Vendor

Argo

3 briefs RSS

medium advisory

Argo CD Information Disclosure Vulnerability

2 rules 2 TTPs

A remote, authenticated attacker can exploit a vulnerability in Argo CD to disclose sensitive information.

argo cd argocd information-disclosure cloud

2r 2t May 6, 2026

high advisory

Argo Workflows Template Referencing Restriction Bypass

3 rules 2 TTPs 1 CVE

Argo Workflows has an incomplete fix for CVE-2026-31892, allowing bypass of templateReferencing restrictions to modify pod specifications, leading to potential privilege escalation and security context overrides.

argo-workflows kubernetes privilege-escalation defense-evasion

3r 2t 1c May 4, 2026

high advisory

Argo Workflows ConfigMap Sync Service Missing Authorization Vulnerability

2 rules 1 TTP

The Sync Service's ConfigMap-backed provider in Argo Workflows performs zero authorization checks on all CRUD operations, allowing any authenticated user to create, read, update, and delete Kubernetes ConfigMaps containing synchronization limits, potentially leading to denial of service, workflow disruption, information disclosure, or arbitrary ConfigMap manipulation in Argo Workflows versions v4.0.0 to v4.0.4.

argo-workflows/v4 argo-workflows kubernetes configmap authorization vulnerability

2r 1t May 3, 2024