Home > Vulnerability Database > WS-2021-0352

Mend.io Vulnerability Database

WS-2021-0352

Date: August 19, 2025

Vulnerable versions of argo-workflows are 3.0.0 through 3.0.8, and 3.1.0 through 3.1.5. Fixed in versions 3.0.9 and 3.1.6 of argo-workflows by generating TLS Certificates on startup and only keep in memory. The Argo Server's keys are packaged within the image. They could be extracted and used to decrypt traffic, or forge requests.

Language: Go

Severity Score

9.8

Related Resources (3)

Url: https://github.com/argoproj/argo-workflows/commit/478d794693b3a965e3ba587da2c67e5e1effa418

Url: https://github.com/argoproj/argo-workflows/security/advisories/GHSA-6c73-2v8x-qpvm

Url: https://www.mend.io/vulnerability-database/WS-2021-0352

Severity Score

9.8

Weakness Type (CWE)

Cleartext Transmission of Sensitive Information

CWE-319

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2021-0352

Date: August 19, 2025

Language: Go

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?