Vulnerabilities > Argoproj > Argo CD > 1.5.0

DATE CVE VULNERABILITY TITLE RISK
2021-03-15 CVE-2021-26924 Cross-site Scripting vulnerability in Argoproj Argo CD
An issue was discovered in Argo CD before 1.8.4.
network
low complexity
argoproj CWE-79
6.1
2021-03-15 CVE-2021-26923 Information Exposure vulnerability in Argoproj Argo CD
An issue was discovered in Argo CD before 1.8.4.
network
low complexity
argoproj CWE-200
7.5
2021-03-03 CVE-2021-23347 Cross-site Scripting vulnerability in Argoproj Argo CD
The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting (XSS) the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user.
network
low complexity
argoproj CWE-79
4.8
2021-02-09 CVE-2021-26921 Insufficient Session Expiration vulnerability in Argoproj Argo CD
In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled.
network
low complexity
argoproj CWE-613
6.5
2020-04-08 CVE-2020-11576 Information Exposure Through Discrepancy vulnerability in Argoproj Argo CD 1.5.0
Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed attackers to determine the usernames of valid (non-SSO) accounts because /api/v1/session returned 401 for an existing username and 404 otherwise.
network
low complexity
argoproj CWE-203
5.3