CVE-2020-11576 · CVEKit

cve.orgen

247 chars

Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed attackers to determine the usernames of valid (non-SSO) accounts because /api/v1/session returned 401 for an existing username and 404 otherwise.

NVDen

247 chars

Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed attackers to determine the usernames of valid (non-SSO) accounts because /api/v1/session returned 401 for an existing username and 404 otherwise.

OSV.deven

61 chars

Observable Discrepancy in Argo in github.com/argoproj/argo-cd

GHSAen

366 chars

Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed attackers to determine the usernames of valid (non-SSO) accounts because /api/v1/session returned 401 for an existing username and 404 otherwise. ### Specific Go Packages Affected github.com/argoproj/argo-cd/util/session github.com/argoproj/argo-cd/server/session

NVDes

295 chars

Arreglado en v1.5.1, Argo versión v1.5.0 era vulnerable a una vulnerabilidad de enumeración de usuarios que permitía a los atacantes determinar los nombres de usuario de cuentas válidas (no SSO) porque / api / v1 / session devolvió 401 para un nombre de usuario existente y 404 de lo contrario .

CVSS metrics across sources

3

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.1	Primary	NVD	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N