Cloud security firm Apiiro has been credited with discovering and reporting the bug on January 30, 2022s. The flaw, tagged as CVE-2022-24348 (CVSS score: 7.7), affects all versions and has been addressed in versions 2.3.0, 2.2.4, and 2.1.9.0. Bad actors can exploit the vulnerability by loading a malicious Kubernetes Helm Chart YAML file onto the target system, allowing the retrieval of confidential information from other apps.”]
Source: https://thehackernews.com/2022/02/new-argo-cd-bug-could-let-hackers-steal.html