logo

Database

Business information leak In github.com/argoproj/argo-cd/v2

Description

Argo Exposure of Sensitive Information In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were stored within git.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2018-210342. NVD-2018-210343. OSV-2018-210344. GHSA-xj7v-c82w-92q25. GCVE-2018-21034

References

1. https://github.com/argoproj/argo-cd/issues/4702. https://github.com/argoproj/argo-cd/pull/30883. https://github.com/argoproj/argo-cd/blob/a1afe44066fcd0a0ab90a02a23177164bbad42cf/util/diff/diff.go#L3994. https://www.soluble.ai/blog/argo-cves-20205. https://github.com/argoproj/argo-cd/commit/916d4aed5775fead4ab75f47c1d352cd0e73b815

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.