Vulnerability Database
296,663
Total vulnerabilities in the database
CVE-2025-62157
Summary
An attacker who has permissions to read logs from pods in a namespace with Argo Workflow can read workflow-controller logs and get credentials to the artifact repository.
Details
An attacker, by reading the logs of the workflow controller pod, can access the artifact repository, and steal, delete or modify the data that resides there. The workflow-controller logs show the credentials in plaintext.
<img width="1366" alt="screen" src="https://github.com/user-attachments/assets/5642b2be-edcf-4050-bf47-747d05352698" />
Impact
An attacker with access to pod logs in the argo namespace can extract plaintext credentials from the workflow-controller logs and gain access to the artifact repository. This can lead to:
- Data exfiltration – theft of sensitive or proprietary artifacts
- Data tampering – modification of workflows or artifacts
- Data destruction – deletion of stored artifacts, leading to potential loss of critical data or pipeline failure
| Software | From | Fixed in |
|---|---|---|
github.com/argoproj/argo-workflows/v3
|
3.7.0 | 3.7.3 |
|
github.com/argoproj/argo-workflows/v3
|
- | 3.6.12 |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime