Lucene search

K

Veracode Vulnerability DatabaseVERACODE:39098

HistoryFeb 03, 2023 - 7:29 a.m.

Improper Authorization

2023-02-0307:29:48

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

19

github

argo-cd

vulnerability

improper authorization

tokens

api

security

EPSS

0.001

Percentile

43.2%

github.com/argoproj/argo-cd is vulnerable to Improper Authorization. The library does not validate the audience claim from signed-in tokens granting a malicious user’s privileges based on the token’s group claim, even though these groups were not intended, causing the API to accept certain invalid tokens.

References

github.com/advisories/GHSA-q9hr-j4rf-8fjc

github.com/argoproj/argo-cd/commit/20c63babca50a1ab97a4f7595988c27090259e0d

github.com/argoproj/argo-cd/commit/50b9f19d3c58191954e4e06e6b299c5fa1d02317

github.com/argoproj/argo-cd/commit/79baabc8374610e177eb8fc9ddfcbcd4254c0ad7

github.com/argoproj/argo-cd/commit/8a7f8414667ba4a1673e5aa4afa851aa8ebbb3d3

github.com/argoproj/argo-cd/security/advisories/GHSA-q9hr-j4rf-8fjc

EPSS

0.001

Percentile

43.2%

Related for VERACODE:39098

osv3 hackerone1 cve1 prion1 redhatcve1 cvelist1 nvd1 github1 wallarmlab3 redhat3