cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-26921,https://securityvulnerability.io/vulnerability/CVE-2021-26921,,"In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled.",Linux,Argo Continuous Delivery,6.5,MEDIUM,0.0011500000255182385,false,,false,false,false,,,false,false,,2021-02-09T14:08:55.000Z,0
CVE-2018-21034,https://securityvulnerability.io/vulnerability/CVE-2018-21034,,"In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were stored within git.",Linux,Argo Continuous Delivery,6.5,MEDIUM,0.00215999991632998,false,,false,false,false,,,false,false,,2020-04-09T16:18:37.000Z,0
CVE-2020-8828,https://securityvulnerability.io/vulnerability/CVE-2020-8828,,"As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or logs, this issue could be abused for privilege escalation, as Argo has privileged roles. A malicious insider is the most realistic threat, but pod names are not meant to be kept secret and could wind up just about anywhere.",Linux,Argo Continuous Delivery,8.8,HIGH,0.009759999811649323,false,,false,false,false,,,false,false,,2020-04-08T19:49:14.000Z,0
CVE-2020-8827,https://securityvulnerability.io/vulnerability/CVE-2020-8827,,"As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence.",Linux,Argo Continuous Delivery,7.5,HIGH,0.002400000113993883,false,,false,false,false,,,false,false,,2020-04-08T19:43:40.000Z,0
CVE-2020-8826,https://securityvulnerability.io/vulnerability/CVE-2020-8826,,"As of v1.5.0, the Argo web interface authentication system issued immutable tokens. Authentication tokens, once issued, were usable forever without expiration—there was no refresh or forced re-authentication.",Linux,Argo Continuous Delivery,7.5,HIGH,0.004980000201612711,false,,false,false,false,,,false,false,,2020-04-08T19:38:54.000Z,0
CVE-2020-11576,https://securityvulnerability.io/vulnerability/CVE-2020-11576,,"Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed attackers to determine the usernames of valid (non-SSO) accounts because /api/v1/session returned 401 for an existing username and 404 otherwise.",Linux,Argo Continuous Delivery,5.3,MEDIUM,0.0011500000255182385,false,,false,false,false,,,false,false,,2020-04-08T17:40:50.000Z,0