CVE-2020-8826

HIGH7.5EPSS 0.47%

Published: 3/6/2024Modified: 3/6/2024

Also known as:BIT-argo-cd-2020-8826

Description

As of v1.5.0, the Argo web interface authentication system issued immutable tokens. Authentication tokens, once issued, were usable forever without expiration—there was no refresh or forced re-authentication.

Affected packages (1)

Bitnami/argo-cdfrom 0, < 1.5.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References (3)

WEBhttps://argoproj.github.io/argo-cd/security_considerations/
WEBhttps://github.com/argoproj/argo/releases
WEBhttps://www.soluble.ai/blog/argo-cves-2020