Main Vulnerability Database Vulnerabilities #VU126898

#VU126898 Missing Authorization in Argo Workflows - CVE-2024-53862

Published: December 2, 2024 / Updated: April 23, 2026

Vulnerability identifier: #VU126898

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-53862

CWE-ID: CWE-862

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Argo Workflows

Software vendor:
Argo

Description

The vulnerability allows a remote attacker to disclose sensitive workflow information.

The vulnerability exists due to missing authorization in the GET Workflow endpoint fallback to archived workflows when handling requests to retrieve archived workflows in client or sso mode. A remote attacker can send a request with a spoofed or otherwise unauthorized token to disclose sensitive workflow information.

Only deployments with workflow archiving enabled are affected.

Remediation

Install security update from vendor's website.

External links

https://github.com/argoproj/argo-workflows/security/advisories/GHSA-h36c-m3rf-34h9

#VU126898 Missing Authorization in Argo Workflows - CVE-2024-53862

Description

Remediation

External links

Please verify you're human