Argo Cd Security Vulnerabilities and Issues — Argo Cd CVE List

Lucene search

ArgoprojArgo Cd

3 matches found

CVE•added 2021/03/03 10:15 a.m.•44 views

CVE-2021-23347

The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting (XSS) the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user.

4.8CVSS4.5AI score0.00323EPSS

CVE•added 2021/03/15 3:15 p.m.•43 views

CVE-2021-26924

An issue was discovered in Argo CD before 1.8.4. Browser XSS protection is not activated due to the missing XSS protection header.

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2021/03/15 3:15 p.m.•37 views

CVE-2021-26923

An issue was discovered in Argo CD before 1.8.4. Accessing the endpoint /api/version leaks internal information for the system, and this endpoint is not protected with authentication.

7.5CVSS7.4AI score0.00544EPSS