Apache Airflow Remote Code Execution Vulnerability (CNVD-2022-59057)

Apache Airflow is an open source platform for creating, managing and monitoring workflows from the Apache Foundation. The platform is scalable and dynamically monitored, etc. A remote code execution vulnerability exists in versions of Apache Airflow prior to 3.0.0. The vulnerability stems from th...

How Microsoft Purview and Priva support the partner ecosystem

Today, many enterprise organizations are multicloud and multiplatform. Critical enterprise data is located across clouds and platforms, requiring security and compliance no matter where it lives. To solve the complexity that comes with these environments, organizations have invested in multiple...

Malicious HTML+XHR Artifact Privilege Escalation in Argo Workflows

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. The attacker creates a workflow that produces a HTML artifact that contains a HTML file that contains a script which uses XHR calls to interact with the Argo Server API. The attacker...

GHSA-CMV8-6362-R5W9 Malicious HTML+XHR Artifact Privilege Escalation in Argo Workflows

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. The attacker creates a workflow that produces a HTML artifact that contains a HTML file that contains a script which uses XHR calls to interact with the Argo Server API. The attacker...

Malicious HTML+XHR Artifact Privilege Escalation in Argo Workflows

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact containing an HTML file that contains a script which uses XHR calls to interact with the Argo Serv...

Privilege Escalation

github.com/argoproj/argo-workflows is vulnerable to privilege escalation. An attacker can create a workflow through the newHTTPServer function of argoserver.go that produces an HTML artifact and makes XRL calls to the Argo Server API by using a script, allowing the attacker to send malicious emai...

CVE-2022-29164

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact containing an HTML file that contains a script which uses XHR calls to interact with the Argo Serv...

Hardcoded credentials

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact containing an HTML file that contains a script which uses XHR calls to interact with the Argo Serv...

Argo Workflows 安全漏洞

Argo Workflows is an open source container-native workflow engine for Kubernetes from the Cloud Native Computing Foundation. A security vulnerability exists in Argo Workflows. An attacker can trick a victim into creating or deleting workflows through deception...

CVE-2022-29164

Affected software: Argo Workflows (Kubernetes) Vulnerability summary: An attacker can craft a HTML artifact in a workflow that contains a script using XHR to interact with the Argo Server API. The attacker emails a link to the deep-link artifact; when opened by a victim, the script executes with ...

CVE-2022-29164 Privilege Escalation in argo-workflows

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact containing an HTML file that contains a script which uses XHR calls to interact with the Argo Serv...

CVE-2022-29164 Privilege Escalation in argo-workflows

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact containing an HTML file that contains a script which uses XHR calls to interact with the Argo Serv...

CVE-2022-29164 Privilege Escalation in argo-workflows

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact containing an HTML file that contains a script which uses XHR calls to interact with the Argo Serv...

nuclei-templates

This repository is an offensive tool for nuclei templates. It is a community-driven collection of templates for the nuclei engine to find security vulnerabilities in applications. The repository contains various templates, including CVEs, and is maintained by the projectdiscovery team. The...

PT-2022-19423

Name of the Vulnerable Software and Affected Versions Argo Workflows versions prior to the fixed version Description Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions, an attacker can create a workflow that produc...

vulhub

This repository is an offensive tool for web application security training and testing. It is a collection of vulnerable web applications, each designed to demonstrate a specific web application security vulnerability. The repository includes various web applications, such as CouchDB, Git, and...

Shopify: Staff can create workflows in Shopify Admin without apps permission

Summary: add summary of the vulnerability According to publicly available docs, Flow can be accessed in two ways. 1. through the Shopify organization admin Shopify plus 2. by installing the Shopify Flow app. I stumbled on /admin/internal/web/graphql/flow endpoint which is accessible to a staff...

ai.h2o:h2o-clustering (>=3.32.1.1 <=3.44.0.2), ai.h2o:h2o-k8s (>=3.30.0.2 <=3.44.0.2) +211 more potentially affected by CVE-2022-21230 via org.nanohttpd:nanohttpd (>=2.2.0 <=2.3.1)

org.nanohttpd:nanohttpd MAVEN version =2.2.0, =3.32.1.1, =3.30.0.2, =3.34.0.3, =1.0.0, =1.0.0, =1.0.0, =3.8, =1.0, =1.1, =0.2.22, =0.2.22, =0.4.15 and more Source cves: CVE-2022-21230 Source advisory: SNYK:JAVA-ORGNANOHTTPD-2422798...

The Unbearable Lightness of Unaudited Supply Chains

An acute need expressed by a majority of CISOs at a roundtable in Italy sparks an idea to use one of our lesser-known compliance apps to manage supply chain security assurance efforts. In the 1984 novel The Unbearable Lightness of Being, author Milan Kundera ponders the fleeting nature of man’s...

Vulnerability Remediation: It’s Not Just Patching

Vulnerability does not equal a patch, as such remediating a detected vulnerability requires deploying the right patches and, in some cases, making the right configuration changes. Using multiple tools to detect, map and deploy the right remediation actions is time consuming and will result in les...