Description

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Due to a race condition in a global variable in 3.6.0-rc1, the argo workflows controller can be made to crash on-command by any user with access to execute a workflow. This vulnerability is fixed in 3.6.0-rc2.

INFO

Published Date :

2024-10-28T15:10:55.772Z

Last Modified :

2025-04-04T20:43:57.325Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-47827 vulnerability.

Vendors Products
Argoproj
  • Argo-workflows
  • Argo Workflows
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-47827.

URL Resource
https://github.com/argoproj/argo-workflows/blob/ce7f9bfb9b45f009b3e85fabe5e6410de23c7c5f/workflow/metrics/metrics_k8s_request.go#L75 cve-icon cve-icon cve-icon
https://github.com/argoproj/argo-workflows/commit/524406451f4dfa57bf3371fb85becdb56a2b309a cve-icon cve-icon cve-icon
https://github.com/argoproj/argo-workflows/pull/13641 cve-icon cve-icon cve-icon
https://github.com/argoproj/argo-workflows/security/advisories/GHSA-ghjw-32xw-ffwr cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-47827 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-47827 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact