1096 matches found
GO-2024-3303 Argo Workflows Allows Access to Archived Workflows with Fake Token in `client` mode in github.com/argoproj/argo-workflows
Argo Workflows Allows Access to Archived Workflows with Fake Token in client mode in github.com/argoproj/argo-workflows...
CVE-2024-53862
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using --auth-mode=client, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: /api/v1/workflows/namespace/name or when using...
CVE-2024-53862 vulnerabilities
Vulnerabilities for packages: argo-workflows, argo-workflows-fips...
CVE-2024-53862 vulnerabilities
Vulnerabilities for packages: argo-workflows...
CVE-2024-53862 Argo Workflows Allows Access to Archived Workflows with Fake Token in `client` mode
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using --auth-mode=client, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: /api/v1/workflows/namespace/name or when using...
CVE-2024-53862
CVE-2024-53862 affects Argo Workflows (Kubernetes) where, in --auth-mode=client, archived workflows could be retrieved with a fake token due to a missing auth check, and in --auth-mode=sso all archived workflows could be retrieved with a valid token. The vaulting component that should validate to...
CVE-2024-53862 Argo Workflows Allows Access to Archived Workflows with Fake Token in `client` mode
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using --auth-mode=client, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: /api/v1/workflows/namespace/name or when using...
CVE-2024-53862 Argo Workflows Allows Access to Archived Workflows with Fake Token in `client` mode
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using --auth-mode=client, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: /api/v1/workflows/namespace/name or when using...
Argo Workflows 安全漏洞
Argo Workflows is an open source container-native workflow engine for Kubernetes from the Argo project. A security vulnerability exists in Argo Workflows 3.5.7 and earlier versions, which stems from an accidental removal of privilege checks when accessing the GET Workflow endpoint for archived...
PT-2024-35960
Name of the Vulnerable Software and Affected Versions: Argo Workflows versions 3.5.7 through 3.5.8 Description: Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using --auth-mode=client, archived workflows can be retrieved with ...
How Is API Abuse Different from Web Application Attacks by Bots?
API abuse and web application bot attacks are often confused. This is understandable, as both involve automated interactions and are usually executed by bots. Both attack vectors are prevalent; criminals are always eager to disrupt the foundations on which businesses base their operations to...
Deloitte’s Cyber Cloud Managed Services (CCMS) - Enhance cyber posture with AWS and Wiz
Discover how Deloitte’s CCMS, powered by Wiz, enhances AWS cloud security with automated workflows, democratized risk management, and streamlined remediation to protect modern cloud environments...
CVE-2024-52799
Argo Workflows Chart is used to set up argo and its needed dependencies through one command. Prior to 0.44.0, the workflow-role has excessive privileges, the worst being create pods/exec, which will allow kubectl exec into any Pod in the same namespace, i.e. arbitrary code execution within those...
CVE-2024-52799
Argo Workflows Chart (Helm) prior to 0.44.0 has a vulnerable workflow-role with excessive privileges, including create pods/exec, enabling kubectl exec into any Pod in the same namespace and potentially arbitrary code execution if a user runs a malicious template. Affected charts are those using ...
CVE-2024-52799 Argo Workflows Chart: Excessive Privileges in Workflow Role
Argo Workflows Chart is used to set up argo and its needed dependencies through one command. Prior to 0.44.0, the workflow-role has excessive privileges, the worst being create pods/exec, which will allow kubectl exec into any Pod in the same namespace, i.e. arbitrary code execution within those...
CVE-2024-52799 Argo Workflows Chart: Excessive Privileges in Workflow Role
Argo Workflows Chart is used to set up argo and its needed dependencies through one command. Prior to 0.44.0, the workflow-role has excessive privileges, the worst being create pods/exec, which will allow kubectl exec into any Pod in the same namespace, i.e. arbitrary code execution within those...
CVE-2024-52799 Argo Workflows Chart: Excessive Privileges in Workflow Role
Argo Workflows Chart is used to set up argo and its needed dependencies through one command. Prior to 0.44.0, the workflow-role has excessive privileges, the worst being create pods/exec, which will allow kubectl exec into any Pod in the same namespace, i.e. arbitrary code execution within those...
Argo Workflows 安全漏洞
Argo Workflows is an open source container-native workflow engine for Kubernetes from the Argo project. A security vulnerability exists in Argo Workflows versions prior to 0.44.0, which stems from the workflow-role having excessive privileges, which can lead to the execution of arbitrary code...
PT-2024-35450 · Unknown · Argo Workflows Chart
Name of the Vulnerable Software and Affected Versions: Argo Workflows Chart versions prior to 0.44.0 Description: The workflow-role in the Argo Workflows Chart has excessive privileges, including the ability to create pods/exec, which allows for arbitrary code execution within pods in the same...
Researchers Warn of Privilege Escalation Risks in Google's Vertex AI ML Platform
Cybersecurity researchers have disclosed two security flaws in Google's Vertex machine learning ML platform that, if successfully exploited, could allow malicious actors to escalate privileges and exfiltrate models from the cloud. "By exploiting custom job permissions, we were able to escalate ou...