Vulnerability Details CVE-2018-21034
In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were stored within git.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.0%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- https://github.com/argoproj/argo-cd/blob/a1afe44066fcd0a0ab90a02a23177164bbad42cf/util/diff/diff.go#L399
- https://github.com/argoproj/argo-cd/issues/470
- https://github.com/argoproj/argo-cd/pull/3088
- https://www.soluble.ai/blog/argo-cves-2020
- https://github.com/argoproj/argo-cd/blob/a1afe44066fcd0a0ab90a02a23177164bbad42cf/util/diff/diff.go#L399
- https://github.com/argoproj/argo-cd/issues/470
- https://github.com/argoproj/argo-cd/pull/3088
- https://www.soluble.ai/blog/argo-cves-2020
Products affected by CVE-2018-21034
-
cpe:2.3:a:argoproj:argo_cd:-
-
cpe:2.3:a:argoproj:argo_cd:0.1.0
-
cpe:2.3:a:argoproj:argo_cd:0.10.0
-
cpe:2.3:a:argoproj:argo_cd:0.10.1
-
cpe:2.3:a:argoproj:argo_cd:0.10.2
-
cpe:2.3:a:argoproj:argo_cd:0.10.3
-
cpe:2.3:a:argoproj:argo_cd:0.10.4
-
cpe:2.3:a:argoproj:argo_cd:0.10.5
-
cpe:2.3:a:argoproj:argo_cd:0.10.6
-
cpe:2.3:a:argoproj:argo_cd:0.11.0
-
cpe:2.3:a:argoproj:argo_cd:0.11.1
-
cpe:2.3:a:argoproj:argo_cd:0.11.2
-
cpe:2.3:a:argoproj:argo_cd:0.12.0
-
cpe:2.3:a:argoproj:argo_cd:0.12.1
-
cpe:2.3:a:argoproj:argo_cd:0.12.2
-
cpe:2.3:a:argoproj:argo_cd:0.12.3
-
cpe:2.3:a:argoproj:argo_cd:0.2.0
-
cpe:2.3:a:argoproj:argo_cd:0.3.0
-
cpe:2.3:a:argoproj:argo_cd:0.3.1
-
cpe:2.3:a:argoproj:argo_cd:0.3.2
-
cpe:2.3:a:argoproj:argo_cd:0.3.3
-
cpe:2.3:a:argoproj:argo_cd:0.4.0
-
cpe:2.3:a:argoproj:argo_cd:0.4.1
-
cpe:2.3:a:argoproj:argo_cd:0.4.2
-
cpe:2.3:a:argoproj:argo_cd:0.4.3
-
cpe:2.3:a:argoproj:argo_cd:0.4.4
-
cpe:2.3:a:argoproj:argo_cd:0.4.5
-
cpe:2.3:a:argoproj:argo_cd:0.4.6
-
cpe:2.3:a:argoproj:argo_cd:0.4.7
-
cpe:2.3:a:argoproj:argo_cd:0.5.0
-
cpe:2.3:a:argoproj:argo_cd:0.5.1
-
cpe:2.3:a:argoproj:argo_cd:0.5.2
-
cpe:2.3:a:argoproj:argo_cd:0.5.3
-
cpe:2.3:a:argoproj:argo_cd:0.5.4
-
cpe:2.3:a:argoproj:argo_cd:0.6.0
-
cpe:2.3:a:argoproj:argo_cd:0.6.1
-
cpe:2.3:a:argoproj:argo_cd:0.6.2
-
cpe:2.3:a:argoproj:argo_cd:0.7.0
-
cpe:2.3:a:argoproj:argo_cd:0.7.1
-
cpe:2.3:a:argoproj:argo_cd:0.7.2
-
cpe:2.3:a:argoproj:argo_cd:0.8.0
-
cpe:2.3:a:argoproj:argo_cd:0.8.1
-
cpe:2.3:a:argoproj:argo_cd:0.8.2
-
cpe:2.3:a:argoproj:argo_cd:0.9.0
-
cpe:2.3:a:argoproj:argo_cd:0.9.1
-
cpe:2.3:a:argoproj:argo_cd:0.9.2
-
cpe:2.3:a:argoproj:argo_cd:1.0.0
-
cpe:2.3:a:argoproj:argo_cd:1.0.1
-
cpe:2.3:a:argoproj:argo_cd:1.0.2
-
cpe:2.3:a:argoproj:argo_cd:1.1.0
-
cpe:2.3:a:argoproj:argo_cd:1.1.1
-
cpe:2.3:a:argoproj:argo_cd:1.1.2
-
cpe:2.3:a:argoproj:argo_cd:1.2.0
-
cpe:2.3:a:argoproj:argo_cd:1.2.1
-
cpe:2.3:a:argoproj:argo_cd:1.2.2
-
cpe:2.3:a:argoproj:argo_cd:1.2.3
-
cpe:2.3:a:argoproj:argo_cd:1.2.4
-
cpe:2.3:a:argoproj:argo_cd:1.2.5
-
cpe:2.3:a:argoproj:argo_cd:1.3.0
-
cpe:2.3:a:argoproj:argo_cd:1.3.1
-
cpe:2.3:a:argoproj:argo_cd:1.3.2
-
cpe:2.3:a:argoproj:argo_cd:1.3.3
-
cpe:2.3:a:argoproj:argo_cd:1.3.4
-
cpe:2.3:a:argoproj:argo_cd:1.3.5
-
cpe:2.3:a:argoproj:argo_cd:1.3.6
-
cpe:2.3:a:argoproj:argo_cd:1.4.0
-
cpe:2.3:a:argoproj:argo_cd:1.4.1
-
cpe:2.3:a:argoproj:argo_cd:1.4.2