
We found results for “”
WS-2021-0352
Date: August 19, 2025
Vulnerable versions of argo-workflows are 3.0.0 through 3.0.8, and 3.1.0 through 3.1.5. Fixed in versions 3.0.9 and 3.1.6 of argo-workflows by generating TLS Certificates on startup and only keep in memory. The Argo Server's keys are packaged within the image. They could be extracted and used to decrypt traffic, or forge requests.
Language: Go
Severity Score
Severity Score
Weakness Type (CWE)
Cleartext Transmission of Sensitive Information
CWE-319CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | HIGH |
User Interaction (UI): | NONE |
Scope (S): | CHANGED |
Confidentiality (C): | LOW |
Integrity (I): | NONE |
Availability (A): | NONE |