CVE-2024-52799
CVSS 3.1 Score 8.2 of 10 (high)
Details
Summary
CVE-2024-52799: Argo Workflows Chart contains a vulnerability in versions prior to 0.44.0. The workflow-role grants excessive privileges, including the ability to create pods and execute arbitrary code within them. This issue affects namespaces using the argo-workflows Chart with appVersion: 3.4 and above, where Emissary Executor is the only available option. If a malicious template is run, an attacker can compromise the entire namespace. This vulnerability has been fixed in version 0.44.0, but older versions with alternative Executors may still be at risk. This issue solely impacts the Helm Chart and not the upstream manifests.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.