← back
CVE-2021-23135

Argo CD leaked secret data into error messages and logs on invalid edits via UI

CVSS 5.9 MEDIUMEPSS 0.2%CWE-497
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.9EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
12 May 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. This issue affects Argo CD 1.8 versions prior to 1.8.7; 1.7 versions prior to 1.7.14.
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Affected products
Argo CD · Argo CD

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/argoproj/argo-cd/security/advisories/GHSA-fp89-h8pj-8894