CVE-2024-47827

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-47827
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47827.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-47827
Aliases
Published
2024-10-28T16:15:03Z
Modified
2024-10-30T16:27:20.148064Z
Summary
[none]
Details

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Due to a race condition in a global variable in 3.6.0-rc1, the argo workflows controller can be made to crash on-command by any user with access to execute a workflow. This vulnerability is fixed in 3.6.0-rc2.

References

Affected packages

Git / github.com/argoproj/argo-workflows

Affected ranges

Type
GIT
Repo
https://github.com/argoproj/argo-workflows
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

Other

ui-v3-rc1

v2.*

v2.0.0
v2.0.0-alpha1
v2.0.0-alpha2
v2.0.0-alpha3
v2.0.0-beta1
v2.1.0
v2.1.0-alpha1
v2.1.0-beta1
v2.1.0-beta2
v2.1.1
v2.10.0-rc1
v2.2.0
v2.2.1
v2.3.0-rc1
v2.3.0-rc2
v2.3.0-rc3

v3.*

v3.1.0-rc1
v3.2.0-rc1
v3.2.0-rc2
v3.2.0-rc3
v3.2.0-rc4
v3.3.0-rc1
v3.3.0-rc2
v3.3.0-rc3
v3.3.0-rc4
v3.3.0-rc5
v3.3.0-rc6
v3.3.0-rc7
v3.3.0-rc8
v3.4.0-rc1
v3.4.0-rc2
v3.4.0-rc3
v3.4.0-rc4
v3.5.0
v3.5.0-rc1
v3.5.0-rc2
v3.6.0-rc1