Unrated severityNVD Advisory· Published May 12, 2021· Updated Sep 16, 2024

Argo CD leaked secret data into error messages and logs on invalid edits via UI

CVE-2021-23135

Description

Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. This issue affects Argo CD 1.8 versions prior to 1.8.7; 1.7 versions prior to 1.7.14.

Affected products

osv-coords
pkg:bitnami/argo-cd
Range: >= 1.7.0, < 1.7.14
Argo CD/Argo CDv5
Range: 1.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/argoproj/argo-cd/security/advisories/GHSA-fp89-h8pj-8894mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000