Moderate severityNVD Advisory· Published Oct 28, 2024· Updated Apr 4, 2025
Argo Workflows Controller: Denial of Service via malicious daemon Workflows
CVE-2024-47827
Description
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Due to a race condition in a global variable in 3.6.0-rc1, the argo workflows controller can be made to crash on-command by any user with access to execute a workflow. This vulnerability is fixed in 3.6.0-rc2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/argoproj/argo-workflows/v3Go | >= 3.6.0-rc1, < 3.6.0-rc2 | 3.6.0-rc2 |
Affected products
9- osv-coords8 versionspkg:bitnami/argo-workflowspkg:golang/github.com/argoproj/argo-workflows/v3pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweedpkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5pkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Package%20Hub%2012
>= 3.6.0-rc1, < 3.6.0-rc2+ 7 more
- (no CPE)range: >= 3.6.0-rc1, < 3.6.0-rc2
- (no CPE)range: >= 3.6.0-rc1, < 3.6.0-rc2
- (no CPE)range: < 0.0.20241030T212825-150000.1.9.1
- (no CPE)range: < 0.0.20241030T212825-150000.1.9.1
- (no CPE)range: < 0.0.20241030T212825-1.1
- (no CPE)range: < 0.0.20241030T212825-150000.1.9.1
- (no CPE)range: < 0.0.20241030T212825-150000.1.9.1
- (no CPE)range: < 0.0.20241104T154416-5.1
- Range: >= 3.6.0-rc1, < 3.6.0-rc2
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-ghjw-32xw-ffwrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-47827ghsaADVISORY
- github.com/argoproj/argo-workflows/blob/ce7f9bfb9b45f009b3e85fabe5e6410de23c7c5f/workflow/metrics/metrics_k8s_request.goghsax_refsource_MISCWEB
- github.com/argoproj/argo-workflows/commit/524406451f4dfa57bf3371fb85becdb56a2b309aghsax_refsource_MISCWEB
- github.com/argoproj/argo-workflows/pull/13641ghsax_refsource_MISCWEB
- github.com/argoproj/argo-workflows/security/advisories/GHSA-ghjw-32xw-ffwrghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.