User Impersonation Via Anonymous Access

github.com/argoproj/argo-cd is vulnerable to user impersonation. An attacker is able to send an invalid JSON Web Token (JWT) along with a request if anonymous access to the Argo CD instance is enabled, allowing an unauthenticated user to get access with same privilege, create, manipulate and delete any resource on the cluster.Read More