Vulnerabilities > CVE-2020-11576 - Information Exposure Through Discrepancy vulnerability in Linuxfoundation Argo Continuous Delivery 1.5.0

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
linuxfoundation
CWE-203

Summary

Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed attackers to determine the usernames of valid (non-SSO) accounts because /api/v1/session returned 401 for an existing username and 404 otherwise.

Vulnerable Configurations

Part Description Count
Application
Linuxfoundation
1

Common Weakness Enumeration (CWE)