Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Due to a race condition in a global variable in 3.6.0-rc1, the argo workflows controller can be made to crash on-command by any user with access to execute a workflow. This vulnerability is fixed in 3.6.0-rc2.
References
Configurations
Configuration 1 (hide)
|
History
05 Nov 2024, 16:50
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.8 |
First Time |
Argo Workflows Project
Argo Workflows Project argo Workflows |
|
References | () https://github.com/argoproj/argo-workflows/blob/ce7f9bfb9b45f009b3e85fabe5e6410de23c7c5f/workflow/metrics/metrics_k8s_request.go#L75 - Product | |
References | () https://github.com/argoproj/argo-workflows/commit/524406451f4dfa57bf3371fb85becdb56a2b309a - Patch | |
References | () https://github.com/argoproj/argo-workflows/pull/13641 - Issue Tracking, Patch | |
References | () https://github.com/argoproj/argo-workflows/security/advisories/GHSA-ghjw-32xw-ffwr - Vendor Advisory | |
CPE | cpe:2.3:a:argo_workflows_project:argo_workflows:3.6.0:rc1:*:*:*:kubernetes:*:* |
29 Oct 2024, 14:34
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
28 Oct 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-28 16:15
Updated : 2024-11-05 16:50
NVD link : CVE-2024-47827
Mitre link : CVE-2024-47827
CVE.ORG link : CVE-2024-47827
JSON object : View
Products Affected
argo_workflows_project
- argo_workflows