CVE-2020-11576

Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed attackers to determine the usernames of valid (non-SSO) accounts because /api/v1/session returned 401 for an existing username and 404 otherwise.
Configurations

Configuration 1 (hide)

cpe:2.3:a:argoproj:argo_cd:1.5.0:-:*:*:*:*:*:*

History

07 Aug 2024, 15:43

Type Values Removed Values Added
First Time Argoproj argo Cd
Argoproj
CPE cpe:2.3:a:linuxfoundation:argo_continuous_delivery:1.5.0:-:*:*:*:kubernetes:*:* cpe:2.3:a:argoproj:argo_cd:1.5.0:-:*:*:*:*:*:*

06 Apr 2022, 16:32

Type Values Removed Values Added
CWE CWE-200 CWE-203
CPE cpe:2.3:a:cncf:argo_continuous_delivery:*:*:*:*:*:kubernetes:*:* cpe:2.3:a:linuxfoundation:argo_continuous_delivery:1.5.0:-:*:*:*:kubernetes:*:*

Information

Published : 2020-04-08 18:15

Updated : 2024-08-07 15:43


NVD link : CVE-2020-11576

Mitre link : CVE-2020-11576

CVE.ORG link : CVE-2020-11576


JSON object : View

Products Affected

argoproj

  • argo_cd
CWE
CWE-203

Observable Discrepancy