Nebojsaj1726

**Name of the Vulnerable Software and Affected Versions** Argo Workflows versions 4.0.0 through 4.0.4 **Description** The Sync Service's ConfigMap-backed provider in `server/sync/sync cm.go` lacks authorization checks for all create, read, update, and delete (CRUD) operations. This allows any authenticated user, including those utilizing fake Bearer tokens, to perform these operations on Kubernetes ConfigMaps that store synchronization limits. **Recommendations** Update to version 4.0.5.