Known Vulnerabilities for Argo Continuous Delivery by Linuxfoundation
Listed below are 8 of the newest known vulnerabilities associated with "Argo Continuous Delivery" by "Linuxfoundation".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-26921 | In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled. | 6.5 - MEDIUM | 2021-02-09 | 2021-03-22 |
| CVE-2021-23347 | The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting... | 4.8 - MEDIUM | 2021-03-03 | 2021-03-09 |
| CVE-2021-23135 | Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked ... | 5.5 - MEDIUM | 2021-05-12 | 2022-08-30 |
| CVE-2020-11576 | Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed attackers to determine ... | 5.3 - MEDIUM | 2020-04-08 | 2022-04-06 |
| CVE-2020-8828 | As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or log... | 8.8 - HIGH | 2020-04-08 | 2021-07-21 |
| CVE-2020-8827 | As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti... | 7.5 - HIGH | 2020-04-08 | 2021-07-21 |
| CVE-2020-8826 | As of v1.5.0, the Argo web interface authentication system issued immutable tokens. Authentication tokens, once issued, were ... | 7.5 - HIGH | 2020-04-08 | 2020-04-14 |
| CVE-2018-21034 | In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets an... | 6.5 - MEDIUM | 2020-04-09 | 2020-04-14 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Linuxfoundation | Argo Continuous Delivery | 1.8.7 | All | All | All |
| Application | Linuxfoundation | Argo Continuous Delivery | 1.8.6 | All | All | All |
| Application | Linuxfoundation | Argo Continuous Delivery | 1.8.5 | All | All | All |
| Application | Linuxfoundation | Argo Continuous Delivery | 1.8.4 | All | All | All |
| Application | Linuxfoundation | Argo Continuous Delivery | 1.8.3 | All | All | All |
| Application | Linuxfoundation | Argo Continuous Delivery | 1.8.2 | All | All | All |
| Application | Linuxfoundation | Argo Continuous Delivery | 1.8.1 | All | All | All |
| Application | Linuxfoundation | Argo Continuous Delivery | 1.8.0 | - | All | All |
| Application | Linuxfoundation | Argo Continuous Delivery | 1.8.0 | rc1 | All | All |
| Application | Linuxfoundation | Argo Continuous Delivery | 1.8.0 | rc2 | All | All |
| Application | Linuxfoundation | Argo Continuous Delivery | 1.7.9 | All | All | All |
| Application | Linuxfoundation | Argo Continuous Delivery | 1.7.8 | All | All | All |
| Application | Linuxfoundation | Argo Continuous Delivery | 1.7.7 | All | All | All |
| Application | Linuxfoundation | Argo Continuous Delivery | 1.7.6 | All | All | All |
| Application | Linuxfoundation | Argo Continuous Delivery | 1.7.5 | All | All | All |
| Application | Linuxfoundation | Argo Continuous Delivery | 1.7.4 | All | All | All |
| Application | Linuxfoundation | Argo Continuous Delivery | 1.7.3 | All | All | All |
| Application | Linuxfoundation | Argo Continuous Delivery | 1.7.2 | All | All | All |
| Application | Linuxfoundation | Argo Continuous Delivery | 1.7.14 | All | All | All |
| Application | Linuxfoundation | Argo Continuous Delivery | 1.7.13 | All | All | All |