Argo Cd
CVE-2021-26923
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
An issue was discovered in Argo CD before 1.8.4. Accessing the endpoint /api/version leaks internal information for the system, and this endpoint is not protected with authentication.
AnalysisAI
An issue was discovered in Argo CD before 1.8.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Technical ContextAI
This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. An issue was discovered in Argo CD before 1.8.4. Accessing the endpoint /api/version leaks internal information for the system, and this endpoint is not protected with authentication. Affected products include: Argoproj Argo Cd. Version information: before 1.8.4..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.9), this vulne
Argo CD is a declarative continuous deployment for Kubernetes. Rated critical severity (CVSS 9.6), this vulnerability is
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.1), this vulne
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.0), this vulne
All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a mali
As of v1.5.0, the default admin password is set to the argocd-server pod name. Rated high severity (CVSS 8.8), this vuln
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 8.3), this vulnerabi
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions 1.2.0 through 1.8.7, 2.0.0-rc1 throug
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions 1.2.0 through 1.8.7, 2.0.0-rc1 throug
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. For versions 2.9.0-rc1 through 2.14.19, 3.0.0-
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 7.5), this vulnerabi
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 7.5), this vulnerabi
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today