← back
CVE-2021-23135

Argo CD leaked secret data into error messages and logs on invalid edits via UI

CVSS 5.9 MEDIUMEPSS 0.2%CWE-497
Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. This issue affects Argo CD 1.8 versions prior to 1.8.7; 1.7 versions prior to 1.7.14.
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Affected products
Argo CD · Argo CD

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/argoproj/argo-cd/security/advisories/GHSA-fp89-h8pj-8894