CVE-2024-52799

HIGH Year: 2024
CVSS v3 Score
8.2
High
Weakness Type
CWE-250
View all →

Vulnerability Description

Argo Workflows Chart is used to set up argo and its needed dependencies through one command. Prior to 0.44.0, the workflow-role has excessive privileges, the worst being create pods/exec, which will allow kubectl exec into any Pod in the same namespace, i.e. arbitrary code execution within those Pods. If a user can be made to run a malicious template, their whole namespace can be compromised. This affects versions of the argo-workflows Chart that use appVersion: 3.4 and above, which no longer need these permissions for the only available Executor, Emissary. It could also affect users below 3.4 depending on their choice of Executor in those versions. This only affects the Helm Chart and not the upstream manifests. This vulnerability is fixed in 0.44.0.

Related Vulnerabilities

CVE-2024-20999

HIGH
CVSS:8.2(High)

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Zones). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with lo...

CWE-2502024

CVE-2024-21924

HIGH
CVSS:8.2(High)

SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution.

CWE-2502024

CVE-2020-26278

HIGH
CVSS:8.0(High)

Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. Weave Net before version 2.8.0 has a vuln...

CWE-2502020

CVE-2022-41290

HIGH
CVSS:8.4(High)

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the rm_rlcache_file command to obtain root privileges. IBM X-Force ID: 236690.

CWE-2502022