CVE-2021-23135 MEDIUM

CVE-2021-23135: Argo CD leaked secret data into error messages and logs on invalid edits via UI

Vendor Argo Cd
Product Argo CD
Weakness CWE-497
Published May 12, 2021
Last update September 16, 2024

CVSS base score

5.9/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. This issue affects Argo CD 1.8 versions prior to 1.8.7; 1.7 versions prior to 1.7.14.

Key dates

02Disclosure timeline

May 12, 2021 CVE published
September 16, 2024 Record updated