Summary
The CVE allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication.
Details
Unauthenticated Access:
Endpoint: /api/v1/settings
Description: This endpoint is accessible without any form of authentication as expected. All sensitive settings are hidden except passwordPattern.
Patches
A patch for this vulnerability has been released in the following Argo CD versions:
v2.11.3
v2.10.12
v2.9.17
Impact
Unauthenticated Access:
- Type: Unauthorized Information Disclosure.
- Affected Parties: All users and administrators of the Argo CD instance.
- Potential Risks: Exposure of sensitive configuration data, including but not limited to deployment settings, security configurations, and internal network information.
moshikoHassan Reporter
Summary
The CVE allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication.
Details
Unauthenticated Access:
Endpoint: /api/v1/settings
Description: This endpoint is accessible without any form of authentication as expected. All sensitive settings are hidden except
passwordPattern.Patches
A patch for this vulnerability has been released in the following Argo CD versions:
v2.11.3
v2.10.12
v2.9.17
Impact
Unauthenticated Access: