First published: Thu Apr 09 2020(Updated: )
In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were stored within git.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
go/github.com/argoproj/argo-cd | <1.5.0-rc1 | 1.5.0-rc1 |
Linuxfoundation Argo Continuous Delivery | <=1.4.2 | |
Argoproj Argo Cd | <=1.4.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-21034 is a vulnerability in Argo versions prior to v1.5.0-rc1 that allowed authenticated users to retrieve secrets and other manifests stored within git.
Authenticated Argo users can exploit CVE-2018-21034 by submitting API calls to retrieve secrets and other manifests.
CVE-2018-21034 has a severity level of medium, with a CVSS score of 6.5.
Argo versions prior to v1.5.0-rc1 and Linuxfoundation Argo Continuous Delivery versions up to and including 1.4.2 are affected by CVE-2018-21034.
Yes, updating to Argo version 1.5.0-rc1 or higher will fix the vulnerability CVE-2018-21034.