Tag

Configmap

1 brief RSS

Argo Workflows ConfigMap Sync Service Missing Authorization Vulnerability

The Sync Service's ConfigMap-backed provider in Argo Workflows performs zero authorization checks on all CRUD operations, allowing any authenticated user to create, read, update, and delete Kubernetes ConfigMaps containing synchronization limits, potentially leading to denial of service, workflow disruption, information disclosure, or arbitrary ConfigMap manipulation in Argo Workflows versions v4.0.0 to v4.0.4.

argo-workflows/v4 argo-workflows kubernetes configmap authorization vulnerability

2r 1t May 3, 2024