SB2024120237 - Missing Authorization in Argo Workflows



SB2024120237 - Missing Authorization in Argo Workflows

Published: December 2, 2024 Updated: April 23, 2026

Security Bulletin ID SB2024120237
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Missing Authorization (CVE-ID: CVE-2024-53862)

CWE-ID: CWE-862 - Missing Authorization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive workflow information.

The vulnerability exists due to missing authorization in the GET Workflow endpoint fallback to archived workflows when handling requests to retrieve archived workflows in client or sso mode. A remote attacker can send a request with a spoofed or otherwise unauthorized token to disclose sensitive workflow information.

Only deployments with workflow archiving enabled are affected.


Remediation

Install update from vendor's website.