Home > Vulnerability Database > WS-2021-0352

Mend.io Vulnerability Database

WS-2021-0352

Good to know:

Date: August 24, 2021

Vulnerable versions of argo-workflows are 3.0.0 through 3.0.8, and 3.1.0 through 3.1.5. Fixed in versions 3.0.9 and 3.1.6 of argo-workflows by generating TLS Certificates on startup and only keep in memory. The Argo Server's keys are packaged within the image. They could be extracted and used to decrypt traffic, or forge requests.

Language: Go

Severity Score

3.0

Related Resources (2)

Url: https://github.com/argoproj/argo-workflows/commit/478d794693b3a965e3ba587da2c67e5e1effa418

Url: https://www.mend.io/vulnerability-database/WS-2021-0352

Severity Score

3.0

Weakness Type (CWE)

Cleartext Transmission of Sensitive Information

CWE-319

Top Fix

Upgrade Version

Upgrade to version v3.0.9,v3.1.6

Learn More

CVSS v3.1

Base Score:	3.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2021-0352

Good to know:

Date: August 24, 2021

Language: Go

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?