Vulnerabilities > CVE-2020-8827 - Improper Restriction of Excessive Authentication Attempts vulnerability in Argoproj Argo CD

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
argoproj
CWE-307

Summary

As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence.

Vulnerable Configurations

Part Description Count
Application
Argoproj
101