Users running using the Argo Server with --auth-mode=server
(which is the default < v3.0.0) AND have exposed their UI to the Internet may allow remote users to execute arbitrary code on their cluster, e.g. crypto-mining.
--auth-mode=client
. For users using an older 2.x version of Argo Server, consider upgrading to Argo Server version 3.x or later.
{ "nvd_published_at": null, "cwe_ids": [], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2021-07-22T20:25:42Z" }