{"id":"GHSA-rc7p-gmvh-xfx2","summary":"Attack on Kubernetes via Misconfigured Argo Workflows","details":"### Impact\n\nUsers running using the Argo Server with `--auth-mode=server` (which is the default \u003c v3.0.0) AND have exposed their UI to the Internet may allow remote users to execute arbitrary code on their cluster, e.g. crypto-mining.\n\n### Resolution\n\n* Do not expose your user interface to the Internet. \n* Change configuration. `--auth-mode=client`. \n\nFor users using an older 2.x version of Argo Server, consider upgrading to Argo Server version 3.x or later.\n","modified":"2021-08-02T17:18:32Z","published":"2021-08-02T17:19:52Z","database_specific":{"severity":"MODERATE","cwe_ids":[],"github_reviewed":true,"nvd_published_at":null,"github_reviewed_at":"2021-07-22T20:25:42Z"},"references":[{"type":"WEB","url":"https://github.com/argoproj/argo-workflows/security/advisories/GHSA-rc7p-gmvh-xfx2"},{"type":"WEB","url":"https://www.intezer.com/blog/container-security/new-attacks-on-kubernetes-via-misconfigured-argo-workflows"}],"affected":[{"package":{"name":"github.com/argoproj/argo-workflows","ecosystem":"Go","purl":"pkg:golang/github.com/argoproj/argo-workflows"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"database_specific":{"last_known_affected_version_range":"\u003c 3.0.0","source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-rc7p-gmvh-xfx2/GHSA-rc7p-gmvh-xfx2.json"}}],"schema_version":"1.7.3"}