CVSS: 8.3EPSS: %CPEs: 1EXPL: 0CVE-2024-52799 – Argo Workflows Chart: Excessive Privileges in Workflow Role
https://notcve.org/view.php?id=CVE-2024-52799
Argo Workflows Chart is used to set up argo and its needed dependencies through one command. Prior to 0.44.0, the workflow-role has excessive privileges, the worst being create pods/exec, which will allow kubectl exec into any Pod in the same namespace, i.e. arbitrary code execution within those Pods. If a user can be made to run a malicious template, their whole namespace can be compromised. This affects versions of the argo-workflows Chart that use appVersion: 3.4 and above, which no longer need these permissions for the only available Executor, Emissary. It could also affect users below 3.4 depending on their choice of Executor in those versions. • https://github.com/argoproj/argo-helm/security/advisories/GHSA-fgrf-2886-4q7m https://github.com/argoproj/argo-helm/commit/81dc44c4a5ccd42c799469a78eb96a68048a4987 • CWE-250: Execution with Unnecessary Privileges CWE-1220: Insufficient Granularity of Access Control •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47827 – Argo Workflows Controller: Denial of Service via malicious daemon Workflows
https://notcve.org/view.php?id=CVE-2024-47827
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Due to a race condition in a global variable in 3.6.0-rc1, the argo workflows controller can be made to crash on-command by any user with access to execute a workflow. This vulnerability is fixed in 3.6.0-rc2. • https://github.com/argoproj/argo-workflows/blob/ce7f9bfb9b45f009b3e85fabe5e6410de23c7c5f/workflow/metrics/metrics_k8s_request.go#L75 https://github.com/argoproj/argo-workflows/commit/524406451f4dfa57bf3371fb85becdb56a2b309a https://github.com/argoproj/argo-workflows/pull/13641 https://github.com/argoproj/argo-workflows/security/advisories/GHSA-ghjw-32xw-ffwr • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-1108: Excessive Reliance on Global Variables •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-41666 – The Argo CD web terminal session does not handle the revocation of user permissions properly.
https://notcve.org/view.php?id=CVE-2024-41666
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD has a Web-based terminal that allows users to get a shell inside a running pod, just as they would with kubectl exec. Starting in version 2.6.0, when the administrator enables this function and grants permission to the user `p, role:myrole, exec, create, */*, allow`, even if the user revokes this permission, the user can still perform operations in the container, as long as the user keeps the terminal view open for a long time. Although the token expiration and revocation of the user are fixed, however, the fix does not address the situation of revocation of only user `p, role:myrole, exec, create, */*, allow` permissions, which may still lead to the leakage of sensitive information. A patch for this vulnerability has been released in Argo CD versions 2.11.7, 2.10.16, and 2.9.21. • https://drive.google.com/file/d/1Fynj5Sho8Lf8CETqsNXZyPKlTDdmgJuN/view?usp=sharing https://github.com/argoproj/argo-cd/commit/05edb2a9ca48f0f10608c1b49fbb0cf7164f6476 https://github.com/argoproj/argo-cd/commit/e96f32d233504101ddac028a5bf8117433d333d6 https://github.com/argoproj/argo-cd/commit/ef535230d8bd8ad7b18aab1ea1063e9751d348c4 https://github.com/argoproj/argo-cd/security/advisories/GHSA-v8wx-v5jq-qhhw • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-40634 – Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint
https://notcve.org/view.php?id=CVE-2024-40634
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. This report details a security vulnerability in Argo CD, where an unauthenticated attacker can send a specially crafted large JSON payload to the /api/webhook endpoint, causing excessive memory allocation that leads to service disruption by triggering an Out Of Memory (OOM) kill. The issue poses a high risk to the availability of Argo CD deployments. This vulnerability is fixed in 2.11.6, 2.10.15, and 2.9.20. Argo CD es una herramienta declarativa de entrega continua de GitOps para Kubernetes. • https://github.com/argoproj/argo-cd/commit/46c0c0b64deaab1ece70cb701030b76668ad0cdc https://github.com/argoproj/argo-cd/commit/540e3a57b90eb3655db54793332fac86bcc38b36 https://github.com/argoproj/argo-cd/commit/d881ee78949e23160a0b280bb159e4d3d625a4df https://github.com/argoproj/argo-cd/security/advisories/GHSA-jmvp-698c-4x3w https://access.redhat.com/security/cve/CVE-2024-40634 https://bugzilla.redhat.com/show_bug.cgi?id=2299473 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 16%CPEs: 3EXPL: 0CVE-2024-37152 – Unauthenticated Access to sensitive settings in Argo CD
https://notcve.org/view.php?id=CVE-2024-37152
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern. This vulnerability is fixed in 2.11.3, 2.10.12, and 2.9.17. Argo CD es una herramienta declarativa de entrega continua de GitOps para Kubernetes. • https://github.com/argoproj/argo-cd/commit/256d90178b11b04bc8174d08d7b663a2a7b1771b https://github.com/argoproj/argo-cd/security/advisories/GHSA-87p9-x75h-p4j2 • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •