Moshikohassan

**Name of the Vulnerable Software and Affected Versions** Argo CD versions prior to 2.11.3 Argo CD versions prior to 2.10.12 Argo CD versions prior to 2.9.17 **Description** The issue is related to insufficient authentication procedures when handling the "/api/v1/settings" endpoint, allowing unauthorized access to sensitive settings. All sensitive settings are hidden except `passwordPattern`. This could potentially expose sensitive configuration data, including deployment settings, security configurations, and internal network information. **Recommendations** For versions prior to 2.11.3, update to version 2.11.3 or later. For versions prior to 2.10.12, update to version 2.10.12 or later. For versions prior to 2.9.17, update to version 2.9.17 or later. As a temporary workaround, consider restricting access to the "/api/v1/settings" endpoint until a patch is applied.