CVE-2021-3557 log
| Source |
|
| Severity | High |
| Remote | No |
| Type | Information disclosure |
| Description | Any unprivileged user is able to deploy argocd in his namespace and with the created ServiceAccount argocd-argocd-server, the unprivileged user is able to read all resources of the cluster like all secrets which might enable privilege escalations. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-1973 | argocd | 2.0.1-1 | High | Not affected |
| References |
|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1961929 |