First published: Wed Apr 08 2020(Updated: )
As of v1.5.0, the Argo web interface authentication system issued immutable tokens. Authentication tokens, once issued, were usable forever without expiration—there was no refresh or forced re-authentication.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linuxfoundation Argo Continuous Delivery | <=1.5.0 | |
Argoproj Argo Cd | <=1.5.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-8826 is a vulnerability in the Argo web interface authentication system that allows for the issuance of immutable tokens.
CVE-2020-8826 has a severity rating of high, with a severity value of 7.5.
CVE-2020-8826 affects Argo Continuous Delivery version 1.5.0, where the web interface authentication system issued immutable tokens with no expiration or forced re-authentication.
To fix CVE-2020-8826, it is recommended to update Argo Continuous Delivery to a version that addresses the vulnerability.
You can find more information about CVE-2020-8826 from the official Argo project documentation, the Argo GitHub repository, and the Soluble blog post.