1462 matches found
CVE-2021-23135
Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. This issue affects Argo CD 1.8 versions prior to 1.8.7; 1.7 versions prior to 1.7.14...
Design/Logic Flaw
Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. This issue affects Argo CD 1.8 versions prior to 1.8.7; 1.7 versions prior to 1.7.14...
CVE-2021-23135
CVE-2021-23135 describes an information-disclosure vulnerability in the Argo CD web UI where system data can be leaked into error messages and logs due to exposure to an unauthorized control sphere. Affected: Argo CD versions 1.8.0–1.8.6 and 1.7.0–1.7.13. Impact: potential leakage of secrets via ...
CVE-2021-23135 Argo CD leaked secret data into error messages and logs on invalid edits via UI
Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. This issue affects Argo CD 1.8 versions prior to 1.8.7; 1.7 versions prior to 1.7.14...
Argo 信息泄露漏洞
Argo is an open source container native workflow engine. A security vulnerability exists in Argo CD. The vulnerability stems from the exposure of system data in the program's Web UI to an unauthorized Control Sphere exploit, which could allow an attacker to leak confidential data leading to leaks...
PT-2021-15388 · Argo Cd · Argo Cd
Name of the Vulnerable Software and Affected Versions: Argo CD versions 1.8.0 through 1.8.6 Argo CD versions 1.7.0 through 1.7.13 Description: The issue allows an attacker to cause leaked secret data into web UI error messages and logs due to exposure of system data to an unauthorized control...
Information Disclosure
github.com/argoproj/argo-cd is vulnerable to information disclosure. The vulnerability exists due to the endpoint not protected with authentication...
CVE-2021-26923
An issue was discovered in Argo CD before 1.8.4. Accessing the endpoint /api/version leaks internal information for the system, and this endpoint is not protected with authentication...
CVE-2021-26923
An issue was discovered in Argo CD before 1.8.4. Accessing the endpoint /api/version leaks internal information for the system, and this endpoint is not protected with authentication...
CVE-2021-26924
An issue was discovered in Argo CD before 1.8.4. Browser XSS protection is not activated due to the missing XSS protection header...
CVE-2021-26924
An issue was discovered in Argo CD before 1.8.4. Browser XSS protection is not activated due to the missing XSS protection header...
Authentication flaw
An issue was discovered in Argo CD before 1.8.4. Accessing the endpoint /api/version leaks internal information for the system, and this endpoint is not protected with authentication...
Cross site scripting
An issue was discovered in Argo CD before 1.8.4. Browser XSS protection is not activated due to the missing XSS protection header...
CVE-2021-26924
Argo CD
CVE-2021-26924
An issue was discovered in Argo CD before 1.8.4. Browser XSS protection is not activated due to the missing XSS protection header...
CVE-2021-26923
An issue was discovered in Argo CD before 1.8.4. Accessing the endpoint /api/version leaks internal information for the system, and this endpoint is not protected with authentication...
CVE-2021-26923
CVE-2021-26923 affects Argo CD versions prior to 1.8.4. The vulnerability stems from the unauthenticated /api/version endpoint which leaks internal system information. This information disclosure is the described impact, with access not guarded by authentication. Affected software is Argo CD, pri...
Argo 跨站脚本漏洞
Argo is an open source container-native workflow engine. A security vulnerability exists in Argo that stems from a missing cross-site protection header that results in the browser's cross-site protection not being activated...
PT-2021-17178 · Argo Cd · Argo Cd
Name of the Vulnerable Software and Affected Versions: Argo CD versions prior to 1.8.4 Description: An issue in Argo CD allows accessing the "api/version" endpoint, which leaks internal system information. This endpoint is not protected with authentication. Recommendations: For versions prior to...
Argo 信息泄露漏洞
Argo is an open source container native workflow engine. An information disclosure vulnerability exists in Argo CD versions prior to 1.8.4, which stems from the fact that accessing the endpoint api version discloses internal information about the system and the endpoint is not protected by...