Build corruption when using `PYO3_CONFIG_FILE` environment variable

In PyO3 0.23.0 the PYO3CONFIGFILE environment variable used to configure builds regressed such that changing the environment variable would no longer trigger PyO3 to reconfigure and recompile. In combination with workflows using tools such as maturin to build for multiple versions in a single...

CVE-2024-54675

app/webroot/js/workflows-editor/workflows-editor.js in MISP through 2.5.2 has stored XSS in the editor interface for an ad-hoc workflow...

CVE-2024-54675

CVE-2024-54675 affects MISP up to version 2.5.2, with a stored cross-site scripting (XSS) flaw in the editor interface (app/webroot/js/workflows-editor/workflows-editor.js) used for ad-hoc workflows. The root cause is a stored XSS vulnerability in the editor that can impact users who load the aff...

GHSA-H36C-M3RF-34H9 vulnerabilities

Vulnerabilities for packages: argo-workflows-fips, argo-workflows...

GHSA-H36C-M3RF-34H9 Access to Archived Argo Workflows with Fake Token in `client` mode

Summary When using --auth-mode=client, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: /api/v1/workflows/namespace/name When using --auth-mode=sso, all Archived Workflows can be retrieved with a valid token via the GET Workflow endpoint:...

GHSA-H36C-M3RF-34H9 vulnerabilities

Vulnerabilities for packages: argo-workflows...

CVE-2024-53862

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using --auth-mode=client, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: /api/v1/workflows/namespace/name or when using...

GO-2024-3303 Argo Workflows Allows Access to Archived Workflows with Fake Token in `client` mode in github.com/argoproj/argo-workflows

Argo Workflows Allows Access to Archived Workflows with Fake Token in client mode in github.com/argoproj/argo-workflows...

CVE-2024-53862

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using --auth-mode=client, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: /api/v1/workflows/namespace/name or when using...

CVE-2024-53862 vulnerabilities

Vulnerabilities for packages: argo-workflows-fips, argo-workflows...

CVE-2024-53862 vulnerabilities

Vulnerabilities for packages: argo-workflows...

CVE-2024-53862 Argo Workflows Allows Access to Archived Workflows with Fake Token in `client` mode

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using --auth-mode=client, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: /api/v1/workflows/namespace/name or when using...

CVE-2024-53862 Argo Workflows Allows Access to Archived Workflows with Fake Token in `client` mode

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using --auth-mode=client, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: /api/v1/workflows/namespace/name or when using...

CVE-2024-53862 Argo Workflows Allows Access to Archived Workflows with Fake Token in `client` mode

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using --auth-mode=client, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: /api/v1/workflows/namespace/name or when using...

CVE-2024-53862

CVE-2024-53862 affects Argo Workflows (Kubernetes) where, in --auth-mode=client, archived workflows could be retrieved with a fake token due to a missing auth check, and in --auth-mode=sso all archived workflows could be retrieved with a valid token. The vaulting component that should validate to...

Argo Workflows 安全漏洞

Argo Workflows is an open source container-native workflow engine for Kubernetes from the Argo project. A security vulnerability exists in Argo Workflows 3.5.7 and earlier versions, which stems from an accidental removal of privilege checks when accessing the GET Workflow endpoint for archived...

PT-2024-35960

Name of the Vulnerable Software and Affected Versions: Argo Workflows versions 3.5.7 through 3.5.8 Description: Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using --auth-mode=client, archived workflows can be retrieved with ...

How Is API Abuse Different from Web Application Attacks by Bots?

API abuse and web application bot attacks are often confused. This is understandable, as both involve automated interactions and are usually executed by bots. Both attack vectors are prevalent; criminals are always eager to disrupt the foundations on which businesses base their operations to...

Deloitte’s Cyber Cloud Managed Services (CCMS) - Enhance cyber posture with AWS and Wiz

Discover how Deloitte’s CCMS, powered by Wiz, enhances AWS cloud security with automated workflows, democratized risk management, and streamlined remediation to protect modern cloud environments...

CVE-2024-52799

Argo Workflows Chart is used to set up argo and its needed dependencies through one command. Prior to 0.44.0, the workflow-role has excessive privileges, the worst being create pods/exec, which will allow kubectl exec into any Pod in the same namespace, i.e. arbitrary code execution within those...