Lucene search
K

4 matches found

OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5751 Argo has Missing Authorization in its Sync ConfigMap Provider in github.com/argoproj/argo-workflows

Argo has Missing Authorization in its Sync ConfigMap Provider in github.com/argoproj/argo-workflows...

8.5CVSS5.8AI score0.00515EPSS
Exploits1References4
OSV
OSV
added 2026/05/12 8:38 a.m.7 views

BIT-ARGO-WORKFLOWS-2026-42297 Argo Workflows Is Missing Authorization in Sync ConfigMap Provider

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's ConfigMap-backed provider server/sync/synccm.go performs zero authorization checks on all CRUD operations create, read,...

8.5CVSS5.7AI score0.00515EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/05/09 3:42 a.m.6 views

CVE-2026-42297 Argo Workflows Is Missing Authorization in Sync ConfigMap Provider

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's ConfigMap-backed provider server/sync/synccm.go performs zero authorization checks on all CRUD operations create, read,...

8.5CVSS5.7AI score0.00515EPSS
Exploits1References3
CVE
CVE
added 2026/05/09 3:42 a.m.29 views

CVE-2026-42297

CVE-2026-42297 concerns Argo Workflows, where the Sync Service's ConfigMap-backed provider (server/sync/sync_cm.go) allows zero authorization checks on all CRUD operations. From 4.0.0 up to just before 4.0.5, any authenticated user (including fake Bearer tokens) could create, read, update, or del...

8.5CVSS5.7AI score0.00515EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder