Affected by GO-2022-0304
and 20 other vulnerabilities
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2023-1520: JWT audience claim is not verified in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
package
Version:
v2.1.0-rc1
Opens a new window with list of versions in this module.
Published: Jul 28, 2021
License: Apache-2.0
Opens a new window with license information.
Imports: 13
Opens a new window with list of imports.
Imported by: 2
Opens a new window with list of known importers.
Documentation
¶
View Source
var (
Blue = color.RGBA{16, 61, 102, 255}
Green = color.RGBA{11, 97, 42, 255}
Purple = color.RGBA{115, 31, 77, 255}
Orange = color.RGBA{189, 115, 0, 255}
Red = color.RGBA{167, 46, 38, 255}
Grey = color.RGBA{41, 52, 61, 255}
HealthStatusColors = map[health.HealthStatusCode]color.RGBA{
health.HealthStatusDegraded: Red,
health.HealthStatusHealthy: Green,
health.HealthStatusMissing: Purple,
health.HealthStatusProgressing: Blue,
health.HealthStatusSuspended: Grey,
health.HealthStatusUnknown: Purple,
}
SyncStatusColors = map[appv1.SyncStatusCode]color.RGBA{
appv1.SyncStatusCodeSynced: Green,
appv1.SyncStatusCodeOutOfSync: Orange,
appv1.SyncStatusCodeUnknown: Purple,
}
)
NewHandler creates handler serving to do api/badge endpoint
Handler used to get application in order to access health/sync
ServeHTTP returns badge with health and sync status for application
(or an error badge if wrong query or application name is given)
Source Files
¶
Click to show internal directories.
Click to hide internal directories.