Cross-Site Scripting Vulnerability in Argo CD by Argo Project
CVE-2021-26924

6.1MEDIUM

Key Information:

Vendor: Linux
Status: Argo-cd
Vendor: CVE Published:; 15 March 2021

Summary

A vulnerability was identified in Argo CD prior to version 1.8.4, where the application fails to enable browser XSS protection due to the absence of the appropriate XSS protection header. This oversight allows attackers to potentially execute malicious scripts in the context of the user's browser, impacting user sessions and sensitive data. It is essential for users to upgrade to the latest version to mitigate this security risk.

References

https://github.com/argoproj/argo-cd/compare/v1.8.3...v1.8.4

x_refsource_MISC

https://github.com/argoproj/argo-cd/security/advisories/G...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 15, 2021
Vulnerability Reserved
Feb 9, 2021