Default Admin Password Vulnerability in ArgoCD

Default Admin Password Vulnerability in ArgoCD

CVE-2020-8828 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or logs, this issue could be abused for privilege escalation, as Argo has privileged roles. A malicious insider is the most realistic threat, but pod names are not meant to be kept secret and could wind up just about anywhere.

Learn more about our Cis Benchmark Audit For Server Software.