Home > Vulnerability Database > WS-2021-0351

Mend.io Vulnerability Database

WS-2021-0351

Date: August 19, 2025

Vulnerable versions of argo-workflows are 3.0.0 through 3.0.8, and 3.1.0 through 3.1.5. Fixed in versions 3.0.9 and 3.1.6 of argo-workflows by removing client private key from client auth REST config. The client's authentication will be ignored and the server's authentication will be used. This will result in privilege escalation to that of the server's account.

Language: Go

Severity Score

3.0

Related Resources (3)

Url: https://github.com/argoproj/argo-workflows/commit/96ee4d24285394b84ec52073226c01dadd205d4a

Url: https://github.com/argoproj/argo-workflows/security/advisories/GHSA-prqf-xr2j-xf65

Url: https://www.mend.io/vulnerability-database/WS-2021-0351

Severity Score

3.0

Weakness Type (CWE)

Improper Authorization

CWE-285

Improper Privilege Management

CWE-269

CVSS v3.1

Base Score:	3.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2021-0351

Date: August 19, 2025

Language: Go

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?