Veracode Vulnerability DatabaseVERACODE:36077Information Disclosure
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.0005 Low
EPSS
Percentile
15.0%
github.com/argoproj/argo-cd is vulnerable to information disclosure. The vulnerability exists because the YAML-formatted secrets are mounted as files on the repo-server which allows a malicious attacker to read the contents of the files.
References
github.com/advisories/GHSA-q4w5-4gq2-98vm
github.com/argoproj/argo-cd/commit/04c305396458508a31d03d44afea07b1c620d7cd
github.com/argoproj/argo-cd/commit/7987a4e1e7701fb4d7409f3455722458984f23f1
github.com/argoproj/argo-cd/releases/tag/v2.4.1
github.com/argoproj/argo-cd/security/advisories/GHSA-q4w5-4gq2-98vm
Related
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.0005 Low
EPSS
Percentile
15.0%