Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed attackers to determine the usernames of valid (non-SSO) accounts because /api/v1/session returned 401 for an existing username and 404 otherwise.
History

Wed, 07 Aug 2024 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Argoproj
Argoproj argo Cd
CPEs cpe:2.3:a:linuxfoundation:argo_continuous_delivery:1.5.0:-:*:*:*:kubernetes:*:* cpe:2.3:a:argoproj:argo_cd:1.5.0:-:*:*:*:*:*:*
Vendors & Products Linuxfoundation
Linuxfoundation argo Continuous Delivery
Argoproj
Argoproj argo Cd

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-04-08T17:40:50

Updated: 2024-08-04T11:35:13.537Z

Reserved: 2020-04-06T00:00:00

Link: CVE-2020-11576

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-04-08T18:15:15.323

Modified: 2024-11-21T04:58:09.787

Link: CVE-2020-11576

cve-icon Redhat

No data.