github.com/argoproj/argo-cd handles session tokens in an insecure manner. The issue arises when it does not check if an account is deactivated before returning a valid token claim.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/argoproj/argo-cd | le | v1.8.3 | |
github.com/argoproj/argo-cd | le | v1.7.13 |