PT-2020-8679 · Argo · Argo
Eriner
·
Published
2020-04-09
·
Updated
2024-08-20
·
CVE-2018-21034
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Argo versions prior to v1.5.0-rc1
Description
The issue allows authenticated Argo users to submit API calls to retrieve secrets and other manifests stored within git.
Recommendations
For versions prior to v1.5.0-rc1, update to version v1.5.0-rc1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information stored within git until the update is applied.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Argo