BIT-argo-cd-2021-23135

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/argo-cd/BIT-argo-cd-2021-23135.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-argo-cd-2021-23135
Aliases
Published
2024-03-06T10:51:37.696Z
Modified
2025-01-14T08:57:06.358646Z
Summary
[none]
Details

Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. This issue affects Argo CD 1.8 versions prior to 1.8.7; 1.7 versions prior to 1.7.14.

Database specific
{
    "cpes": [
        "cpe:2.3:a:linuxfoundation:argo_continuous_delivery:*:*:*:*:*:kubernetes:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / argo-cd

Package

Name
argo-cd
Purl
pkg:bitnami/argo-cd

Severity

  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
1.7.0
Fixed
1.7.14
Introduced
1.8.0
Fixed
1.8.7