As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or logs, this issue could be abused for privilege escalation, as Argo has privileged roles. A malicious insider is the most realistic threat, but pod names are not meant to be kept secret and could wind up just about anywhere.
Metrics
Affected Vendors & Products
References
History
Wed, 07 Aug 2024 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Argoproj
Argoproj argo Cd |
|
CPEs | cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:* | |
Vendors & Products |
Linuxfoundation
Linuxfoundation argo Continuous Delivery |
Argoproj
Argoproj argo Cd |
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-04-08T19:49:14
Updated: 2024-08-04T10:12:10.971Z
Reserved: 2020-02-10T00:00:00
Link: CVE-2020-8828
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-04-08T20:15:14.763
Modified: 2024-11-21T05:39:31.297
Link: CVE-2020-8828
Redhat
No data.