{"id":"GO-2025-3934","summary":"Argo CD's Project API Token Exposes Repository Credentials in github.com/argoproj/argo-cd","details":"Argo CD's Project API Token Exposes Repository Credentials in github.com/argoproj/argo-cd","aliases":["BIT-argo-cd-2025-55190","CVE-2025-55190","GHSA-786q-9hcg-v9ff"],"modified":"2026-03-17T05:02:32.596487Z","published":"2025-09-08T14:13:10Z","related":["CGA-hjmj-fr7v-69cc"],"database_specific":{"review_status":"UNREVIEWED","url":"https://pkg.go.dev/vuln/GO-2025-3934"},"references":[{"type":"ADVISORY","url":"https://github.com/argoproj/argo-cd/security/advisories/GHSA-786q-9hcg-v9ff"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55190"},{"type":"FIX","url":"https://github.com/argoproj/argo-cd/commit/e8f86101f5378662ae6151ce5c3a76e9141900e8"}],"affected":[{"package":{"name":"github.com/argoproj/argo-cd","ecosystem":"Go","purl":"pkg:golang/github.com/argoproj/argo-cd"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3934.json"}},{"package":{"name":"github.com/argoproj/argo-cd/v2","ecosystem":"Go","purl":"pkg:golang/github.com/argoproj/argo-cd/v2"},"ranges":[{"type":"SEMVER","events":[{"introduced":"2.13.0"},{"fixed":"2.13.9"},{"introduced":"2.14.0"},{"fixed":"2.14.16"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3934.json"}},{"package":{"name":"github.com/argoproj/argo-cd/v3","ecosystem":"Go","purl":"pkg:golang/github.com/argoproj/argo-cd/v3"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"3.0.14"},{"introduced":"3.1.0-rc1"},{"fixed":"3.1.2"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3934.json"}}],"schema_version":"1.7.5"}