CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21 matches found

EUVD-2026-34068

A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because the apikey field in...

9.1CVSS7.6AI score

Exploits0References2

OSV•added 2026/05/12 8:38 a.m.•3 views

BIT-ARGO-WORKFLOWS-2026-42295 Argo Workflows: Exposure of artifact repository credentials

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the workflow executor logs all artifact repository credentials S3 access keys, secret keys, GCS service account keys, Azure account keys, Gi...

8.5CVSS5.7AI score0.00042EPSS

Exploits1References3

Positive Technologies•added 2026/05/12 12:0 a.m.•3 views

PT-2026-40271

8.5CVSS5.7AI score0.00042EPSS

Exploits1References4

NVD•added 2026/05/09 4:16 a.m.•6 views

CVE-2026-42295

8.5CVSS0.00042EPSS

Exploits1References2

Cvelist•added 2026/05/09 3:48 a.m.•31 views

CVE-2026-42295 Argo Workflows: Exposure of artifact repository credentials

8.5CVSS0.00042EPSS

Exploits1References2

CVE•added 2026/05/09 3:48 a.m.•6 views

CVE-2026-42295

Affected product/version: Argo Workflows up to 4.0.4 (before 4.0.5). Vulnerability: The workflow executor logs all artifact repository credentials (S3 keys, GCS keys, Azure keys, Git passwords, etc.) in plaintext during artifact operations. This allows any user with read access to workflow pod lo...

8.5CVSS5.7AI score0.00042EPSS

Exploits1References2Affected Software1

EUVD•added 2026/05/09 3:48 a.m.•5 views

EUVD-2026-28893

8.5CVSS5.7AI score0.00042EPSS

Exploits1References2

ATTACKERKB•added 2026/05/09 3:48 a.m.•5 views

CVE-2026-42295

8.5CVSS5.7AI score0.00042EPSS

Exploits1References3Affected Software1

Github Security Blog•added 2026/05/04 8:12 p.m.•2 views

Argo vulnerable to exposure of artifact repository credentials

Summary The workflow executor logs all artifact repository credentials S3 access keys, secret keys, GCS service account keys, Azure account keys, Git passwords, etc. in plaintext on artifact operation. Any user with read access to workflow pod logs can extract these credentials. Note: This is an...

8.5CVSS7.3AI score0.00042EPSS

Exploits1References7Affected Software1

OSV•added 2026/05/04 8:12 p.m.•1 views

GHSA-7VF8-2CR6-54MF Argo vulnerable to exposure of artifact repository credentials

8.5CVSS5.8AI score0.00042EPSS

Exploits1References7

Positive Technologies•added 2026/05/04 12:0 a.m.•3 views

PT-2026-37193

Name of the Vulnerable Software and Affected Versions Argo Workflows versions 4.0.0 through 4.0.4 Description The workflow executor logs artifact repository credentials in plaintext during artifact operations. This occurs because the logging driver passes the entire ArtifactDriver struct to the...

8.5CVSS5.8AI score0.00042EPSS

Exploits1References13

Snyk•added 2026/04/22 5:6 p.m.•2 views

Unsafe Dependency Resolution

Overview Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the artifact creation process. An attacker can gain unauthorized access to sensitive credentials by extracting workflow artifacts containing the GITHUBTOKEN. Remediation Upgrade...

9.3CVSS5.5AI score0.00047EPSS

Exploits0References2

Veracode•added 2025/12/02 9:58 a.m.•2 views

Information Disclosure

github.com/argoproj/argo-workflows is vulnerable to Information Disclosure. The vulnerability is due to artifact repository credentials being logged in plaintext within the workflow-controller pod logs, which allows an attacker with permission to read pod logs to obtain these credentials and...

8.5CVSS6.7AI score0.00014EPSS

Exploits0References4Affected Software1

SUSE CVE•added 2025/11/09 12:23 a.m.•1 views

SUSE CVE-2025-62157

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 expose artifact repository credentials in plaintext in workflow-controller pod logs. An attacker with permissio...

6.5CVSS6.7AI score0.00014EPSS

Exploits0References2

RedhatCVE•added 2025/10/15 8:47 p.m.•5 views

CVE-2025-62157

8.5CVSS6.1AI score0.00014EPSS

Exploits0References6

EUVD•added 2025/10/14 6:43 p.m.•1 views

EUVD-2025-34250

Argo Workflow may expose artifact repository credentials...

8.5CVSS6.5AI score0.00014EPSS

Exploits0References4

NVD•added 2025/10/14 3:16 p.m.•3 views

CVE-2025-62157

8.5CVSS0.00014EPSS

Exploits0References3

OSV•added 2025/10/14 3:6 p.m.•1 views

CVE-2025-62157 Argo Workflows exposes artifact repository credentials in workflow-controller logs

8.5CVSS6.7AI score0.00014EPSS

Exploits0References5

CVE•added 2025/10/14 3:6 p.m.•4 views

CVE-2025-62157

CVE-2025-62157 affects Argo Workflows. Vulnerable in versions prior to 3.6.12 and 3.7.0–3.7.2, where artifact repository credentials are exposed in plaintext in workflow-controller logs. An attacker with pod-log access in a namespace running Argo Workflows can read these credentials. Remediation:...

8.5CVSS6.3AI score0.00014EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2025/10/14 3:6 p.m.•1 views

CVE-2025-62157 Argo Workflows exposes artifact repository credentials in workflow-controller logs

8.5CVSS6.3AI score0.00014EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by