Lucene search

K

Veracode Vulnerability DatabaseVERACODE:39933

HistoryMar 24, 2023 - 4:26 a.m.

Information Disclosure

2023-03-2404:26:50

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

21

argo-cd

information disclosure

vulnerability

unauthorized users

api error messages

attack

EPSS

0.001

Percentile

30.9%

github.com/argoproj/argo-cd is vulnerable to Information Disclosure. The vulnerability is due to a bug that allows unauthorized users to enumerate application names by inspecting API error messages, which can then be used as a starting point for another attack.

References

argo.com

github.com/advisories/GHSA-2q5c-qw9c-fmvq

github.com/argoproj/argo-cd/commit/06b9a25f6d95ebebcd636331e55139dded143ee5

github.com/argoproj/argo-cd/commit/63f9622b004d35c486f15d8bf0cb460e80f8b25f

github.com/argoproj/argo-cd/commit/ccb64f1c7ef57aa18c2edf0ede9a8ffa64de7927

github.com/argoproj/argo-cd/releases/tag/v2.4.28

github.com/argoproj/argo-cd/releases/tag/v2.5.16

github.com/argoproj/argo-cd/releases/tag/v2.6.7

github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq

github.com/chunklhit/cve/blob/master/argo/argo-cd/application_enumeration.md

EPSS

0.001

Percentile

30.9%

Related for VERACODE:39933

prion1 cvelist1 hackerone1 github1 redhatcve1 redhat3 osv3 nvd1 cve1