How severe is CVE-2023-50726?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.4 out of 10.

What type of vulnerability is CVE-2023-50726?

This is classified as CWE-269, which is a common weakness in software security.

CVE-2023-50726

MEDIUM Year: 2023

CVSS v3 Score

6.4

Medium

Weakness Type

CWE-269

View all →

Vulnerability Description

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it allows the user to bypass any merge protections in git. An improper validation bug allows users who have `create` privileges but not `override` privileges to sync local manifests on app creation. All other restrictions, including AppProject restrictions are still enforced. The only restriction which is not enforced is that the manifests come from some approved git/Helm/OCI source. The bug was introduced in 1.2.0-rc1 when the local manifest sync feature was added. The bug has been patched in Argo CD versions 2.10.3, 2.9.8, and 2.8.12. Users are advised to upgrade. Users unable to upgrade may mitigate the risk of branch protection bypass by removing `applications, create` RBAC access. The only way to eliminate the issue without removing RBAC access is to upgrade to a patched version.

CVE-2022-46172

MEDIUM

CVSS:6.4(Medium)

authentik is an open-source Identity provider focused on flexibility and versatility. In versions prior to 2022.10.4, and 2022.11.4, any authenticated user can create an arbitrary number of accounts t...

CWE-2692022

CVE-2024-25990

MEDIUM

CVSS:6.4(Medium)

In pktproc_perftest_gen_rx_packet_sktbuf_mode of link_rx_pktproc.c, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execut...

CWE-2692024

CVE-2024-41949

MEDIUM

CVSS:6.4(Medium)

biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token ...

CWE-2692024

CVE-2025-22621

MEDIUM

CVSS:6.4(Medium)

In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the `admin_all_objects` capability to the `splunk_app_soar` role. This addition could ...

CWE-2692025

CVE-2013-2625

MEDIUM

CVSS:6.5(Medium)

An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking ...

CWE-2692013

CVE-2015-5071

MEDIUM

CVSS:6.5(Medium)

AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary files via the __report parameter of t...

CWE-2692015

CVE-2023-50726

Vulnerability Description

Related Vulnerabilities

CVE-2022-46172

CVE-2024-25990

CVE-2024-41949

CVE-2025-22621

CVE-2013-2625

CVE-2015-5071