CVE-2021-26923

moderate-risk

Published 2021-03-15

An issue was discovered in Argo CD before 1.8.4. Accessing the endpoint /api/version leaks internal information for the system, and this endpoint is not protected with authentication.

Do I need to act?

0.54% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (1)

Argo Cd

Affected Vendors

Argoproj

References (4)

Patch https://github.com/argoproj/argo-cd/compare/v1.8.3...v1.8.4

Third Party Advisory https://github.com/argoproj/argo-cd/security/advisories/GHSA-pfgj-mh5m-2p48

Patch https://github.com/argoproj/argo-cd/compare/v1.8.3...v1.8.4

Third Party Advisory https://github.com/argoproj/argo-cd/security/advisories/GHSA-pfgj-mh5m-2p48

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 2/34 · Minimal

Exposure 5/34 · Minimal