CVE-2024-52799

CVSS 3.1 Score 8.2 of 10 (high)

Details

Published Nov 21, 2024
CWE ID 250
CWE ID 1220

Summary

CVE-2024-52799: Argo Workflows Chart contains a vulnerability in versions prior to 0.44.0. The workflow-role grants excessive privileges, including the ability to create pods and execute arbitrary code within them. This issue affects namespaces using the argo-workflows Chart with appVersion: 3.4 and above, where Emissary Executor is the only available option. If a malicious template is run, an attacker can compromise the entire namespace. This vulnerability has been fixed in version 0.44.0, but older versions with alternative Executors may still be at risk. This issue solely impacts the Helm Chart and not the upstream manifests.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share