The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting (XSS) the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user.
Metrics
Affected Vendors & Products
References
History
Wed, 07 Aug 2024 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Argoproj
Argoproj argo Cd |
|
CPEs | cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:* | |
Vendors & Products |
Linuxfoundation
Linuxfoundation argo Continuous Delivery |
Argoproj
Argoproj argo Cd |
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2021-03-03T09:55:25.235231Z
Updated: 2024-09-17T04:14:06.008Z
Reserved: 2021-01-08T00:00:00
Link: CVE-2021-23347
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-03-03T10:15:13.753
Modified: 2024-11-21T05:51:33.100
Link: CVE-2021-23347
Redhat
No data.