Fluid Attacks Database

Description

Potential privilege escalation on Kubernetes >= v1.19 when the Argo Sever is run with --auth-mode=client in github.com/argoproj/argo-workflows Potential privilege escalation on Kubernetes >= v1.19 when the Argo Sever is run with --auth-mode=client in github.com/argoproj/argo-workflows

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
go	github.com/argoproj/argo-workflows/v2	-	-
go	github.com/argoproj/argo-workflows	-	-
go	github.com/argoproj/argo-workflows/v3	>=3.0.0 <3.0.9 \|\| >=3.1.0 <3.1.6	3.0.9, 3.1.6

Aliases

1. OSV-GO-2022-04052. GHSA-prqf-xr2j-xf653. GCVE-GHSA-prqf-xr2j-xf654. GHSA-prqf-xr2j-xf65

References

1. https://github.com/argoproj/argo-workflows/security/advisories/GHSA-prqf-xr2j-xf65

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.