First published: Tue Feb 09 2021(Updated: )
In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linuxfoundation Argo Continuous Delivery | <1.7.12 | |
Linuxfoundation Argo Continuous Delivery | >=1.8.0<1.8.4 | |
Argoproj Argo Cd | <1.7.12 | |
Argoproj Argo Cd | >=1.8.0<1.8.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Argo CD vulnerability is CVE-2021-26921.
The title of this vulnerability is 'In util/session/sessionmanager.go in Argo CD before 1.8.4 tokens continue to work even when the user...'
The description of this vulnerability is that in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled.
The Argo Continuous Delivery software versions up to 1.7.12 and versions between 1.8.0 and 1.8.4 are affected by this vulnerability.
The severity of this vulnerability is medium.
The Common Weakness Enumeration (CWE) ID for this vulnerability is CWE-613.
To fix this vulnerability, you should upgrade Argo CD to version 1.8.4 or later.
You can find more information about this vulnerability on the Argo CD GitHub page and the associated security advisories.