EUVD-2020-29671

Malware in sbrugna...

CVE-2020-8826

As of v1.5.0, the Argo web interface authentication system issued immutable tokens. Authentication tokens, once issued, were usable forever without expiration—there was no refresh or forced re-authentication...

Argo License Issue Vulnerability (CNVD-2020-27455)

Argo is an open source container native workflow engine. Argo suffers from an authorization problem vulnerability that stems from the use of immutable authentication tokens in the web interface authentication system. An attacker could exploit this vulnerability to gain unauthorized access to...

Authentication flaw

As of v1.5.0, the Argo web interface authentication system issued immutable tokens. Authentication tokens, once issued, were usable forever without expiration—there was no refresh or forced re-authentication...

CVE-2020-8826

CVE-2020-8826 relates to the Argo CD web interface authentication, where as of v1.5.0, issued authentication tokens were immutable and did not expire. This creates a potential session-related risk (e.g., token reuse) if a token is compromised, since tokens cannot be refreshed or forcefully re-aut...