CVE-2020-8826

Name of the Vulnerable Software and Affected Versions Argo versions 1.5.0 and later

Description The Argo web interface authentication system issued immutable tokens as of version 1.5.0. These authentication tokens, once issued, were usable forever without expiration, and there was no refresh or forced re-authentication.

Recommendations For versions 1.5.0 and later, consider implementing a token expiration mechanism or forced re-authentication to minimize the risk of exploitation. As a temporary workaround, restrict access to sensitive areas of the web interface until a more permanent solution is implemented.