Argo CD reconciles apps outside configured namespaces when sharding is enabled
High
Vulnerability Details
The Application CRD outside configured namespace in Argo CD will be reconciled.
The following is how to reproduce the vulnerability:
* Enable `apps-in-any-namespace` and `sharding` features.
* Create an Application CRD in namespace not configured in Argo CD.
* Update the Application CRD, and Argo CD will reconcile the Application CRD, despite not in configured namespace.
## Impact
Attacker can use Argo CD permission to deploy resources in Kubernetes.
Actions
View on HackerOneReport Stats
- Report ID: 1847140
- State: Closed
- Substate: resolved
- Upvotes: 16