CVE-2024-52814

LOW Year: 2024
CVSS v3 Score
2.8
Low
Weakness Type
CWE-1220
View all →

Vulnerability Description

Argo Helm is a collection of community maintained charts for `argoproj.github.io` projects. Prior to version 0.45.0, the `workflow-role`) lacks granularity in its privileges, giving permissions to `workflowtasksets` and `workflowartifactgctasks` to all workflow Pods, when only certain types of Pods created by the Controller require these privileges. The impact is minimal, as an attack could only affect status reporting for certain types of Pods and templates. Version 0.45.0 fixes the issue.

Related Vulnerabilities

CVE-2024-26246

LOW
CVSS:3.9(Low)

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CWE-12202024

CVE-2023-39418

MEDIUM
CVSS:4.3(Medium)

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbi...

CWE-12202023

CVE-2024-6867

MEDIUM
CVSS:4.3(Medium)

An information disclosure vulnerability exists in the lunary-ai/lunary, specifically in the `runs/{run_id}/related` endpoint. This endpoint does not verify that the user has the necessary access right...

CWE-12202024

CVE-2025-1110

MEDIUM
CVSS:4.3(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions could access Job Data via a crafted GraphQL query...

CWE-12202025

CVE-2022-2475

HIGH
CVSS:8.8(High)

Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the "Ethernet Q Commands" service. Any user is able to write macros into registers outside of the auth...

CWE-12202022

CVE-2025-29987

HIGH
CVSS:8.8(High)

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a tru...

CWE-12202025