Vulnerabilities > Linuxfoundation > Argo Continuous Delivery
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-07 | CVE-2023-40029 | Information Exposure Through Log Files vulnerability in Linuxfoundation Argo Continuous Delivery Argo CD is a declarative continuous deployment for Kubernetes. | 9.6 |
2023-09-07 | CVE-2023-40584 | Resource Exhaustion vulnerability in Linuxfoundation Argo Continuous Delivery Argo CD is a declarative continuous deployment for Kubernetes. | 6.5 |
2023-02-08 | CVE-2023-25163 | Information Exposure Through Log Files vulnerability in Linuxfoundation Argo Continuous Delivery 2.6.0 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. | 6.5 |
2021-05-12 | CVE-2021-23135 | Information Exposure Through an Error Message vulnerability in Linuxfoundation Argo Continuous Delivery Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. | 2.1 |
2021-03-03 | CVE-2021-23347 | Cross-site Scripting vulnerability in Linuxfoundation Argo Continuous Delivery The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting (XSS) the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user. | 3.5 |
2021-02-09 | CVE-2021-26921 | Insufficient Session Expiration vulnerability in Linuxfoundation Argo Continuous Delivery In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled. | 5.0 |
2020-04-09 | CVE-2018-21034 | Information Exposure vulnerability in Linuxfoundation Argo Continuous Delivery In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were stored within git. | 4.0 |
2020-04-08 | CVE-2020-8828 | Improper Privilege Management vulnerability in Linuxfoundation Argo Continuous Delivery As of v1.5.0, the default admin password is set to the argocd-server pod name. | 6.5 |
2020-04-08 | CVE-2020-8827 | Improper Authentication vulnerability in Linuxfoundation Argo Continuous Delivery As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. | 5.0 |
2020-04-08 | CVE-2020-8826 | Session Fixation vulnerability in Linuxfoundation Argo Continuous Delivery As of v1.5.0, the Argo web interface authentication system issued immutable tokens. | 5.0 |