CVE-2020-23824

ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery CSRF for perform remote arbitrary code execution. The component is the Administration dashboard. When using admin/user credentials, if the admin/user admin opens a website with the malicious page that will run the CSRF...

CVE-2020-23824

CVE-2020-23824 affects ArGo Soft Mail Server 1.8.8.9. The vulnerability is CSRF in the Administration dashboard that can lead to remote arbitrary code execution when an admin/user with credentials visits a malicious page. The vulnerability details indicate the exploit vector is web-based CSRF wit...

argo-surgut.ru Cross Site Scripting vulnerability OBB-1265790

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Information Disclosure

github.com/argoproj/argo-cd is vulnerable to information disclosure. An authenticated user is able to retrieve secrets and manifests that are stored within the git via API calls to manifests...

Argo Information Disclosure Vulnerability

Argo is an open source container native workflow engine. A security vulnerability exists in versions prior to Argo 1.5.0-rc1. An attacker can exploit the vulnerability by submitting a request to invoke the API to retrieve information...

CVE-2018-21034

In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were stored within git...

CVE-2018-21034

In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were stored within git...

Code injection

In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were stored within git...

CVE-2018-21034

In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were stored within git...

CVE-2018-21034

CVE-2018-21034 affects Argo CD (and Argo) where authenticated users can submit API calls to retrieve secrets and other manifests stored in git. Root cause: insufficient access control enabling information disclosure via API requests. Impact: exposure of secrets and manifests stored in git. Affect...

Session Fixation

github.com/argoproj/argo-cd is susceptible to session fixation. The attack exists because its authentication system issued immutable tokens without expiration, allowing an user to reuse the token without re-authentication...

Argo License Issue Vulnerability (CNVD-2020-27455)

Argo is an open source container native workflow engine. Argo suffers from an authorization problem vulnerability that stems from the use of immutable authentication tokens in the web interface authentication system. An attacker could exploit this vulnerability to gain unauthorized access to...

Argo Information Disclosure Vulnerability

Argo is an open source container native workflow engine. Argo suffers from an information disclosure vulnerability. An attacker could exploit this vulnerability to enumerate valid usernames...

PT-2020-8679 · Argo · Argo

Name of the Vulnerable Software and Affected Versions: Argo versions prior to v1.5.0-rc1 Description: The issue allows authenticated Argo users to submit API calls to retrieve secrets and other manifests stored within git. Recommendations: For versions prior to v1.5.0-rc1, update to version...

Argo Authorization Issue Vulnerability (CNVD-2020-27456)

Argo is an open source container native workflow engine. Argo suffers from an authorization issue vulnerability that stems from the program not implementing anti-automation protections. An attacker could use this vulnerability to brute-force break the administrator password...

Argo Authorization Issues Vulnerability

Argo is an open source container native workflow engine. Argo suffers from an authorization issue vulnerability that stems from the program setting the default administrator password to the argocd-server container group name. An attacker can exploit this vulnerability to gain administrator...

CVE-2020-8826

As of v1.5.0, the Argo web interface authentication system issued immutable tokens. Authentication tokens, once issued, were usable forever without expiration—there was no refresh or forced re-authentication...

CVE-2020-8828

As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or logs, this issue could be abused for privilege escalation, as Argo has privileged roles. A malicious insider is the most realistic threat, but pod names are not meant to be ke...

CVE-2020-8827

As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence...

CVE-2020-8827

As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence...