First published: Wed Apr 08 2020(Updated: )
As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
go/github.com/argoproj/argo-cd | <1.5.1 | 1.5.1 |
Linuxfoundation Argo Continuous Delivery | <1.5.0 | |
Argoproj Argo Cd | <1.5.0 | |
<1.5.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2020-8827.
CVE-2020-8827 has a severity of 7.5 (high).
The Argo API, specifically version 1.5.0 and below, as well as the Linuxfoundation Argo Continuous Delivery.
Attackers can submit an unlimited number of authentication attempts without consequence.
Update Argo API to version 1.5.1 or later to implement anti-automation measures such as rate limiting, account lockouts, and other anti-bruteforce measures.