Known Vulnerabilities for Argo Continuous Delivery by Linuxfoundation

Listed below are 10 of the newest known vulnerabilities associated with "Argo Continuous Delivery" by "Linuxfoundation".

These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE	Shortened Description	Severity	Publish Date	Last Modified
CVE-2023-40584 json	Argo CD is a declarative continuous deployment for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the...	6.5 - MEDIUM	2023-09-07	2023-09-13
CVE-2023-40029 json	Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using A...	9.6 - CRITICAL	2023-09-07	2023-10-27
CVE-2023-25163 json	Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v2.6.0-rc1 ha...	6.5 - MEDIUM	2023-02-08	2023-02-18
CVE-2021-26921 json	In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled.	6.5 - MEDIUM	2021-02-09	2021-03-22
CVE-2021-23347 json	The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting...	4.8 - MEDIUM	2021-03-03	2021-03-09
CVE-2021-23135 json	Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked ...	5.5 - MEDIUM	2021-05-12	2022-08-30
CVE-2020-11576 json	Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed attackers to determine ...	5.3 - MEDIUM	2020-04-08	2022-04-06
CVE-2020-8828 json	As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or log...	8.8 - HIGH	2020-04-08	2021-07-21
CVE-2020-8827 json	As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti...	7.5 - HIGH	2020-04-08	2021-07-21
CVE-2020-8826 json	As of v1.5.0, the Argo web interface authentication system issued immutable tokens. Authentication tokens, once issued, were ...	7.5 - HIGH	2020-04-08	2020-04-14

Results limited to 10 most recent vulnerabilities

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version
Application	Linuxfoundation	Argo Continuous Delivery	1.8.7
Application	Linuxfoundation	Argo Continuous Delivery	1.8.6
Application	Linuxfoundation	Argo Continuous Delivery	1.8.5
Application	Linuxfoundation	Argo Continuous Delivery	1.8.4
Application	Linuxfoundation	Argo Continuous Delivery	1.8.3
Application	Linuxfoundation	Argo Continuous Delivery	1.8.2
Application	Linuxfoundation	Argo Continuous Delivery	1.8.1
Application	Linuxfoundation	Argo Continuous Delivery	1.8.0
Application	Linuxfoundation	Argo Continuous Delivery	1.8.0
Application	Linuxfoundation	Argo Continuous Delivery	1.8.0
Application	Linuxfoundation	Argo Continuous Delivery	1.7.9
Application	Linuxfoundation	Argo Continuous Delivery	1.7.8
Application	Linuxfoundation	Argo Continuous Delivery	1.7.7
Application	Linuxfoundation	Argo Continuous Delivery	1.7.6
Application	Linuxfoundation	Argo Continuous Delivery	1.7.5
Application	Linuxfoundation	Argo Continuous Delivery	1.7.4
Application	Linuxfoundation	Argo Continuous Delivery	1.7.3
Application	Linuxfoundation	Argo Continuous Delivery	1.7.2
Application	Linuxfoundation	Argo Continuous Delivery	1.7.14
Application	Linuxfoundation	Argo Continuous Delivery	1.7.13

Results limited to 20 most recent known configurations