In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were stored within git.
References
Link | Resource |
---|---|
https://github.com/argoproj/argo-cd/blob/a1afe44066fcd0a0ab90a02a23177164bbad42cf/util/diff/diff.go#L399 | Exploit Third Party Advisory |
https://github.com/argoproj/argo-cd/issues/470 | Third Party Advisory |
https://github.com/argoproj/argo-cd/pull/3088 | Patch Third Party Advisory |
https://www.soluble.ai/blog/argo-cves-2020 | Exploit Third Party Advisory |
Configurations
History
07 Aug 2024, 15:43
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:* | |
First Time |
Argoproj argo Cd
Argoproj |
Information
Published : 2020-04-09 17:15
Updated : 2024-08-07 15:43
NVD link : CVE-2018-21034
Mitre link : CVE-2018-21034
CVE.ORG link : CVE-2018-21034
JSON object : View
Products Affected
argoproj
- argo_cd
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor