Описание
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Due to a race condition in a global variable in 3.6.0-rc1, the argo workflows controller can be made to crash on-command by any user with access to execute a workflow. This vulnerability is fixed in 3.6.0-rc2.
A flaw was found in Argo Workflows. Due to a race condition in a global variable, the Argo Workflows controller can crash on command by any user with access to execute a workflow, which can lead to a denial of service.
Отчет
This flaw was introduced in version 3.6.0-rc1 and patched in the subsequent 3.6.0-rc2 release. The vulnerable version of Argo Workflows is not shipped in any Red Hat products.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift AI (RHOAI) | odh-data-science-pipelines-argo-argoexec-container | Not affected | ||
| Red Hat OpenShift AI (RHOAI) | odh-data-science-pipelines-argo-workflowcontroller-container | Not affected | ||
| Red Hat OpenShift AI (RHOAI) | odh-ml-pipelines-api-server-v2-container | Not affected | ||
| Red Hat OpenShift AI (RHOAI) | odh-ml-pipelines-driver-container | Not affected | ||
| Red Hat OpenShift AI (RHOAI) | odh-ml-pipelines-launcher-container | Not affected | ||
| Red Hat OpenShift AI (RHOAI) | odh-ml-pipelines-persistenceagent-v2-container | Not affected | ||
| Red Hat OpenShift AI (RHOAI) | odh-ml-pipelines-scheduledworkflow-v2-container | Not affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
4.8 Medium
CVSS3
Связанные уязвимости
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Due to a race condition in a global variable in 3.6.0-rc1, the argo workflows controller can be made to crash on-command by any user with access to execute a workflow. This vulnerability is fixed in 3.6.0-rc2.
Argo Workflows Controller: Denial of Service via malicious daemon Workflows
EPSS
4.8 Medium
CVSS3