
We found results for “”
WS-2021-0351
Date: August 19, 2025
Vulnerable versions of argo-workflows are 3.0.0 through 3.0.8, and 3.1.0 through 3.1.5. Fixed in versions 3.0.9 and 3.1.6 of argo-workflows by removing client private key from client auth REST config. The client's authentication will be ignored and the server's authentication will be used. This will result in privilege escalation to that of the server's account.
Language: Go
Severity Score
Severity Score
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | HIGH |
User Interaction (UI): | NONE |
Scope (S): | CHANGED |
Confidentiality (C): | LOW |
Integrity (I): | NONE |
Availability (A): | NONE |