As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or logs, this issue could be abused for privilege escalation, as Argo has privileged roles. A malicious insider is the most realistic threat, but pod names are not meant to be kept secret and could wind up just about anywhere.
History

Wed, 07 Aug 2024 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Argoproj
Argoproj argo Cd
CPEs cpe:2.3:a:linuxfoundation:argo_continuous_delivery:*:*:*:*:*:kubernetes:*:* cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*
Vendors & Products Linuxfoundation
Linuxfoundation argo Continuous Delivery
Argoproj
Argoproj argo Cd

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-04-08T19:49:14

Updated: 2024-08-04T10:12:10.971Z

Reserved: 2020-02-10T00:00:00

Link: CVE-2020-8828

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-04-08T20:15:14.763

Modified: 2024-11-21T05:39:31.297

Link: CVE-2020-8828

cve-icon Redhat

No data.