Home > Vulnerability Database > WS-2021-0121

Mend.io Vulnerability Database

WS-2021-0121

Good to know:

Date: May 21, 2021

When Argo CD was connected to a Helm OCI repository with authentication enabled, the credentials used for accessing the remote repository were logged. A patch for this vulnerability is available with the v1.8.7 and v1.7.14 releases of Argo CD. Anyone with access to the pod logs - either via access with appropriate permissions to the Kubernetes control plane or a third party log management system where the logs from Argo CD were aggregated - could have potentially obtained the credentials to the Helm OCI repository. If you are using Helm OCI repositories with Argo CD, it is strongly recommended to upgrade Argo CD to the latest patch version and to change the credentials used to access the repositories.

Language: Go

Severity Score

6.6

Related Resources (2)

Url: https://github.com/argoproj/argo-cd/security/advisories/GHSA-6w87-g839-9wv7

Url: https://www.mend.io/vulnerability-database/WS-2021-0121

Severity Score

6.6

Weakness Type (CWE)

Insufficiently Protected Credentials

CWE-522

Top Fix

Upgrade Version

Upgrade to version argo-cd - 1.7.14,1.8.7

Learn More

CVSS v3.1

Base Score:	6.6
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2021-0121

Good to know:

Date: May 21, 2021

Language: Go

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?