CVE-2021-26921
published 2021-02-09CVE-2021-26921: In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled.
PriorityP431medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
EPSS
1.27%
66.2th percentile
In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| argoproj | argo_cd | < 1.7.12 | 1.7.12 |
| argoproj | argo_cd | >= 1.8.0 < 1.8.4 | 1.8.4 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux-raspi-5.4 vulnerabilities
osv·2024-09-02·CVSS 5.5
CVE-2024-24860 linux-raspi-5.4 vulnerabilities
linux-raspi-5.4 vulnerabilities
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a null pointer dereference vulnerability. A
privileged local attacker could use this to possibly cause a denial of
service (system crash). (CVE-2024-24860)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SuperH RISC architecture;
- MMC subsystem;
- Network drivers;
- SCSI drivers;
- GFS2 file system;
- IPv4 networking;
- IPv6 networking;
- HD-audio driver;
(CVE-2024-26830, CVE-2024-39484, CVE-2024-36901, CVE-2024-26929,
CVE-2024-26921, CVE-2021-46926, CVE-2023-52629, CVE-2023-52760)
OSV
linux-aws-5.4 vulnerabilities
osv·2024-08-26·CVSS 5.5
CVE-2024-24860 linux-aws-5.4 vulnerabilities
linux-aws-5.4 vulnerabilities
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a null pointer dereference vulnerability. A
privileged local attacker could use this to possibly cause a denial of
service (system crash). (CVE-2024-24860)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SuperH RISC architecture;
- MMC subsystem;
- Network drivers;
- SCSI drivers;
- GFS2 file system;
- IPv4 networking;
- IPv6 networking;
- HD-audio driver;
(CVE-2024-26830, CVE-2024-39484, CVE-2024-36901, CVE-2024-26929,
CVE-2024-26921, CVE-2021-46926, CVE-2023-52629, CVE-2023-52760)
OSV
linux-azure-5.4 vulnerabilities
osv·2024-08-23·CVSS 5.5
CVE-2024-24860 linux-azure-5.4 vulnerabilities
linux-azure-5.4 vulnerabilities
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a null pointer dereference vulnerability. A
privileged local attacker could use this to possibly cause a denial of
service (system crash). (CVE-2024-24860)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SuperH RISC architecture;
- MMC subsystem;
- Network drivers;
- SCSI drivers;
- GFS2 file system;
- IPv4 networking;
- IPv6 networking;
- HD-audio driver;
(CVE-2024-26830, CVE-2024-39484, CVE-2024-36901, CVE-2024-26929,
CVE-2024-26921, CVE-2021-46926, CVE-2023-52629, CVE-2023-52760)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/argoproj/argo-cd/commit/f5b0db240b4e3abf18e97f6fd99096b4f9e94dc5https://github.com/argoproj/argo-cd/compare/v1.8.3...v1.8.4https://github.com/argoproj/argo-cd/security/advisories/GHSA-9h6w-j7w4-jr52https://github.com/argoproj/argo-cd/commit/f5b0db240b4e3abf18e97f6fd99096b4f9e94dc5https://github.com/argoproj/argo-cd/compare/v1.8.3...v1.8.4https://github.com/argoproj/argo-cd/security/advisories/GHSA-9h6w-j7w4-jr52
2021-02-09
Published