Moderate severityNVD Advisory· Published Apr 8, 2020· Updated Aug 4, 2024
CVE-2020-11576
CVE-2020-11576
Description
Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed attackers to determine the usernames of valid (non-SSO) accounts because /api/v1/session returned 401 for an existing username and 404 otherwise.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/argoproj/argo-cdGo | >= 1.5.0, < 1.5.1 | 1.5.1 |
Affected products
3- Argo/Argodescription
- osv-coords2 versions
>= 1.5.0, <= 1.5.0+ 1 more
- (no CPE)range: >= 1.5.0, <= 1.5.0
- (no CPE)range: >= 1.5.0, < 1.5.1
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-vj54-cjrx-x696ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-11576ghsaADVISORY
- github.com/argoproj/argo-cd/commit/35a7350b7444bcaf53ee0bb11b9d8e3ae4b717a1ghsax_refsource_MISCWEB
- github.com/argoproj/argo-cd/pull/3215ghsax_refsource_MISCWEB
- www.soluble.ai/blog/argo-cves-2020ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.