VDB
BIT-argo-workflows-2024-47827
BIT-argo-workflows-2024-47827
PUBLISHED
CVSS 4.800000190734863 MEDIUM
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Due to a race condition in a global variable in 3.6.0-rc1, the argo workflows controller can be made to crash on-command by any user with access to execute a workflow. This vulnerability is fixed in 3.6.0-rc2.
Risk Scores
CVSS v3.1
4.800000190734863
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | argo-workflows | 3.6.0-rc1, 3.6.0-rc1, 3.6.0-rc1 |
Timeline
- Oct 30, 2024 CVE Published
- Nov 6, 2024 CVE Updated
References
- https://github.com/argoproj/argo-workflows/blob/ce7f9bfb9b45f009b3e85fabe5e6410de23c7c5f/workflow/metrics/metrics_k8s_request.go#L75 url
- https://github.com/argoproj/argo-workflows/commit/524406451f4dfa57bf3371fb85becdb56a2b309a url
- https://github.com/argoproj/argo-workflows/pull/13641 url
- https://github.com/argoproj/argo-workflows/security/advisories/GHSA-ghjw-32xw-ffwr url