CVE-2018-21034
published 2020-04-09CVE-2018-21034: In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were…
PriorityP434medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
1.37%
68.6th percentile
In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were stored within git.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| argoproj | argo_cd | <= 1.4.2 | — |
| github.com | argoproj_argo-cd | >= 0 < 1.5.0-rc1 | 1.5.0-rc1 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
osv·2024-08-20
CVE-2018-21034 Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
OSV
Argo Exposure of Sensitive Information
osv·2022-05-24
CVE-2018-21034 [MEDIUM] Argo Exposure of Sensitive Information
Argo Exposure of Sensitive Information
In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were stored within git.
GHSA
Argo Exposure of Sensitive Information
ghsa·2022-05-24
CVE-2018-21034 [MEDIUM] CWE-200 Argo Exposure of Sensitive Information
Argo Exposure of Sensitive Information
In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were stored within git.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/argoproj/argo-cd/blob/a1afe44066fcd0a0ab90a02a23177164bbad42cf/util/diff/diff.go#L399https://github.com/argoproj/argo-cd/issues/470https://github.com/argoproj/argo-cd/pull/3088https://www.soluble.ai/blog/argo-cves-2020https://github.com/argoproj/argo-cd/blob/a1afe44066fcd0a0ab90a02a23177164bbad42cf/util/diff/diff.go#L399https://github.com/argoproj/argo-cd/issues/470https://github.com/argoproj/argo-cd/pull/3088https://www.soluble.ai/blog/argo-cves-2020
2020-04-09
Published