VYPR
Low severity2.8OSV Advisory· Published Nov 22, 2024· Updated Apr 15, 2026

CVE-2024-52814

CVE-2024-52814

Description

Argo Helm is a collection of community maintained charts for argoproj.github.io projects. Prior to version 0.45.0, the workflow-role) lacks granularity in its privileges, giving permissions to workflowtasksets and workflowartifactgctasks to all workflow Pods, when only certain types of Pods created by the Controller require these privileges. The impact is minimal, as an attack could only affect status reporting for certain types of Pods and templates. Version 0.45.0 fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Argoproj/Argo HelmOSV2 versions
    argo-1.0.0, argo-cd-3.0.0, argo-cd-3.1.0, …+ 1 more
    • (no CPE)range: argo-1.0.0, argo-cd-3.0.0, argo-cd-3.1.0, …
    • (no CPE)range: <0.45.0

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.