A flaw was found in argocd. Any unprivileged user is able to deploy argocd in their namespace and with the created ServiceAccount argocd-argocd-server, the unprivileged user is able to read all resources of the cluster including all secrets which might enable privilege escalations. The highest threat from this vulnerability is to data confidentiality.
History

Wed, 07 Aug 2024 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Argoproj
Argoproj argo Cd
CPEs cpe:2.3:a:linuxfoundation:argo-cd:*:*:*:*:*:*:*:* cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*
Vendors & Products Linuxfoundation
Linuxfoundation argo-cd
Argoproj
Argoproj argo Cd

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2022-02-16T16:37:57

Updated: 2024-08-03T17:01:07.314Z

Reserved: 2021-05-19T00:00:00

Link: CVE-2021-3557

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-02-16T17:15:11.177

Modified: 2024-11-21T06:21:50.717

Link: CVE-2021-3557

cve-icon Redhat

Severity : Important

Publid Date: 2021-05-19T00:00:00Z

Links: CVE-2021-3557 - Bugzilla