Insufficient Session Expiration
Discription
github.com/argoproj/argo-cd is vulnerable to Insufficient Session Expiration. The vulnerability exists because web terminal sessions in the library do not expire, which allows an attacker to send a websocket messages even if the token has already expired, leading to sensitive information disclosure, or unauthorized actions.Read More
References
Back to Main