CVE-2024-52814 Information

Nov 24, 2024 cve

Description

Argo Helm is a collection of community maintained charts for argoproj.github.io projects. Prior to version 0.45.0 the workflow-role) lacks granularity in its privileges giving permissions to workflowtasksets and workflowartifactgctasks to all workflow Pods when only certain types of Pods created by the Controller require these privileges. The impact is minimal as an attack could only affect status reporting for certain types of Pods and templates. Version 0.45.0 fixes the issue.

Reference

https://github.com/argoproj/argo-helm/blob/2653aef414ab6a5d8617af75f04190a8f7da28dc/charts/argo-workflows/templates/controller/workflow-role.yaml https://github.com/argoproj/argo-helm/blob/2653aef414ab6a5d8617af75f04190a8f7da28dc/charts/argo-workflows/templates/controller/workflow-role.yaml#L45-L56 https://github.com/argoproj/argo-helm/security/advisories/GHSA-h974-w8pg-cx73 https://github.com/argoproj/argo-workflows/blob/5aac5a8f61f4e8273d04509dffe7d80123ff67f5/manifests/quick-start/base/agent-role.yaml https://github.com/argoproj/argo-workflows/blob/5aac5a8f61f4e8273d04509dffe7d80123ff67f5/manifests/quick-start/base/artifactgc-role.yaml

Share on: