Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-23347  

The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 is vulnerable to Cross-site Scripting (XSS). The SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user.

Source
Severity Medium

Remote Yes

Type Cross-site scripting

Description 

The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 is vulnerable to Cross-site Scripting (XSS). The SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user.

AVG-1636 argocd-cli 1.8.5-1 1.8.6-1 Medium Fixed 

https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMARGOPROJARGOCDCMD-1078291
https://github.com/argoproj/argo-cd/pull/5563
https://github.com/argoproj/argo-cd/commit/31110cde4d72a78d1a9414d5e457f4d63223bce3

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started