CVE-2021-23135

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-23135

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23135.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-23135

Aliases

BIT-argo-cd-2021-23135

Related

GHSA-fp89-h8pj-8894

Published

2021-05-12T23:15:07Z

Modified

2025-02-19T03:17:03.991453Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. This issue affects Argo CD 1.8 versions prior to 1.8.7; 1.7 versions prior to 1.7.14.

References

https://github.com/argoproj/argo-cd/security/advisories/GHSA-fp89-h8pj-8894

Affected packages

Git / github.com/argoproj/argo-cd

Affected ranges

Type: GIT
Repo: https://github.com/argoproj/argo-cd
Events: Introduced

24b93197e05d02e31f6b788e53b529cadcf2ccd4

Fixed

92b02379b980da45c6b9249f56e1114f294f2d8e

Affected versions

v1.*

v1.7.0

v1.7.1

v1.7.10

v1.7.11

v1.7.12

v1.7.13

v1.7.2

v1.7.3

v1.7.4

v1.7.5

v1.7.6

v1.7.7

v1.7.8

v1.7.9