Vulnerabilities > Linuxfoundation > Argo Continuous Delivery > 0.8.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-03 | CVE-2021-23347 | Cross-site Scripting vulnerability in Linuxfoundation Argo Continuous Delivery The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting (XSS) the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user. | 3.5 |
| 2021-02-09 | CVE-2021-26921 | Insufficient Session Expiration vulnerability in Linuxfoundation Argo Continuous Delivery In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled. | 5.0 |
| 2020-04-09 | CVE-2018-21034 | Information Exposure vulnerability in Linuxfoundation Argo Continuous Delivery In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were stored within git. | 4.0 |
| 2020-04-08 | CVE-2020-8828 | Improper Privilege Management vulnerability in Linuxfoundation Argo Continuous Delivery As of v1.5.0, the default admin password is set to the argocd-server pod name. | 6.5 |
| 2020-04-08 | CVE-2020-8827 | Improper Authentication vulnerability in Linuxfoundation Argo Continuous Delivery As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. | 5.0 |
| 2020-04-08 | CVE-2020-8826 | Session Fixation vulnerability in Linuxfoundation Argo Continuous Delivery As of v1.5.0, the Argo web interface authentication system issued immutable tokens. | 5.0 |