10 matches found
EUVD-2024-46057
Malicious code in bioql PyPI...
CVE-2024-52814
Argo Helm is a collection of community maintained charts for argoproj.github.io projects. Prior to version 0.45.0, the workflow-role lacks granularity in its privileges, giving permissions to workflowtasksets and workflowartifactgctasks to all workflow Pods, when only certain types of Pods create...
CVE-2024-52814 Helm Lacks Granularity in Workflow Role
Argo Helm is a collection of community maintained charts for argoproj.github.io projects. Prior to version 0.45.0, the workflow-role lacks granularity in its privileges, giving permissions to workflowtasksets and workflowartifactgctasks to all workflow Pods, when only certain types of Pods create...
CVE-2024-52814
CVE-2024-52814 — Helm (Argo) workflow-role privileges lack granularity : Affects Argo Helm prior to 0.45.0. The issue grants broad permissions in the workflow-role to all workflow Pods, not only those that require them, potentially impacting status reporting for certain Pods/Templates. Multiple s...
CVE-2024-52814 Helm Lacks Granularity in Workflow Role
Argo Helm is a collection of community maintained charts for argoproj.github.io projects. Prior to version 0.45.0, the workflow-role lacks granularity in its privileges, giving permissions to workflowtasksets and workflowartifactgctasks to all workflow Pods, when only certain types of Pods create...
PT-2024-35462 · Argo Helm · Argo Helm
Name of the Vulnerable Software and Affected Versions: Argo Helm versions prior to 0.45.0 Description: The issue is related to the workflow-role lacking granularity in its privileges, giving unnecessary permissions to workflowtasksets and workflowartifactgctasks for all workflow Pods. This could...
CVE-2024-52799
Argo Workflows Chart (Helm) prior to 0.44.0 has a vulnerable workflow-role with excessive privileges, including create pods/exec, enabling kubectl exec into any Pod in the same namespace and potentially arbitrary code execution if a user runs a malicious template. Affected charts are those using ...
CVE-2024-52799 Argo Workflows Chart: Excessive Privileges in Workflow Role
Argo Workflows Chart is used to set up argo and its needed dependencies through one command. Prior to 0.44.0, the workflow-role has excessive privileges, the worst being create pods/exec, which will allow kubectl exec into any Pod in the same namespace, i.e. arbitrary code execution within those...
CVE-2024-52799 Argo Workflows Chart: Excessive Privileges in Workflow Role
Argo Workflows Chart is used to set up argo and its needed dependencies through one command. Prior to 0.44.0, the workflow-role has excessive privileges, the worst being create pods/exec, which will allow kubectl exec into any Pod in the same namespace, i.e. arbitrary code execution within those...
PT-2024-35450 · Unknown · Argo Workflows Chart
Name of the Vulnerable Software and Affected Versions: Argo Workflows Chart versions prior to 0.44.0 Description: The workflow-role in the Argo Workflows Chart has excessive privileges, including the ability to create pods/exec, which allows for arbitrary code execution within pods in the same...