Name of the Vulnerable Software and Affected Versions: Argo CD versions prior to 2.13.4 Argo CD versions prior to 2.12.10 Argo CD versions prior to 2.11.13

Description: A vulnerability was discovered that exposes secret values in error messages and the diff view when an invalid Kubernetes Secret resource is synced from a repository. This issue can be exploited by a user with write access to the repository, who can commit an invalid Secret and trigger a Sync, intentionally or unintentionally. Once exploited, any user with read access to Argo CD can view the exposed secret data.

Recommendations: For versions prior to 2.13.4, update to version 2.13.4 or later. For versions prior to 2.12.10, update to version 2.12.10 or later. For versions prior to 2.11.13, update to version 2.11.13 or later.