Bug 2400562 (CVE-2025-55191)
| Summary: | CVE-2025-55191 github.com/argoproj/argo-cd/v2: github.com/argoproj/argo-cd/v3: Argo CD race condition leading to crash | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | abarbaro, anjoseph, jchui, jhe, jprabhak, ktsao, nboldt, psrna, wtam |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A race condition has been discovered in the Argo CD GitOps tool. This race condition is located in the repository credentials handler that can cause the Argo CD server to panic and crash when concurrent operations are performed on the same repository URL. A valid API token with repositories resource permissions (create, update, or delete actions) is required to trigger the race condition.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2025-09-30 23:01:15 UTC
|