The Application CRD outside configured namespace in Argo CD will be reconciled.
The following is how to reproduce the vulnerability:
apps-in-any-namespace
and sharding
features.Attacker can use Argo CD permission to deploy resources in Kubernetes.