Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Major
Fix Version/s: 1.17.3, 1.18.2
Affects Version/s: 1.17.1
Component/s: ArgoCD
Labels:
- customer-bug
- triaged

Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Intelligence Requested:
Market:
Target Version:

1.17.2, 1.18.1

Severity:
Low

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of Problem

Currently, the ArgoCD server will serve files on directories, potentially exposing files unexpectedly.

Problem Reproduction

After deploying the latest version of GitOps, curl the server for the assets directory will return its files.

Reproducibility

Always

Prerequisites/Environment

Appears present in all installs of OpenShift GitOps, tested with OCP 4.18 and GitOps 1.17.0

Steps to Reproduce

Deploy OpenShift GitOps on the latest version, and curl the ArgoCD for the assets directory:
```
$ curl https://<argocd-server-url>/assets/
```

Expected Results

No results from the directory:

$ curl https://<argocd-server-url>/assets/

Actual Results

Files within the directory are displayed:

$ curl https://<argocd-server-url>/assets/
<!doctype html>
<meta name="viewport" content="width=device-width">
<pre>
<a href="favicon/">favicon/</a>
<a href="fonts/">fonts/</a>
<a href="fonts.css">fonts.css</a>
<a href="images/">images/</a>
<a href="scripts/">scripts/</a>
</pre>

Assignee:: Keith Chong

Reporter:: Jordan Bell

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2025/09/24 8:08 PM

Updated:: 2025/10/01 5:13 AM

Details

Description

Description of Problem

Problem Reproduction

Reproducibility

Prerequisites/Environment

Steps to Reproduce

Expected Results

Actual Results

Attachments

Easy Agile Planning Poker

Activity

People

Dates