Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) |
| OWASP | A03:2021 – Injection |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Medium |
Description#
Using Argo workflow or input parameters directly inside shell or Python scripts (such as here-scripts) can allow untrusted input to be executed as commands or code. This makes your workflow vulnerable to command or code injection attacks.
Impact#
If exploited, an attacker could inject malicious commands or code through workflow parameters, potentially gaining unauthorized access, exfiltrating data, or compromising the entire CI/CD pipeline. This could lead to data loss, service disruption, or system takeover.