Vulnerabilities > CVE-2020-8828 - Insecure Default Initialization of Resource vulnerability in Argoproj Argo CD

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
argoproj
CWE-1188

Summary

As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or logs, this issue could be abused for privilege escalation, as Argo has privileged roles. A malicious insider is the most realistic threat, but pod names are not meant to be kept secret and could wind up just about anywhere.

Vulnerable Configurations

Part Description Count
Application
Argoproj
101