Lucene search
GoogleOSV:GHSA-XJ7V-C82W-92Q2HistoryMay 24, 2022 - 5:13 p.m.
Argo Exposure of Sensitive Information
2022-05-2417:13:55
Google
osv.dev
4
argo
sensitive information
authentication
api calls
git storage
EPSS
0.002
Percentile
61.1%
In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were stored within git.
References
github.com/argoproj/argo-cd
github.com/argoproj/argo-cd/blob/a1afe44066fcd0a0ab90a02a23177164bbad42cf/util/diff/diff.go#L399
github.com/argoproj/argo-cd/commit/916d4aed5775fead4ab75f47c1d352cd0e73b815
github.com/argoproj/argo-cd/issues/470
github.com/argoproj/argo-cd/pull/3088
nvd.nist.gov/vuln/detail/CVE-2018-21034
www.soluble.ai/blog/argo-cves-2020
Related
osv
osv
CVE-2018-21034
2020-04-09 17:15:12
Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
2024-08-20 20:31:38
veracode
veracode
Information Disclosure
2020-04-13 06:20:20
cvelist
cvelist
CVE-2018-21034
2020-04-09 16:18:37
github
github
Argo Exposure of Sensitive Information
2022-05-24 17:13:55
cve
cve
CVE-2018-21034
2020-04-09 17:15:12
prion
prion
Code injection
2020-04-09 17:15:00
nvd
nvd
CVE-2018-21034
2020-04-09 17:15:12