Affected by GO-2022-0359 and 19 other vulnerabilities

GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

GO-2023-1520: JWT audience claim is not verified in github.com/argoproj/argo-cd

GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

util

package

v2.3.0 Latest Latest Go to latest Published: Mar 6, 2022 License: Apache-2.0 Imports: 13 Imported by: 2

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/argoproj/argo-cd

Links

Open Source Insights

Documentation ¶

Index ¶

func ConnectToK8sArgoClientSet() *appclientset.Clientset
func ConnectToK8sClientSet() *kubernetes.Clientset
func ConnectToK8sConfig() *rest.Config
func GetRandomString() string
func Parse(opts *GenerateOpts, file string) error
type ApplicationOpts
type Bar
type ClusterOpts
type DestinationOpts
type GenerateOpts
type Kube
type ProjectOpts
type RepositoryOpts
type SourceOpts

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ConnectToK8sArgoClientSet ¶

func ConnectToK8sArgoClientSet() *appclientset.Clientset

func ConnectToK8sClientSet ¶

func ConnectToK8sClientSet() *kubernetes.Clientset

func ConnectToK8sConfig ¶

func ConnectToK8sConfig() *rest.Config

func GetRandomString ¶

func GetRandomString() string

func Parse ¶

func Parse(opts *GenerateOpts, file string) error

Types ¶

type ApplicationOpts ¶

type ApplicationOpts struct {
	Samples         int             `yaml:"samples"`
	SourceOpts      SourceOpts      `yaml:"source"`
	DestinationOpts DestinationOpts `yaml:"destination"`
}

type Bar ¶

type Bar struct {
	// contains filtered or unexported fields
}

Bar ...

func (*Bar) Finish ¶

func (bar *Bar) Finish()

func (*Bar) Increment ¶

func (bar *Bar) Increment()

func (*Bar) NewOption ¶

func (bar *Bar) NewOption(start, total int64)

func (*Bar) Play ¶

func (bar *Bar) Play()

type ClusterOpts ¶

type ClusterOpts struct {
	Samples              int    `yaml:"samples"`
	NamespacePrefix      string `yaml:"namespacePrefix"`
	ValuesFilePath       string `yaml:"valuesFilePath"`
	DestinationNamespace string `yaml:"destinationNamespace"`
	ClusterNamePrefix    string `yaml:"clusterNamePrefix"`
}

type DestinationOpts ¶

type DestinationOpts struct {
	Strategy string `yaml:"strategy"`
}

type GenerateOpts ¶

type GenerateOpts struct {
	ApplicationOpts ApplicationOpts `yaml:"application"`
	ClusterOpts     ClusterOpts     `yaml:"cluster"`
	RepositoryOpts  RepositoryOpts  `yaml:"repository"`
	ProjectOpts     ProjectOpts     `yaml:"project"`
	GithubToken     string
	Namespace       string `yaml:"namespace"`
}

type Kube ¶

type Kube struct {
	Namespace string
	Context   string
}

type ProjectOpts ¶

type ProjectOpts struct {
	Samples int `yaml:"samples"`
}

type RepositoryOpts ¶

type RepositoryOpts struct {
	Samples int `yaml:"samples"`
}

type SourceOpts ¶

type SourceOpts struct {
	Strategy string `yaml:"strategy"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL