Описание
Attack on Kubernetes via Misconfigured Argo Workflows
Impact
Users running using the Argo Server with --auth-mode=server (which is the default < v3.0.0) AND have exposed their UI to the Internet may allow remote users to execute arbitrary code on their cluster, e.g. crypto-mining.
Resolution
- Do not expose your user interface to the Internet.
- Change configuration.
--auth-mode=client.
For users using an older 2.x version of Argo Server, consider upgrading to Argo Server version 3.x or later.
Пакеты
Наименование
github.com/argoproj/argo-workflows
go
Затронутые версииВерсия исправления
Отсутствует