7.1

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2022-29164

GHSA ID

GHSA-cmv8-6362-r5w9

EPSS Score

0.55662%

CWE

CWE-269

Published

5/23/2022

Updated

1/27/2023

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-29164

CVE-2022-29164: Malicious HTML+XHR Artifact Privilege Escalation in Argo Workflows

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes.

The attacker creates a workflow that produces a HTML artifact that contains a HTML file that contains a script which uses XHR calls to interact with the Argo Server API.
The attacker emails the deep-link to the artifact to their victim. The victim opens the link, the script starts running.

As the script has access to the Argo Server API (as the victim), so may do the following (if the victim may):

Read information about the victim’s workflows.
Create or delete workflows.

Notes:

The attacker must be an insider: they must have access to the same cluster as the victim and must already be able to run their own workflows.
The attacker must have an understanding of the victim’s system. They won’t be able to repeatedly probe due to the social engineering aspect.
The attacker is likely leave an audit trail.

We have seen no evidence of this in the wild. While the impact is high, it is very hard to exploit.

We urge all users to upgrade to the fixed versions. Disabling the Argo Server is the only known workaround. Note version 2.12 has been out of support for sometime. No fix is currently planned.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2022-29164

CVE-2022-29164:

7.1

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2022-29164

GHSA ID

GHSA-cmv8-6362-r5w9

EPSS Score

0.55662%

CWE

CWE-269

Published

5/23/2022

Updated

1/27/2023

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/argoproj/argo-workflows/v3	go	>= 2.6.0, < 3.2.11	3.2.11
github.com/argoproj/argo-workflows/v3	go	>= 3.3.0, < 3.3.5	3.3.5

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from HTML artifacts being served without proper security headers. The fix in commit 87470e1 added CSP headers in the returnArtifact function to prevent script execution. This function was directly responsible for serving artifact content, and the lack of CSP headers prior to the patch made it the vulnerable component.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.1

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2022-29164: Malicious HTML+XHR Artifact Privilege Escalation in Argo Workflows

CVE-2022-29164:

7.1

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

CVE-2022-29164: Malicious HTML+XHR Artifact Privilege Escalation in Argo Workflows

Basic Information

Basic Information

7.1

7.1

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI