Argoproj: >> Argo Cd >> 0.10.0 Security Vulnerabilities
As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or logs, this issue could be abused for privilege escalation, as Argo has privileged roles. A malicious insider is the most realistic threat, but pod names are not meant to be kept secret and could wind up just about anywhere.
CVSS Score
8.8
EPSS Score
0.005
Published
2020-04-08
Page 3