{"id":"GO-2024-3303","summary":"Argo Workflows Allows Access to Archived Workflows with Fake Token in `client` mode in github.com/argoproj/argo-workflows","details":"Argo Workflows Allows Access to Archived Workflows with Fake Token in `client` mode in github.com/argoproj/argo-workflows","aliases":["BIT-argo-workflows-2024-53862","CVE-2024-53862","GHSA-h36c-m3rf-34h9"],"modified":"2026-02-04T02:38:50.332427Z","published":"2024-12-02T20:06:38Z","related":["CGA-6wrf-mhcq-w6gf"],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2024-3303","review_status":"UNREVIEWED"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53862"},{"type":"FIX","url":"https://github.com/argoproj/argo-workflows/pull/13021/files#diff-a5b255abaceddc9cc20bf6da6ae92c3a5d3605d94366af503ed754c079a1171aL668-R715"},{"type":"WEB","url":"https://github.com/argoproj/argo-workflows/security/advisories/GHSA-h36c-m3rf-34h9"}],"affected":[{"package":{"name":"github.com/argoproj/argo-workflows","ecosystem":"Go","purl":"pkg:golang/github.com/argoproj/argo-workflows"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2024-3303.json"}},{"package":{"name":"github.com/argoproj/argo-workflows/v2","ecosystem":"Go","purl":"pkg:golang/github.com/argoproj/argo-workflows/v2"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2024-3303.json"}},{"package":{"name":"github.com/argoproj/argo-workflows/v3","ecosystem":"Go","purl":"pkg:golang/github.com/argoproj/argo-workflows/v3"},"ranges":[{"type":"SEMVER","events":[{"introduced":"3.5.7"},{"fixed":"3.5.13"},{"introduced":"3.6.0-rc1"},{"fixed":"3.6.2"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2024-3303.json"}}],"schema_version":"1.7.3"}