Argo CD Security-Hardened Images
Security Scan 2024-07-22
Argo CD security-hardened images include precisely what is needed to run Argo CD. As a result, we build smaller-sized images with a reduced number of CVEs. By not including a package manager and inserting the needed runtime dependencies, the attack surface is significantly reduced.
Below you will find the weekly-updated security scans of Akuity's security-hardened Argo CD images compared with the open source images.
Akuity v2.11.5-distroless vs Argo CD v2.11.5
Full list of open source Argo CD vulnerabilities in this release
quay.io/akuity/argocd:v2.11.5-distroless
Vulnerabilities (0)
usr/local/bin/argocd
Vulnerabilities (2)
The below table displays CRITICAL and HIGH severence vulnerabilities only
Package | ID | Severity | Installed Version | Fixed Version |
---|
github.com/cloudflare/circl | GHSA-9763-4f94-gfch | HIGH | v1.3.3 | 1.3.7 |
stdlib | CVE-2024-24790 | CRITICAL | 1.21.10 | 1.21.11, 1.22.4 |
usr/local/bin/helm
Vulnerabilities (1)
The below table displays CRITICAL and HIGH severence vulnerabilities only
Package | ID | Severity | Installed Version | Fixed Version |
---|
stdlib | CVE-2024-24790 | CRITICAL | 1.21.9 | 1.21.11, 1.22.4 |
usr/local/bin/kustomize
Vulnerabilities (3)
The below table displays CRITICAL and HIGH severence vulnerabilities only
Package | ID | Severity | Installed Version | Fixed Version |
---|
stdlib | CVE-2024-24790 | CRITICAL | 1.20.10 | 1.21.11, 1.22.4 |
stdlib | CVE-2023-45283 | HIGH | 1.20.10 | 1.20.11, 1.21.4, 1.20.12, 1.21.5 |
stdlib | CVE-2023-45288 | HIGH | 1.20.10 | 1.21.9, 1.22.2 |
Akuity v2.10.14-distroless vs Argo CD v2.10.14
Full list of open source Argo CD vulnerabilities in this release
quay.io/akuity/argocd:v2.10.14-distroless
Vulnerabilities (0)
usr/local/bin/argocd
Vulnerabilities (2)
The below table displays CRITICAL and HIGH severence vulnerabilities only
Package | ID | Severity | Installed Version | Fixed Version |
---|
github.com/cloudflare/circl | GHSA-9763-4f94-gfch | HIGH | v1.3.3 | 1.3.7 |
stdlib | CVE-2024-24790 | CRITICAL | 1.21.10 | 1.21.11, 1.22.4 |
usr/local/bin/helm
Vulnerabilities (1)
The below table displays CRITICAL and HIGH severence vulnerabilities only
Package | ID | Severity | Installed Version | Fixed Version |
---|
stdlib | CVE-2024-24790 | CRITICAL | 1.21.9 | 1.21.11, 1.22.4 |
usr/local/bin/kustomize
Vulnerabilities (3)
The below table displays CRITICAL and HIGH severence vulnerabilities only
Package | ID | Severity | Installed Version | Fixed Version |
---|
stdlib | CVE-2024-24790 | CRITICAL | 1.20.10 | 1.21.11, 1.22.4 |
stdlib | CVE-2023-45283 | HIGH | 1.20.10 | 1.20.11, 1.21.4, 1.20.12, 1.21.5 |
stdlib | CVE-2023-45288 | HIGH | 1.20.10 | 1.21.9, 1.22.2 |
Akuity v2.9.19-distroless vs Argo CD v2.9.19
Full list of open source Argo CD vulnerabilities in this release
quay.io/akuity/argocd:v2.9.19-distroless
Vulnerabilities (0)
usr/local/bin/argocd
Vulnerabilities (5)
The below table displays CRITICAL and HIGH severence vulnerabilities only
Package | ID | Severity | Installed Version | Fixed Version |
---|
github.com/cloudflare/circl | GHSA-9763-4f94-gfch | HIGH | v1.3.3 | 1.3.7 |
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc | CVE-2023-47108 | HIGH | v0.42.0 | 0.46.0 |
google.golang.org/grpc | GHSA-m425-mq94-257g | HIGH | v1.56.2 | 1.56.3, 1.57.1, 1.58.3 |
k8s.io/kubernetes | CVE-2023-5528 | HIGH | v1.24.17 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 |
stdlib | CVE-2024-24790 | CRITICAL | 1.21.10 | 1.21.11, 1.22.4 |
usr/local/bin/helm
Vulnerabilities (3)
The below table displays CRITICAL and HIGH severence vulnerabilities only
Package | ID | Severity | Installed Version | Fixed Version |
---|
stdlib | CVE-2024-24790 | CRITICAL | 1.20.10 | 1.21.11, 1.22.4 |
stdlib | CVE-2023-45283 | HIGH | 1.20.10 | 1.20.11, 1.21.4, 1.20.12, 1.21.5 |
stdlib | CVE-2023-45288 | HIGH | 1.20.10 | 1.21.9, 1.22.2 |
usr/local/bin/kustomize
Vulnerabilities (3)
The below table displays CRITICAL and HIGH severence vulnerabilities only
Package | ID | Severity | Installed Version | Fixed Version |
---|
stdlib | CVE-2024-24790 | CRITICAL | 1.20.10 | 1.21.11, 1.22.4 |
stdlib | CVE-2023-45283 | HIGH | 1.20.10 | 1.20.11, 1.21.4, 1.20.12, 1.21.5 |
stdlib | CVE-2023-45288 | HIGH | 1.20.10 | 1.21.9, 1.22.2 |