Internet Bug Bounty: Argo CD reconciles apps outside configured namespaces when sharding is enabled
An authorization bypass vulnerability was found in Argo CD versions 2.5.0-rc1 and later, allowing a malicious user to deploy applications outside of the configured allowed namespaces when sharding is enabled. The vulnerability was triggered when an application was updated, and the controller...