github.com/argoproj/argo-cd is vulnerable to Cross-site Request Forgery (CSRF). The vulnerability is due to a lack of strict content type validation for API requests. It accepts requests with non-JSON content types like text/plain, which allows an attacker to bypass browser CORS policies and SameSite cookie settings resulting in a Cross-Site Request Forgery…Read More