CVE-2024-52814

CVSS 3.1 Score 2.8 of 10 (low)

Details

Published Nov 22, 2024
CWE ID 1220

Summary

CVE-2024-52814 is a vulnerability affecting Argo Helm, a collection of community charts for `argoproj.github.io` projects. Prior to version 0.45.0, the `workflow-role` in Argo Helm lacked granularity in its privileges, granting permissions to `workflowtasksets` and `workflowartifactgctasks` for all workflow Pods, despite only specific types requiring these privileges. This issue poses a minimal risk, as attackers could only manipulate status reporting for certain types of Pods and templates. The vulnerability is resolved in version 0.45.0.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share