CVE-2024-52799

Name of the Vulnerable Software and Affected Versions Argo Workflows Chart versions prior to 0.44.0

Description The workflow-role in the Argo Workflows Chart has excessive privileges, including the ability to create pods/exec, which allows for arbitrary code execution within pods in the same namespace. If a user can be made to run a malicious template, their whole namespace can be compromised. This issue affects versions of the argo-workflows Chart that use appVersion: 3.4 and above, as well as users below 3.4 depending on their choice of Executor. The vulnerability is specific to the Helm Chart and does not affect the upstream manifests.

Recommendations For versions prior to 0.44.0, update to version 0.44.0 to fix the issue. As a temporary workaround, consider restricting the privileges of the workflow-role to minimize the risk of exploitation.