admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-478xx/CVE-2024-47827.json
cad-safe-bot 865d8c9414 Auto-Update: 2025-04-20T02:01:32.812855+00:00
2025-04-20 02:05:18 +00:00

126 lines
4.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-47827",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-28T16:15:03.990",
"lastModified": "2024-11-05T16:50:27.330",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Due to a race condition in a global variable in 3.6.0-rc1, the argo workflows controller can be made to crash on-command by any user with access to execute a workflow. This vulnerability is fixed in 3.6.0-rc2."
},
{
"lang": "es",
"value": "Argo Workflows es un motor de flujo de trabajo nativo de contenedores de c\u00f3digo abierto para orquestar trabajos paralelos en Kubernetes. Debido a una condici\u00f3n de ejecuci\u00f3n en una variable global en 3.6.0-rc1, cualquier usuario con acceso para ejecutar un flujo de trabajo puede hacer que el controlador de flujos de trabajo de Argo se bloquee cuando as\u00ed lo ordene. Esta vulnerabilidad se solucion\u00f3 en 3.6.0-rc2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-362"
},
{
"lang": "en",
"value": "CWE-1108"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:argo_workflows_project:argo_workflows:3.6.0:rc1:*:*:*:kubernetes:*:*",
"matchCriteriaId": "EACC9ADA-86E2-4292-8389-3243F03238D0"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/argoproj/argo-workflows/blob/ce7f9bfb9b45f009b3e85fabe5e6410de23c7c5f/workflow/metrics/metrics_k8s_request.go#L75",
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/argoproj/argo-workflows/commit/524406451f4dfa57bf3371fb85becdb56a2b309a",
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/argoproj/argo-workflows/pull/13641",
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-ghjw-32xw-ffwr",
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink