Affected by GO-2022-0359
and 19 other vulnerabilities
GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd
GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd
GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2023-1520: JWT audience claim is not verified in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
package
Version:
v2.3.1
Opens a new window with list of versions in this module.
Published: Mar 10, 2022
License: Apache-2.0
Opens a new window with license information.
Imports: 9
Opens a new window with list of imports.
Imported by: 4
Opens a new window with list of known importers.
Documentation
¶
- Variables
-
func AddCacheFlagsToCmd(cmd *cobra.Command, opts ...func(client *redis.Client)) func() (*Cache, error)
-
type Cache
-
func (c *Cache) GetAppManagedResources(appName string, res *[]*appv1.ResourceDiff) error
-
func (c *Cache) GetAppResourcesTree(appName string, res *appv1.ApplicationTree) error
-
func (c *Cache) GetClusterInfo(server string, res *appv1.ClusterInfo) error
-
func (c *Cache) GetItem(key string, item interface{}) error
-
func (c *Cache) OnAppResourcesTreeChanged(ctx context.Context, appName string, callback func() error) error
-
func (c *Cache) SetAppManagedResources(appName string, managedResources []*appv1.ResourceDiff) error
-
func (c *Cache) SetAppResourcesTree(appName string, resourcesTree *appv1.ApplicationTree) error
-
func (c *Cache) SetClusterInfo(server string, info *appv1.ClusterInfo) error
-
func (c *Cache) SetItem(key string, item interface{}, expiration time.Duration, delete bool) error
Source Files
¶
Click to show internal directories.
Click to hide internal directories.