CVE-2024-52814

Опубликовано: 22 нояб. 2024

Источник: nvd

CVSS3: 2.8

EPSS Низкий

Описание

Argo Helm is a collection of community maintained charts for argoproj.github.io projects. Prior to version 0.45.0, the workflow-role) lacks granularity in its privileges, giving permissions to workflowtasksets and workflowartifactgctasks to all workflow Pods, when only certain types of Pods created by the Controller require these privileges. The impact is minimal, as an attack could only affect status reporting for certain types of Pods and templates. Version 0.45.0 fixes the issue.

Ссылки

https://github.com/argoproj/argo-helm/blob/2653aef414ab6a5d8617af75f04190a8f7da28dc/charts/argo-workflows/templates/controller/workflow-role.yaml
https://github.com/argoproj/argo-helm/blob/2653aef414ab6a5d8617af75f04190a8f7da28dc/charts/argo-workflows/templates/controller/workflow-role.yaml#L45-L56
https://github.com/argoproj/argo-helm/security/advisories/GHSA-h974-w8pg-cx73
https://github.com/argoproj/argo-workflows/blob/5aac5a8f61f4e8273d04509dffe7d80123ff67f5/manifests/quick-start/base/agent-role.yaml
https://github.com/argoproj/argo-workflows/blob/5aac5a8f61f4e8273d04509dffe7d80123ff67f5/manifests/quick-start/base/artifactgc-role.yaml

EPSS

Процентиль: 22%

0.00073

Низкий

2.8 Low

CVSS3

Дефекты

CWE-1220