Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-3557 - log back

CVE-2021-3557 edited at 20 May 2021 13:44:30

Severity

-	Unknown
+	High

Remote

-	Unknown
+	Local

Type

-	Unknown
+	Information disclosure

Description

+	Any unprivileged user is able to deploy argocd in his namespace and with the created ServiceAccount argocd-argocd-server, the unprivileged user is able to read all resources of the cluster like all secrets which might enable privilege escalations.

References

+	https://bugzilla.redhat.com/show_bug.cgi?id=1961929

Notes

CVE-2021-3557 created at 20 May 2021 13:43:30