Argo CD: Unauthorized Access Vulnerability Exposes Sensitive Settings - Proactive Insights and Support For Open-Source Applications

In Argo CD a medium severity vulnerability CVE-2024-37152 was detected. This vulnerability allows unauthorized access to sensitive settings via the /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern. The vulnerability is fixed in versions 2.11.3, 2.10.12, and 2.9.17. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37152.