Argoproj

Argo Workflows

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2026-31892

Exploit
  • EPSS 0.04%
  • Veröffentlicht 11.03.2026 15:41:14
  • Zuletzt bearbeitet 17.03.2026 19:17:55

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowT...

7.5

CVE-2026-28229

Exploit
  • EPSS 0.04%
  • Veröffentlicht 11.03.2026 15:37:47
  • Zuletzt bearbeitet 20.03.2026 14:27:59

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates (and ClusterWorkflowTemplates). An...

5.4

CVE-2026-23960

Exploit
  • EPSS 0.05%
  • Veröffentlicht 21.01.2026 22:15:50
  • Zuletzt bearbeitet 17.02.2026 16:56:21

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.6.17 and 3.7.8, stored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScri...

7.5

CVE-2025-66626

Exploit
  • EPSS 0.09%
  • Veröffentlicht 09.12.2025 20:19:14
  • Zuletzt bearbeitet 19.12.2025 19:14:03

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions 3.6.13 and below and versions 3.7.0 through 3.7.4, contain unsafe untar code that handles symbolic links in archives. Concretely...

6.5

CVE-2025-62157

  • EPSS 0.03%
  • Veröffentlicht 14.10.2025 15:16:12
  • Zuletzt bearbeitet 06.02.2026 20:49:29

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 expose artifact repository credentials in plaintext in workflow-...

8.8

CVE-2025-62156

Exploit
  • EPSS 0.13%
  • Veröffentlicht 14.10.2025 14:52:44
  • Zuletzt bearbeitet 06.02.2026 20:49:29

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During ...

7.5

CVE-2024-53862

Exploit
  • EPSS 0.24%
  • Veröffentlicht 02.12.2024 16:15:14
  • Zuletzt bearbeitet 06.02.2026 20:49:29

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using `--auth-mode=client`, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: `/api/v1...

4.8

CVE-2024-47827

  • EPSS 0.15%
  • Veröffentlicht 28.10.2024 16:15:03
  • Zuletzt bearbeitet 06.02.2026 20:49:29

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Due to a race condition in a global variable in 3.6.0-rc1, the argo workflows controller can be made to crash on-command by any user with...

7.1

CVE-2022-29164

  • EPSS 0.33%
  • Veröffentlicht 06.05.2022 00:15:07
  • Zuletzt bearbeitet 06.02.2026 20:49:29

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact containing an HTML file that contains a script whic...

6.5

CVE-2021-37914

Exploit
  • EPSS 0.27%
  • Veröffentlicht 03.08.2021 00:15:08
  • Zuletzt bearbeitet 13.02.2026 21:46:43

In Argo Workflows through 3.1.3, if EXPRESSION_TEMPLATES is enabled and untrusted users are allowed to specify input parameters when running workflows, an attacker may be able to disrupt a workflow because expression template output is evaluated.