4.6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:P/I:P/A:P
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
62.3%
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes.
As the script has access to the Argo Server API (as the victim), so may do the following (if the victim may):
Notes:
We have seen no evidence of this in the wild. While the impact is high, it is very hard to exploit.
We urge all users to upgrade to the fixed versions. Disabling the Argo Server is the only known workaround. Note version 2.12 has been out of support for sometime. No fix is currently planned.
4.6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:P/I:P/A:P
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
62.3%