ArgoCD vulnerability
ArgoCD ServerSideDiff Secret Extraction: Read-Only Users Can Pull Plaintext Credentials from Kubernetes
The Vulnerability: What Happened ArgoCD has a feature called ServerSideDiff that compares what's currently deployed in Kubernetes with what you're trying to deploy. It's supposed to show you the diff before you apply changes—super useful. The problem is straightforward: this endpoint returns unmasked