Race Condition in Argo Workflows Controller Affects Kubernetes Orchestration
CVE-2024-47827

5.7MEDIUM

Key Information:

Vendor: Argoproj
Status: Argo-workflows
Vendor: CVE Published:; 28 October 2024

What is CVE-2024-47827?

Argo Workflows, an open-source container-native workflow engine, is affected by a race condition in version 3.6.0-rc1. This vulnerability allows any user with the capability to execute a workflow to trigger a crash in the Argo workflows controller, leading to service disruption. The issue has been resolved in version 3.6.0-rc2, emphasizing the importance of prompt updates and security patches.

Affected Version(s)

argo-workflows >= 3.6.0-rc1, < 3.6.0-rc2

References

https://github.com/argoproj/argo-workflows/security/advis...

x_refsource_CONFIRM

https://github.com/argoproj/argo-workflows/pull/13641

x_refsource_MISC

https://github.com/argoproj/argo-workflows/commit/5244064...

x_refsource_MISC

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2024

Argoproj

What is CVE-2024-47827?

Affected Version(s)

References

CVSS V3.1

Timeline