Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatcveRedhat.comRH:CVE-2023-40025
HistoryJul 31, 2024 - 8:16 a.m.

CVE-2023-40025

2024-07-3108:16:02
redhat.com
access.redhat.com
10
argo cd
flaw
expired token
websocket
sensitive information

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

AI Score

6.1

Confidence

Low

EPSS

0.001

Percentile

30.3%

JSON

A flaw was found in Argo CD. Affected versions of Argo CD have a bug where open web terminal sessions do not expire. This bug allows users to send WebSocket messages even if the token has expired. The most straightforward scenario occurs when a user opens the terminal view and leaves it open for an extended period. This flaw allows users to view sensitive information even after logging out.

Related

nvd 1
osv 4
prion 1
cvelist 1
veracode 1
cve 1
github 2
redhat 2
nvd
nvd
CVE-2023-40025
2023-08-23 20:15:08
osv
osv
CVE-2023-40025
2023-08-23 20:15:08
Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
2024-08-21 14:17:52
Argo CD web terminal session doesn't expire
2023-08-23 17:50:41
prion
prion
Design/Logic Flaw
2023-08-23 20:15:00
cvelist
cvelist
CVE-2023-40025 Argo CD web terminal session doesn't expire
2023-08-23 19:12:04
veracode
veracode
Insufficient Session Expiration
2023-08-25 02:28:41
cve
cve
CVE-2023-40025
2023-08-23 20:15:08
github
github
Argo CD web terminal session doesn't expire
2023-08-23 17:50:41
The Argo CD web terminal session does not handle the revocation of user permissions properly
2024-07-24 20:54:02
redhat
redhat
(RHSA-2024:4972) Important: Errata Advisory for Red Hat OpenShift GitOps v1.11.7 security update
2024-08-01 10:47:08
(RHSA-2024:4973) Important: Errata Advisory for Red Hat OpenShift GitOps v1.12.5 security update
2024-08-01 11:02:54

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

AI Score

6.1

Confidence

Low

EPSS

0.001

Percentile

30.3%

JSON
Related for RH:CVE-2023-40025
nvd1osv4prion1cvelist1veracode1cve1github2redhat2