CVE-2024-47827 Argo Workflows Controller: Denial of Service via malicious daemon Workflows

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Due to a race condition in a global variable in 3.6.0-rc1, the argo workflows controller can be made to crash on-command by any user with access to execute a workflow. This vulnerabili...

CVE-2024-47827 Argo Workflows Controller: Denial of Service via malicious daemon Workflows

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Due to a race condition in a global variable in 3.6.0-rc1, the argo workflows controller can be made to crash on-command by any user with access to execute a workflow. This vulnerabili...

Argo Workflows 安全漏洞

Argo Workflows is an open source container-native workflow engine for Kubernetes from the Argo project. A security vulnerability exists in Argo Workflows version 3.6.0-rc1, which stems from a race condition in a global variable that allows any user authorized to execute workflows to crash the arg...

PT-2024-32838

Name of the Vulnerable Software and Affected Versions Argo Workflows version 3.6.0-rc1 Description Due to a race condition in a global variable, the Argo Workflows controller can be made to crash on-command by any user with access to execute a workflow. This issue can be exploited by creating and...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the workflow component. An attacker can gain unauthorized access to modify workflow definitions and execute arbitrary code by exploiting insufficient permission checks via the headless API. Remediation Upgrade...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the workflow component. An attacker can gain unauthorized access to modify workflow definitions and execute arbitrary code by exploiting insufficient permission checks via the headless API. Remediation Upgrade...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the workflow component. An attacker can gain unauthorized access to modify workflow definitions and execute arbitrary code by exploiting insufficient permission checks via the headless API. Remediation Upgrade...

Liferay Portal and Liferay DXP Workflow Component Does Not Check User Permissions

The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a workflow definition, which allows remote...

GHSA-3MFQ-FP2F-VWQH Liferay Portal and Liferay DXP Workflow Component Does Not Check User Permissions

The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a workflow definition, which allows remote...

CVE-2024-38002

The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a workflow definition, which allows remote...

CVE-2024-38002

The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a workflow definition, which allows remote...

CVE-2024-38002

The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a workflow definition, which allows remote...

CVE-2024-38002

The CVE-2024-38002 issue affects Liferay Portal and Liferay DXP, where the workflow component does not properly enforce permission checks when updating a workflow definition via the headless API. This allows remote authenticated users to modify workflow definitions and execute arbitrary code (RCE...

CVE-2024-38002

The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a workflow definition, which allows remote...

PT-2024-27874

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3.2 through 7.4.3.111 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Liferay DXP versions 2023.Q3.1 through 2023.Q3.8 Liferay DXP 7.4 GA through update 92 Liferay DXP 7.3 GA through update 36 Description The workflo...

DEBIAN-CVE-2024-49958

In the Linux kernel, the following vulnerability has been resolved: ocfs2: reserve space for inline xattr before attaching reflink tree One of our customers reported a crash and a corrupted ocfs2 filesystem. The crash was due to the detection of corruption. Upon troubleshooting, the fsck -fn outp...

Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js affect IBM Business Automation Workflow

Summary IBM Business Automation Workflow Configuration Editor is packaging a vulnerable version of the Node.js runtime and vulnerable library versions. Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: expressjs express is vulnerable to cross-site scripting, caused by improper validation of...

Security Bulletin: IBM Master Data Management vulnerable to denial of service from IBM Business Automation Workflow using Apache Johnzon

Summary IBM Master Data Management version 14.0 is impacted by vulnerability in IBM Business Automation Workflow. Apache Johnzon is vulnerable to a denial of service, caused by an unsafe deserialization flaw in BigDecimal. By sending a specially crafted JSON input, a remote attacker could exploit...

Security Bulletin: IBM Master Data Management is vulnerable to denial of service from Apache Commons Compress used in IBM Business Workflow Automation

Summary IBM Master Data Management v14.0 is vulnerable to denial of service from Apache commons compress used in IBM Business Workflow Automation. Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw. By persuading a victim to open a specially crafted DUMP...

CVE-2024-47179 RSSHub's `docker-test-cont.yml` workflow is vulnerable to Artifact Poisoning which may lead to a full repository takeover.

RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub's docker-test-cont.yml workflow is vulnerable to Artifact Poisoning, which could have lead to a full repository takeover. Downstream users of RSSHub are not vulnerable to this issue, and commit 64e00e7 fixed the underlying issue and made t...