Home > Vulnerability Database > CVE-2021-23135

Mend.io Vulnerability Database

CVE-2021-23135

Date: May 12, 2021

Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. This issue affects Argo CD 1.8 versions prior to 1.8.7; 1.7 versions prior to 1.7.14.

Language: Go

Severity Score

5.9

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-23135

Url: https://github.com/argoproj/argo-cd/security/advisories/GHSA-fp89-h8pj-8894

Url: https://www.mend.io/vulnerability-database/CVE-2021-23135

Severity Score

5.9

Weakness Type (CWE)

Exposure of Resource to Wrong Sphere

CWE-668

Generation of Error Message Containing Sensitive Information

CWE-209

Exposure of Sensitive System Information to an Unauthorized Control Sphere

CWE-497

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-23135

Date: May 12, 2021

Language: Go

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?