10.17
Full list of open source Argo CD vulnerabilities in this release
quay.io/akuity/argocd:v2.10.17-distroless
Vulnerabilities (0)
usr/local/bin/argocd
Vulnerabilities (3)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
github.com/cloudflare/circl | GHSA-9763-4f94-gfch | HIGH | v1.3.3 | 1.3.7 |
stdlib | CVE-2024-24790 | CRITICAL | 1.21.10 | 1.21.11, 1.22.4 |
stdlib | CVE-2024-34156 | HIGH | 1.21.10 | 1.22.7, 1.23.1 |
usr/local/bin/gpg-wrapper.sh
Vulnerabilities (1)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
stdlib | CVE-2024-34156 | HIGH | 1.21.13 | 1.22.7, 1.23.1 |
usr/local/bin/helm
Vulnerabilities (3)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
github.com/docker/docker | CVE-2024-41110 | CRITICAL | v24.0.9+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 |
stdlib | CVE-2024-24790 | CRITICAL | 1.21.9 | 1.21.11, 1.22.4 |
stdlib | CVE-2024-34156 | HIGH | 1.21.9 | 1.22.7, 1.23.1 |
usr/local/bin/kustomize
Vulnerabilities (4)
The below table displays CRITICAL and HIGH severence vulnerabilities only
| Package | ID | Severity | Installed Version | Fixed Version |
|---|
stdlib | CVE-2024-24790 | CRITICAL | 1.20.10 | 1.21.11, 1.22.4 |
stdlib | CVE-2023-45283 | HIGH | 1.20.10 | 1.20.11, 1.21.4, 1.20.12, 1.21.5 |
stdlib | CVE-2023-45288 | HIGH | 1.20.10 | 1.21.9, 1.22.2 |
stdlib | CVE-2024-34156 | HIGH | 1.20.10 | 1.22.7, 1.23.1 |