Any unprivileged user is able to deploy argocd in his namespace and with the created ServiceAccount argocd-argocd-server, the unprivileged user is able to read all resources of the cluster like all secrets which might enable privilege escalations.
Any unprivileged user is able to deploy argocd in his namespace and with the created ServiceAccount argocd-argocd-server, the unprivileged user is able to read all resources of the cluster like all secrets which might enable privilege escalations.
https://bugzilla.redhat.com/show_bug.cgi?id=1961929