CVE-2021-3557

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-3557

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3557.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-3557

Published

2022-02-16T17:15:11.177Z

Modified

2026-03-14T11:00:54.945910Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in argocd. Any unprivileged user is able to deploy argocd in their namespace and with the created ServiceAccount argocd-argocd-server, the unprivileged user is able to read all resources of the cluster including all secrets which might enable privilege escalations. The highest threat from this vulnerability is to data confidentiality.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1961929

Affected packages

Git / github.com/argoproj/argo-cd

Affected ranges

Type

GIT

Repo

https://github.com/argoproj/argo-cd

Events

Introduced

Fixed

8544bef56b8bee19e73a71b2d10ccd64156dd72c

Introduced

Last affected

c48712d988320b7dbe6eb6b478a225cc6c385248

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.1.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.1"
        }
    ]
}

Affected versions

v0.*

v0.1.0

v0.2.0

v0.3.0

v0.3.1

v0.3.2

v0.3.3

v0.4.0

v0.4.0-alpha1

v0.4.1

v0.4.2

v0.4.3

v0.4.4

v0.4.5

v0.5.0

v0.5.1

v0.5.2

v0.6.0

v0.6.1

v0.7.0

v0.7.1

v0.8.0

v1.*

v1.1.0

v1.1.0-rc1

v1.1.0-rc2

v1.1.0-rc3

v1.1.0-rc4

v1.1.0-rc5

v1.1.0-rc6

v1.1.0-rc7

v1.1.0-rc8

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3557.json"