DescriptionA flaw was found in ArgoCD. An improper authorization bug may allow an attacker to update at least one cluster secret, enabling them to change any other cluster secret. The attacker must know the URL for the targeted cluster and additionally it should be authenticated within the ArgoCD API server with enough privileges to update at least one cluster. A successful attack may lead to privilege escalations or denial of service.A flaw was found in ArgoCD. An improper authorization bug may allow an attacker to update at least one cluster secret, enabling them to change any other cluster secret. The attacker must know the URL for the targeted cluster and additionally it should be authenticated within the ArgoCD API server with enough privileges to update at least one cluster. A successful attack may lead to privilege escalations or denial of service.
Unless explicitly stated as not affected, all previous versions of packages in any minor update stream of a product listed here should be assumed vulnerable, although may not have been subject to full analysis.
Vulmon