Argo Cd
CVE-2021-26921
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled.
AnalysisAI
In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-613. In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled. Affected products include: Argoproj Argo Cd. Version information: before 1.8.4.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.9), this vulne
Argo CD is a declarative continuous deployment for Kubernetes. Rated critical severity (CVSS 9.6), this vulnerability is
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.1), this vulne
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.0), this vulne
All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a mali
As of v1.5.0, the default admin password is set to the argocd-server pod name. Rated high severity (CVSS 8.8), this vuln
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 8.3), this vulnerabi
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions 1.2.0 through 1.8.7, 2.0.0-rc1 throug
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions 1.2.0 through 1.8.7, 2.0.0-rc1 throug
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. For versions 2.9.0-rc1 through 2.14.19, 3.0.0-
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 7.5), this vulnerabi
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 7.5), this vulnerabi
Same weakness CWE-613 – Insufficient Session Expiration
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today