The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting (XSS) the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user.
History

Wed, 07 Aug 2024 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Argoproj
Argoproj argo Cd
CPEs cpe:2.3:a:linuxfoundation:argo_continuous_delivery:*:*:*:*:*:kubernetes:*:* cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*
Vendors & Products Linuxfoundation
Linuxfoundation argo Continuous Delivery
Argoproj
Argoproj argo Cd

cve-icon MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2021-03-03T09:55:25.235231Z

Updated: 2024-09-17T04:14:06.008Z

Reserved: 2021-01-08T00:00:00

Link: CVE-2021-23347

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-03-03T10:15:13.753

Modified: 2024-11-21T05:51:33.100

Link: CVE-2021-23347

cve-icon Redhat

No data.