Home > Vulnerability Database > WS-2021-0351

Mend.io Vulnerability Database

WS-2021-0351

Good to know:

Date: August 24, 2021

Vulnerable versions of argo-workflows are 3.0.0 through 3.0.8, and 3.1.0 through 3.1.5. Fixed in versions 3.0.9 and 3.1.6 of argo-workflows by removing client private key from client auth REST config. The client's authentication will be ignored and the server's authentication will be used. This will result in privilege escalation to that of the server's account.

Language: Go

Severity Score

3.0

Related Resources (2)

Url: https://github.com/argoproj/argo-workflows/commit/96ee4d24285394b84ec52073226c01dadd205d4a

Url: https://www.mend.io/vulnerability-database/WS-2021-0351

Severity Score

3.0

Weakness Type (CWE)

Improper Privilege Management

CWE-269

Top Fix

Upgrade Version

Upgrade to version v3.0.9,v3.1.6

Learn More

CVSS v3.1

Base Score:	3.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2021-0351

Good to know:

Date: August 24, 2021

Language: Go

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?