Vendor
Argo CD
Products
1
CVEs
4
Across products
4
Status
Private
Products
1- 4 CVEs
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-26923 | Hig | 0.49 | 7.5 | 0.01 | Mar 15, 2021 | An issue was discovered in Argo CD before 1.8.4. Accessing the endpoint /api/version leaks internal information for the system, and this endpoint is not protected with authentication. | ||
| CVE-2021-26924 | Med | 0.40 | 6.1 | 0.01 | Mar 15, 2021 | An issue was discovered in Argo CD before 1.8.4. Browser XSS protection is not activated due to the missing XSS protection header. | ||
| CVE-2021-23135 | Med | 0.38 | 5.9 | 0.00 | May 12, 2021 | Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. This issue affects Argo CD 1.8 versions prior to 1.8.7; 1.7 versions prior to 1.7.14. | ||
| CVE-2021-26921 | Med | 0.00 | 6.5 | 0.01 | Feb 9, 2021 | In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled. |
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Argo CD before 1.8.4. Accessing the endpoint /api/version leaks internal information for the system, and this endpoint is not protected with authentication.
- risk 0.40cvss 6.1epss 0.01
An issue was discovered in Argo CD before 1.8.4. Browser XSS protection is not activated due to the missing XSS protection header.
- risk 0.38cvss 5.9epss 0.00
Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. This issue affects Argo CD 1.8 versions prior to 1.8.7; 1.7 versions prior to 1.7.14.
- risk 0.00cvss 6.5epss 0.01
In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled.