CVE-2021-3557
MEDIUMArgo CD < 1.1.1 - Unauthenticated Cluster Resource and Secret Exposure via ServiceAccount
Title source: llmDescription
A flaw was found in argocd. Any unprivileged user is able to deploy argocd in their namespace and with the created ServiceAccount argocd-argocd-server, the unprivileged user is able to read all resources of the cluster including all secrets which might enable privilege escalations. The highest threat from this vulnerability is to data confidentiality.
References (1)
Core 1
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1961929
Scores
CVSS v3
6.5
EPSS
0.0075
EPSS Percentile
50.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-732
Status
published
Products (2)
argoproj/argo_cd
< 1.1.1
redhat/openshift_gitops
1.1
Published
Feb 16, 2022
Tracked Since
Feb 18, 2026