Lucene search
K

1131 matches found

OSV
OSV
added 2026/03/11 7:29 p.m.5 views

GHSA-3WF5-G532-RCRR Argo Workflows: WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode

Summary A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in their Workflow submission. This works even when the controller is configured with templateReferencing: Strict, which is specifically documented as...

8.9CVSS5.8AI score0.00413EPSS
Exploits1References3
Chainguard
Chainguard
added 2026/03/11 7:17 p.m.7 views

CVE-2022-29164 vulnerabilities

Vulnerabilities for packages: argo-workflows-fips, argo-workflows...

7.1CVSS7AI score0.0086EPSS
Exploits0
Chainguard
Chainguard
added 2026/03/11 7:17 p.m.5 views

GHSA-CMV8-6362-R5W9 vulnerabilities

Vulnerabilities for packages: argo-workflows-fips, argo-workflows...

5.9AI score
Exploits0
NVD
NVD
added 2026/03/11 4:16 p.m.5 views

CVE-2026-31892

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in...

9.9CVSS0.00413EPSS
Exploits1References5
NVD
NVD
added 2026/03/11 4:16 p.m.3 views

CVE-2026-28229

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates and ClusterWorkflowTemplates. Any request with a Authorization: Bearer nothing...

9.8CVSS0.00652EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/11 3:41 p.m.5 views

CVE-2026-31892

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in...

8.9CVSS5.8AI score0.00413EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/11 3:41 p.m.5 views

CVE-2026-31892 WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in...

8.9CVSS5.8AI score0.00413EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/11 3:41 p.m.31 views

CVE-2026-31892 WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in...

8.9CVSS0.00413EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/11 3:41 p.m.6 views

CVE-2026-31892 WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in...

8.9CVSS5.8AI score0.00413EPSS
Exploits1References1
CVE
CVE
added 2026/03/11 3:41 p.m.19 views

CVE-2026-31892

CVE-2026-31892 affects Argo Workflows (open-source Kubernetes workflow engine). A user who can submit a Workflow can bypass security settings defined in a referenced WorkflowTemplate by submitting a podSpecPatch in the Workflow, taking precedence during spec merging and applying to the pod with n...

9.9CVSS5.8AI score0.00413EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/11 3:37 p.m.1 views

CVE-2026-28229 Argo Workflows has unauthorized access to Argo Workflows Template

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates and ClusterWorkflowTemplates. Any request with a Authorization: Bearer nothing...

9.8CVSS5.8AI score0.00652EPSS
Exploits1References1
OSV
OSV
added 2026/03/11 3:37 p.m.4 views

CVE-2026-28229 Argo Workflows has unauthorized access to Argo Workflows Template

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates and ClusterWorkflowTemplates. Any request with a Authorization: Bearer nothing...

9.8CVSS5.8AI score0.00652EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/11 3:37 p.m.2 views

CVE-2026-28229

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates and ClusterWorkflowTemplates. Any request with a Authorization: Bearer nothing...

9.8CVSS5.8AI score0.00652EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/11 3:37 p.m.27 views

CVE-2026-28229 Argo Workflows has unauthorized access to Argo Workflows Template

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates and ClusterWorkflowTemplates. Any request with a Authorization: Bearer nothing...

9.8CVSS0.00652EPSS
Exploits1References1
CVE
CVE
added 2026/03/11 3:37 p.m.26 views

CVE-2026-28229

Argo Workflows (open source container-native workflow engine for Kubernetes) is affected prior to version 4.0.2 and 3.7.11. The vulnerability affects the WorkflowTemplates and ClusterWorkflowTemplates endpoints, allowing any client with an Authorization: Bearer nothing token to retrieve sensitive...

9.8CVSS5.8AI score0.00652EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/03/11 2:49 p.m.2 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the workflowtemplateserver and clusterworkflowtemplateserver components. An attacker can obtain sensitive information, such as embedded secrets and resource manifests, by sending unauthorized requests with a...

9.8CVSS5.8AI score0.00652EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/11 2:49 p.m.5 views

EUVD-2026-11196

Unauthorized access to Argo Workflows Template...

9.8CVSS5.8AI score0.00652EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/11 2:49 p.m.7 views

Unauthorized access to Argo Workflows Template

Summary Workflow templates endpoints allow any client to retrieve WorkflowTemplates and ClusterWorkflowTemplates. Any request with a Authorization: Bearer nothing token can leak sensitive template content, including embedded Secret manifests. Details...

9.8CVSS5.8AI score0.00652EPSS
Exploits1References6Affected Software2
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.7 views

Argo Workflows 安全漏洞

Argo Workflows is an open-source container-native workflow engine for Kubernetes, part of the Argo project. Versions prior to Argo Workflows 4.0.2 and 3.7.11 contained security vulnerabilities. These vulnerabilities stemmed from the ability for users to bypass all security settings in the...

8.9CVSS7.3AI score0.00413EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.6 views

PT-2026-24701

Name of the Vulnerable Software and Affected Versions Argo Workflows versions 2.9.0 through 4.0.1 Argo Workflows version 3.7.11 Description Argo Workflows is a container-native workflow engine for Kubernetes. A user who can submit Workflows can bypass security settings defined in a WorkflowTempla...

9.1CVSS7.1AI score0.00505EPSS
Exploits10References139
Rows per page
Query Builder