CVE-2021-23347

Summary

The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting (XSS) the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user.

Affected Software

VendorProductVersion RangeStatus
n/agithub.com/argoproj/argo-cd/cmdunspecified < 1.7.13affected
n/agithub.com/argoproj/argo-cd/cmd1.8.0 < unspecifiedaffected
n/agithub.com/argoproj/argo-cd/cmdunspecified < 1.8.6affected

Weaknesses

  • Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References