Summary The CVE allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. Details Unauthenticated Access: Endpoint: /api/v1/settings Description: This endpoint is accessible without any form of authentication as expected. All sensitive settings are hidden except passwordPattern. Patches A patch for this vulnerability has been released in the following Argo CD versions: v2.11.3 v2.10.12 v2.9.17 Impact Unauthenticated Access: Type: Unauthorized Information Disclosure. Affected Parties: All users and administrators of the Argo CD instance. Potential Risks: Exposure of sensitive configuration data, including but not limited to deployment settings, security configurations, and internal network…Read More