VYPR
Vendor

Argo CD

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2021-26923HigMar 15, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Argo CD before 1.8.4. Accessing the endpoint /api/version leaks internal information for the system, and this endpoint is not protected with authentication.

  • CVE-2021-26924MedMar 15, 2021
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in Argo CD before 1.8.4. Browser XSS protection is not activated due to the missing XSS protection header.

  • CVE-2021-23135MedMay 12, 2021
    risk 0.38cvss 5.9epss 0.00

    Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. This issue affects Argo CD 1.8 versions prior to 1.8.7; 1.7 versions prior to 1.7.14.

  • CVE-2021-26921MedFeb 9, 2021
    risk 0.00cvss 6.5epss 0.01

    In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled.