Lucene search
K

6 matches found

OSV
OSV
added 2026/05/12 8:38 a.m.8 views

BIT-ARGO-WORKFLOWS-2026-42296 Argo Workflows has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod...

8.1CVSS5.7AI score0.00424EPSS
Exploits2References8
CNNVD
CNNVD
added 2026/05/09 12:0 a.m.13 views

Argo Workflows 安全漏洞

Argo Workflows is an open-source container-native workflow engine for Kubernetes, part of the Argo project. Versions prior to Argo Workflows 3.7.14 and 4.0.5 contained security vulnerabilities. These vulnerabilities stemmed from users with permission to create Workflows being able to bypass the...

8.1CVSS5.8AI score0.00424EPSS
Exploits2References1
OSV
OSV
added 2026/05/04 8:11 p.m.5 views

GHSA-3775-99MW-8RP4 Argo has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure

The fix for CVE-2026-31892 commit 534f4ff blocks podSpecPatch when templateReferencing: Strict is active, but doesn't restrict other WorkflowSpec fields that flow through the same merge path and get applied to pods. A user can set hostNetwork: true, override serviceAccountName, or change...

8.1CVSS5.8AI score0.00424EPSS
Exploits2References8
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.5 views

SUSE CVE-2026-31892

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in...

9.9CVSS5.9AI score0.00413EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/11 7:29 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the podSpecPatch when including a podSpecPatch field in their Workflow submission. An attacker can override security restrictions defined in approved templates by submitting a workflow that includes a crafted...

8.9CVSS6AI score0.00413EPSS
Exploits1References2
NVD
NVD
added 2026/03/11 4:16 p.m.7 views

CVE-2026-31892

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in...

9.9CVSS0.00413EPSS
Exploits1References5
Rows per page
Query Builder