EUVD-2024-3475

Malicious code in bioql PyPI...

SUSE CVE-2024-53862

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using --auth-mode=client, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: /api/v1/workflows/namespace/name or when using...

CVE-2024-53862

CVE-2024-53862 affects Argo Workflows (Kubernetes) where, in --auth-mode=client, archived workflows could be retrieved with a fake token due to a missing auth check, and in --auth-mode=sso all archived workflows could be retrieved with a valid token. The vaulting component that should validate to...

CVE-2024-53862 Argo Workflows Allows Access to Archived Workflows with Fake Token in `client` mode

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using --auth-mode=client, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: /api/v1/workflows/namespace/name or when using...

CVE-2024-53862 Argo Workflows Allows Access to Archived Workflows with Fake Token in `client` mode

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using --auth-mode=client, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: /api/v1/workflows/namespace/name or when using...

Argo Workflows 安全漏洞

Argo Workflows is an open source container-native workflow engine for Kubernetes from the Argo project. A security vulnerability exists in Argo Workflows 3.5.7 and earlier versions, which stems from an accidental removal of privilege checks when accessing the GET Workflow endpoint for archived...