PT-2021-17179 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions prior to 1.8.4 Description: An issue was discovered where browser XSS protection is not activated due to the missing XSS protection header. Recommendations: For versions prior to 1.8.4, update to version 1.8.4 or later to...

Cross-site Scripting (XSS)

github.com/argoproj/argo-cd is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via a malicious error message...

CVE-2021-23347

The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting XSS the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user...

CVE-2021-23347 Cross-site Scripting (XSS)

The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting XSS the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user...

CVE-2021-23347

CVE-2021-23347 affects the Argo CD project, specifically the command line interface in the package github.com/argoproj/argo-cd/cmd before 1.7.13, and in 1.8.0 up to before 1.8.6. The underlying issue is a Cross-site Scripting (XSS) vulnerability triggered when the SSO provider returns a malicious...

CVE-2021-23347

The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting XSS the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user...

argo-cd 跨站脚本漏洞

GitHub argo-cd is an open source application from Github. A declarative GitOps continuous delivery tool for Kubernetes. github.com/argoproj/argo-cd/cmd A cross-site scripting vulnerability exists, which stems from the fact that SSO providers connecting to Argo CD will have to send malicious error...

PT-2021-15451 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: argo-cd versions prior to 1.7.13 argo-cd versions 1.8.0 through 1.8.6 Description: The issue is related to Cross-site Scripting XSS where a malicious SSO provider connected to Argo CD could send back a malicious error message containing...

Argo Code Issues Vulnerabilities

Argo is an open source container native workflow engine. A code issue vulnerability exists in Argo CD versions prior to 1.8.4, which stems from the incorrect handling of Token in the util/session/sessionmanager.go file, resulting in the Token remaining valid after the user is unavailable. No...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user. Remediation Upgrade github.com/argoproj/argo-cd/cmd to version 1.7.13, 1.8.6 or higher...

Insecure Session Management

github.com/argoproj/argo-cd handles session tokens in an insecure manner. The issue arises when it does not check if an account is deactivated before returning a valid token claim...

CVE-2021-26921

In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled...

CVE-2021-26921

In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled...

Code injection

In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled...

CVE-2021-26921

In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled...

CVE-2021-26921

CVE-2021-26921 affects Argo CD before 1.8.4, from the util/session/sessionmanager.go code. The root issue allows tokens to remain valid after the associated user account is disabled, enabling continued token authentication despite deactivation. The impact is described across multiple sources (e.g...

PT-2021-17177 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions prior to 1.8.4 Description: The issue arises from the fact that tokens remain active even after the associated user account has been disabled. This is due to a problem in the util/session/sessionmanager.go file...

Argo 代码问题漏洞

Argo is an open source container native workflow engine. A code issue vulnerability exists in Argo CD versions prior to 1.8.4, which stems from the incorrect handling of Token in the util/session/sessionmanager.go file, resulting in the Token remaining valid after the user is unavailable. No...

CVE-2020-23824

ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery CSRF for perform remote arbitrary code execution. The component is the Administration dashboard. When using admin/user credentials, if the admin/user admin opens a website with the malicious page that will run the CSRF...

Cross site request forgery (csrf)

ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery CSRF for perform remote arbitrary code execution. The component is the Administration dashboard. When using admin/user credentials, if the admin/user admin opens a website with the malicious page that will run the CSRF...