CVE-2018-21034

6.5MEDIUM

Key Information:

Vendor: Linux
Status: Argo Continuous Delivery
Vendor: CVE Published:; 9 April 2020

Summary

In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were stored within git.

References

https://github.com/argoproj/argo-cd/blob/a1afe44066fcd0a0...

x_refsource_MISC

https://github.com/argoproj/argo-cd/issues/470

x_refsource_MISC

https://github.com/argoproj/argo-cd/pull/3088

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 9, 2020
Vulnerability Reserved
Feb 10, 2020