Security Advisory

CVE-2020-8828

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-04-08 19:49:14

Last updated 2024-08-04 10:12:10

Assigner mitre

State PUBLISHED

Description

As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or logs, this issue could be abused for privilege escalation, as Argo has privileged roles. A malicious insider is the most realistic threat, but pod names are not meant to be kept secret and could wind up just about anywhere.

← Browse all CVEs View on cve.org ↗