BIT-argo-workflows-2024-47827

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/argo-workflows/BIT-argo-workflows-2024-47827.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-argo-workflows-2024-47827
Aliases
Published
2024-10-30T07:08:04.074Z
Modified
2024-10-30T16:27:20.148064Z
Summary
[none]
Details

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Due to a race condition in a global variable in 3.6.0-rc1, the argo workflows controller can be made to crash on-command by any user with access to execute a workflow. This vulnerability is fixed in 3.6.0-rc2.

References

Affected packages

Bitnami / argo-workflows

Package

Name
argo-workflows
Purl
pkg:bitnami/argo-workflows

Severity

  • 5.7 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
3.6.0-rc1
Fixed
3.6.0-rc2