Vulnerabilities > Argoproj > Argo CD > 1.7.10
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-12 | CVE-2021-23135 | Information Exposure Through an Error Message vulnerability in Argoproj Argo CD Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. | 5.5 |
| 2021-03-15 | CVE-2021-26924 | Cross-site Scripting vulnerability in Argoproj Argo CD An issue was discovered in Argo CD before 1.8.4. | 6.1 |
| 2021-03-15 | CVE-2021-26923 | Information Exposure vulnerability in Argoproj Argo CD An issue was discovered in Argo CD before 1.8.4. | 7.5 |
| 2021-03-03 | CVE-2021-23347 | Cross-site Scripting vulnerability in Argoproj Argo CD The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting (XSS) the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user. | 4.8 |
| 2021-02-09 | CVE-2021-26921 | Insufficient Session Expiration vulnerability in Argoproj Argo CD In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled. | 6.5 |