1092 matches found
Improper Input Validation
In Argo Workflows through 3.1.3, if EXPRESSIONTEMPLATES is enabled and untrusted users are allowed to specify input parameters when running workflows, an attacker may be able to disrupt a workflow because expression template output is evaluated...
CVE-2021-37549
In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient...
CVE-2021-37549
CVE-2021-37549 affects JetBrains YouTrack prior to version 2021.1.11111, where sandboxing in workflows was insufficient, enabling an elevation of privileges issue. The vulnerability is categorized as YouTrack – Insufficient sandboxing in workflows, with the Red Hat and CNVD entries confirming pri...
vulhub111
This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable environments and exploits for various software and frameworks, including CouchDB, FFmpeg, Git, and more. The repository is maintained by Vulhub, a community-driven project for...
Liferay Portal and Liferay DXP Licensing Issue Vulnerability
Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...
CVE-2021-37914
In Argo Workflows through 3.1.3, if EXPRESSIONTEMPLATES is enabled and untrusted users are allowed to specify input parameters when running workflows, an attacker may be able to disrupt a workflow because expression template output is evaluated...
CVE-2021-37914
In Argo Workflows through 3.1.3, if EXPRESSIONTEMPLATES is enabled and untrusted users are allowed to specify input parameters when running workflows, an attacker may be able to disrupt a workflow because expression template output is evaluated...
Code injection
In Argo Workflows through 3.1.3, if EXPRESSIONTEMPLATES is enabled and untrusted users are allowed to specify input parameters when running workflows, an attacker may be able to disrupt a workflow because expression template output is evaluated...
Automate Malware Quarantining for Workloads
Leverage automated and programmable APIs to quickly secure and quarantine workloads without interrupting downstream workflows...
CVE-2021-37914
CVE-2021-37914 affects Argo Workflows (through 3.1.3). When EXPRESSION_TEMPLATES is enabled and untrusted users can specify input parameters for runs, an attacker can disrupt a workflow because expression template output is evaluated. The issue is tied to how template expressions are processed, e...
CVE-2021-37914
In Argo Workflows through 3.1.3, if EXPRESSIONTEMPLATES is enabled and untrusted users are allowed to specify input parameters when running workflows, an attacker may be able to disrupt a workflow because expression template output is evaluated...
GHSA-RC7P-GMVH-XFX2 Attack on Kubernetes via Misconfigured Argo Workflows
Impact Users running using the Argo Server with --auth-mode=server which is the default v3.0.0 AND have exposed their UI to the Internet may allow remote users to execute arbitrary code on their cluster, e.g. crypto-mining. Resolution Do not expose your user interface to the Internet. Change...
Attack on Kubernetes via Misconfigured Argo Workflows
Impact Users running using the Argo Server with --auth-mode=server which is the default v3.0.0 AND have exposed their UI to the Internet may allow remote users to execute arbitrary code on their cluster, e.g. crypto-mining. Resolution Do not expose your user interface to the Internet. Change...
Exploit for SQL Injection in Zabbix
This repository is an offensive tool for vulnerability research and exploitation. It contains various tools and exploits for testing and demonstrating vulnerabilities in different software and systems. The primary purpose of this repository is to provide a platform for researchers and security...
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in github.com/argoproj/argo-workflows...
Argo 输入验证错误漏洞
Argo is an open source container-native workflow engine. A security vulnerability exists in Argo Workflows 3.1.3 that could allow an attacker to corrupt a workflow if EXPRESSIONTEMPLATES is enabled and an untrusted user is allowed to specify input parameters when running the workflow...
PT-2021-21906
Name of the Vulnerable Software and Affected Versions: Argo Workflows versions 3.1.3 and earlier Description: The issue arises when EXPRESSION TEMPLATES is enabled and untrusted users can specify input parameters for workflows. This allows an attacker to potentially disrupt a workflow because the...
vulhub
This is an open-source collection of vulnerable web applications and environments for testing and learning about web application security. It is a project maintained by phith0n and hosted on GitHub. The repository contains a variety of applications and environments, including CouchDB, FFmpeg, Git...
vulhub
This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable environments and exploits for various software and frameworks, including CouchDB, FFmpeg, Git, and others. The repository is maintained by Vulhub, a community-driven project fo...
Kubernetes Cloud Clusters Face Cyberattacks via Argo Workflows
Kubernetes clusters are being attacked via misconfigured Argo Workflows instances, security researchers are warning. Argo Workflows is an open-source, container-native workflow engine for orchestrating parallel jobs on Kubernetes – to speed up processing time for compute-intensive jobs like machi...