Argo has Missing Authorization in its Sync ConfigMap Provider

Summary The Sync Service's ConfigMap-backed provider server/sync/synccm.go performs zero authorization checks on all CRUD operations create, read, update, delete. Any authenticated user — including those using fake Bearer tokens — can create, read, update, and delete Kubernetes ConfigMaps...

PT-2026-37195

Name of the Vulnerable Software and Affected Versions Argo Workflows versions 4.0.0 through 4.0.4 Description The Sync Service's ConfigMap-backed provider in server/sync/sync cm.go lacks authorization checks for all create, read, update, and delete CRUD operations. This allows any authenticated...

Access to Archived Argo Workflows with Fake Token in `client` mode

Summary When using --auth-mode=client, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: /api/v1/workflows/namespace/name When using --auth-mode=sso, all Archived Workflows can be retrieved with a valid token via the GET Workflow endpoint:...

GO-2024-3303 Argo Workflows Allows Access to Archived Workflows with Fake Token in `client` mode in github.com/argoproj/argo-workflows

Argo Workflows Allows Access to Archived Workflows with Fake Token in client mode in github.com/argoproj/argo-workflows...

CVE-2024-53862 Argo Workflows Allows Access to Archived Workflows with Fake Token in `client` mode

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using --auth-mode=client, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: /api/v1/workflows/namespace/name or when using...

CVE-2024-53862

CVE-2024-53862 affects Argo Workflows (Kubernetes) where, in --auth-mode=client, archived workflows could be retrieved with a fake token due to a missing auth check, and in --auth-mode=sso all archived workflows could be retrieved with a valid token. The vaulting component that should validate to...

CVE-2024-53862 Argo Workflows Allows Access to Archived Workflows with Fake Token in `client` mode

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using --auth-mode=client, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: /api/v1/workflows/namespace/name or when using...

Scammers Exploit Crypto Hype with Fake Token Factory, Stealing Millions

By Deeba Ahmed Check Point Research Reports New Million-Dollar Rug Pull Scam with a Fake Token Factory. This is a post from HackRead.com Read the original post: Scammers Exploit Crypto Hype with Fake Token Factory, Stealing Millions...

USE SAME SYMBOL CAN GET FAKED PRICE OF TOKEN

Lines of code Vulnerability details Impact it compare symbol to identify token，it can be exploit to produce fake price of token. Proof of Concept attacker can create a token which is like cToken and has symbol of cNOTE .When somebody call comptroller’s liquidateCalculateSeizeTokens ，it will give ...

Manager is able to use swapData.dexTxData to Perform Reentrancy

Lines of code Vulnerability details Impact Reentrancy here allows a manager to perform multiple operations on a given pool beyond the max limit. Proof of Concept A Manager, using swapData.dexTxData, can reenter MIMO actions performed on the vault he is managing. The manager deploys a FAKE token a...

Uniswap V3 LPs Lose Millions in Fake Token Phishing Attack

By Deeba Ahmed Binance CEO Changpeng Zhao CZ said in a Tweet that their intel unit identified an exploit on Uniswap… This is a post from HackRead.com Read the original post: Uniswap V3 LPs Lose Millions in Fake Token Phishing Attack...

Strategy can steal all the funds in ERC20Vault by rebalancing with a fake token in path

Handle WatchPug Vulnerability details PoC Given: A pool with 100 ETH and 40,000 USDC; A malicious or compromised Strategy can do the following: 1. Create a FAKE token, and add liquidity to ETH/FAKE and FAKE/USDC, making the price of ETH/FAKE to be 1 ETH per FAKE and the price of FAKE/USDC is 0.01...