Veracode Vulnerability DatabaseVERACODE:43225Sensitive Data Exposure
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
EPSS
Percentile
40.0%
Argo CD is vulnerable to Sensitive Data Exposure. The vulnerability is due to the management of Argo CD Cluster secrets declaratively using Argo CD / kubectl apply which results in the storage of the full secret body within the kubectl.kubernetes.io/last-applied-configuration annotation which can lead to the disclosure of sensitive information.
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
EPSS
Percentile
40.0%