Home > Vulnerability Database > WS-2021-0352

Mend.io Vulnerability Database

WS-2021-0352

Date: August 19, 2025

Vulnerable versions of argo-workflows are 3.0.0 through 3.0.8, and 3.1.0 through 3.1.5. Fixed in versions 3.0.9 and 3.1.6 of argo-workflows by generating TLS Certificates on startup and only keep in memory. The Argo Server's keys are packaged within the image. They could be extracted and used to decrypt traffic, or forge requests.

Language: Go

Severity Score

3.0

Related Resources (3)

Url: https://github.com/argoproj/argo-workflows/commit/478d794693b3a965e3ba587da2c67e5e1effa418

Url: https://github.com/argoproj/argo-workflows/security/advisories/GHSA-6c73-2v8x-qpvm

Url: https://www.mend.io/vulnerability-database/WS-2021-0352

Severity Score

3.0

Weakness Type (CWE)

Cleartext Transmission of Sensitive Information

CWE-319

CVSS v3.1

Base Score:	3.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2021-0352

Date: August 19, 2025

Language: Go

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?