This vulnerability (CWE-212) in Argo CD affects versions 3.2.0 up to but not including 3.2.11 and 3.3.0 up to but not including 3.3.9. The ServerSideDiff functionality improperly handles sensitive Kubernetes Secret data, allowing it to be read in cleartext. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N) indicates network attack vector, low attack complexity, requires privileges, no user interaction, scope changed, and high confidentiality impact. The vendor has not yet provided an official fix or advisory details, and patch availability is unknown.

The vulnerability allows an attacker with some level of privileges to read sensitive Kubernetes Secret data in cleartext via the ServerSideDiff feature. This compromises confidentiality but does not affect integrity or availability of the system. The exposure of secret data could lead to further compromise depending on the secrets involved.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, limit access to Argo CD ServerSideDiff functionality to trusted users only and monitor for any suspicious activity involving secret data access. Avoid using vulnerable versions in sensitive environments if possible.