An unpatched Argo CD vulnerability demonstrates that GitOps platforms must protect internal cluster access with the same security rigor as external exposure, because any compromised pod can directly execute code and manipulate deployments.
An unpatched security flaw in Argo CD’s repo-server component allows network-accessible attackers to execute code with potential for complete cluster compromise.
A vulnerability in Red Hat Advanced Cluster Management enables authenticated attackers to execute code and carry out DoS attacks on central cluster management infrastructure.
While switching to IaaS or Hyper-V lowers Broadcom licensing costs, the costlier problem of running VMs and containers in parallel remains unsolved – convergence on Kubernetes with KubeVirt significantly reduces total cost of ownership long-term.