{"id":"GHSA-xj7v-c82w-92q2","summary":"Argo Exposure of Sensitive Information ","details":"In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were stored within git.","aliases":["CVE-2018-21034","GO-2023-1952"],"modified":"2024-08-20T20:58:48.069573Z","published":"2022-05-24T17:13:55Z","database_specific":{"severity":"MODERATE","nvd_published_at":"2020-04-09T17:15:00Z","github_reviewed_at":"2023-07-19T23:58:11Z","github_reviewed":true,"cwe_ids":["CWE-200"]},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-21034"},{"type":"WEB","url":"https://github.com/argoproj/argo-cd/issues/470"},{"type":"WEB","url":"https://github.com/argoproj/argo-cd/pull/3088"},{"type":"WEB","url":"https://github.com/argoproj/argo-cd/commit/916d4aed5775fead4ab75f47c1d352cd0e73b815"},{"type":"PACKAGE","url":"https://github.com/argoproj/argo-cd"},{"type":"WEB","url":"https://github.com/argoproj/argo-cd/blob/a1afe44066fcd0a0ab90a02a23177164bbad42cf/util/diff/diff.go#L399"},{"type":"WEB","url":"https://www.soluble.ai/blog/argo-cves-2020"}],"affected":[{"package":{"name":"github.com/argoproj/argo-cd","ecosystem":"Go","purl":"pkg:golang/github.com/argoproj/argo-cd"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.5.0-rc1"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-xj7v-c82w-92q2/GHSA-xj7v-c82w-92q2.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}