CVE-2021-23135

CVSS v3.1

5.9

Medium

Vector

AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Argo CD versions 1.8.0 through 1.8.6 Argo CD versions 1.7.0 through 1.7.13

Description The issue allows an attacker to cause leaked secret data into web UI error messages and logs due to exposure of system data to an unauthorized control sphere vulnerability in the web UI of Argo CD.

Recommendations For Argo CD versions 1.8.0 through 1.8.6, update to version 1.8.7 or later. For Argo CD versions 1.7.0 through 1.7.13, update to version 1.7.14 or later.

Fix

Generation of Error Message Containing Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-497CWE-209

Related Identifiers

BIT-ARGO-CD-2021-23135

CVE-2021-23135

GHSA-FP89-H8PJ-8894

Affected Products

Argo Cd

CVE-2021-23135

Weakness Enumeration

Related Identifiers

Affected Products

References · 7