Lucene search

GoogleOSV:GO-2023-1670

HistoryAug 20, 2024 - 8:29 p.m.

Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

2024-08-2020:29:17

Google

osv.dev

argo cd

unauthorized access

api enumeration

information security

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.4

Confidence

Low

JSON

Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

References

argo.com

github.com/argoproj/argo-cd/commit/3a28c8a18cc2aa84fe81492625545d25c7a90bc3

github.com/argoproj/argo-cd/releases/tag/v2.4.28

github.com/argoproj/argo-cd/releases/tag/v2.5.16

github.com/argoproj/argo-cd/releases/tag/v2.6.7

github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq

nvd.nist.gov/vuln/detail/CVE-2022-41354

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.4

Confidence

Low

JSON

Related for OSV:GO-2023-1670