Argo Cd@* Security Vulnerabilities and Issues — Argo Cd@* CVE List

Lucene search

ArgoprojArgo Cd*

5 matches found

CVE•added 2021/05/12 11:15 p.m.•59 views

CVE-2021-23135

Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. This issue affects Argo CD 1.8 versions prior to 1.8.7; 1.7 versions prior to 1.7.14.

5.9CVSS5.4AI score0.00058EPSS

CVE•added 2021/02/09 3:15 p.m.•45 views

CVE-2021-26921

In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled.

6.5CVSS6.3AI score0.00242EPSS

CVE•added 2021/03/03 10:15 a.m.•44 views

CVE-2021-23347

The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting (XSS) the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user.

4.8CVSS4.5AI score0.00323EPSS

CVE•added 2021/03/15 3:15 p.m.•43 views

CVE-2021-26924

An issue was discovered in Argo CD before 1.8.4. Browser XSS protection is not activated due to the missing XSS protection header.

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2021/03/15 3:15 p.m.•37 views

CVE-2021-26923

An issue was discovered in Argo CD before 1.8.4. Accessing the endpoint /api/version leaks internal information for the system, and this endpoint is not protected with authentication.

7.5CVSS7.4AI score0.00544EPSS