📦 Argo Workflows

This vulnerability in Argo Workflows allows attackers to overwrite the argoexec file with malicious scripts via specially crafted archives containing symbolic links. When exploited, this leads to arbi...

Argo Workflows contains a Zip Slip path traversal vulnerability in artifact extraction that allows attackers to write arbitrary files outside the intended extraction directory. This can lead to system...

This vulnerability in Argo Workflows allows attackers to retrieve archived workflows without proper authentication. When using client or SSO authentication modes, attackers can bypass token validation...

This vulnerability in Argo Workflows allows authenticated attackers to create malicious workflows that generate HTML artifacts containing scripts. When victims open these artifacts, the scripts execut...

This stored cross-site scripting (XSS) vulnerability in Argo Workflows allows workflow authors to inject malicious JavaScript into artifact directory listings. When other users view these listings, th...

Argo Workflows versions before 3.6.12 and 3.7.0-3.7.2 expose artifact repository credentials in plaintext in workflow-controller pod logs. Attackers with pod log read permissions can steal these crede...