We found results for “”
WS-2021-0121
Good to know:
Date: May 21, 2021
When Argo CD was connected to a Helm OCI repository with authentication enabled, the credentials used for accessing the remote repository were logged. A patch for this vulnerability is available with the v1.8.7 and v1.7.14 releases of Argo CD. Anyone with access to the pod logs - either via access with appropriate permissions to the Kubernetes control plane or a third party log management system where the logs from Argo CD were aggregated - could have potentially obtained the credentials to the Helm OCI repository. If you are using Helm OCI repositories with Argo CD, it is strongly recommended to upgrade Argo CD to the latest patch version and to change the credentials used to access the repositories.
Language: Go
Severity Score
Severity Score
Weakness Type (CWE)
Insufficiently Protected Credentials
CWE-522Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | LOW |