Описание
Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed attackers to determine the usernames of valid (non-SSO) accounts because /api/v1/session returned 401 for an existing username and 404 otherwise.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:argoproj:argo_cd:1.5.0:-:*:*:*:*:*:*
EPSS
Процентиль: 48%
0.00247
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-203
Связанные уязвимости
EPSS
Процентиль: 48%
0.00247
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-203