User Impersonation Via Anonymous Access
Discription

github.com/argoproj/argo-cd is vulnerable to user impersonation. An attacker is able to send an invalid JSON Web Token (JWT) along with a request if anonymous access to the Argo CD instance is enabled, allowing an unauthenticated user to get access with same privilege, create, manipulate and delete any resource on the cluster.Read More

Back to Main

Subscribe for the latest news: