CNNVD-202510-1986 Information

Oct 14, 2025 cve

CNNVD ID

CNNVD-202510-1986

CVE-2025-62157

CNNVD Published: 2025-10-14

Description (Chinese)

Argo Workflows是Argo项目的一个用于 Kubernetes 的开源容器原生工作流引擎。 Argo Workflows 3.6.12之前版本和3.7.0版本至3.7.2版本存在安全漏洞，该漏洞源于workflow-controller pod日志中以明文形式暴露工件库凭据，可能导致凭据泄露。

Description (English)

Argo Workflows is a primary workflow engine for open-source containers for Kubernetes in the Argo project. Prior to Argón Workflows 3.6.12 and from 3.7.0 to 3.7.2, there was a security loophole, which originated from the explicit disclosure of documents in the workflow-controller pod log, which could lead to their disclosure.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Argo

Published

2025-10-14

Last Modified

2026-02-24

References

https://github.com/argoproj/argo-workflows/commit/18ad5138b6bcb2aba04e00b4ec657bc6b8fad8df https://github.com/argoproj/argo-workflows/commit/bded09fe4abd37cb98d7fc81b4c14a6f5034e9ab https://github.com/argoproj/argo-workflows/security/advisories/GHSA-c2hv-4pfj-mm2r

Patch

https://argoproj.github.io/

Share on: