Medium severity4.7NVD Advisory· Published Mar 3, 2021· Updated Jun 17, 2026
CVE-2021-23347
CVE-2021-23347
Description
The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting (XSS) the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/argoproj/argo-cd/v2Go | < 1.7.13 | 1.7.13 |
github.com/argoproj/argo-cd/v2Go | >= 1.8.0, < 1.8.6 | 1.8.6 |
Affected products
3- github.com/argoproj/argo-cddescription
- osv-coords2 versions
< 1.7.13+ 1 more
- (no CPE)range: < 1.7.13
- (no CPE)range: < 1.7.13
Patches
Vulnerability mechanics
References
5- github.com/argoproj/argo-cd/pull/5563nvdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-qq5v-f4c3-395cghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-23347ghsaADVISORY
- snyk.io/vuln/SNYK-GOLANG-GITHUBCOMARGOPROJARGOCDCMD-1078291nvdThird Party AdvisoryWEB
- github.com/argoproj/argo-cd/security/advisories/GHSA-qq5v-f4c3-395cghsaWEB
News mentions
0No linked articles in our index yet.