Argo CD Critical Vulnerability

A critical vulnerability in Argo CD allows low-privileged API tokens to retrieve all associated repository credentials, bypassing isolation mechanisms, enabling tokens with even basic 'get' permissions to access sensitive usernames and passwords. Exploitation can lead to cloning private codebases, injecting malicious manifests, and supply chain attacks, affecting all Argo CD versions up to 2.13.0.

Latest mentioned: 09-08

Earliest mentioned: 09-05