Description
Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. This issue affects Argo CD 1.8 versions prior to 1.8.7; 1.7 versions prior to 1.7.14.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://github.com/argoproj/argo-cd/security/advisories/GHSA-fp89-h8pj-8894
Scores
CVSS v3
5.9
EPSS
0.0023
EPSS Percentile
13.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Details
CWE
CWE-209
CWE-497
Status
published
Products (1)
argoproj/argo_cd
1.7.0 - 1.7.14
Published
May 12, 2021
Tracked Since
Feb 18, 2026