GO-2023-1577
and 7 other vulnerabilities
GO-2023-1577 : Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670 : Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2049 : Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2024-2646 : Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2792 : Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877 : ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898 : Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-3002 : Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
Discover Packages
github.com/argoproj/argo-cd/v2
util
io
files
package
Version:
v2.3.15
Opens a new window with list of versions in this module.
Published: Jan 27, 2023
License: Apache-2.0
Opens a new window with license information.
Imports: 4
Opens a new window with list of imports.
Imported by: 2
Opens a new window with list of known importers.
Documentation
¶
Inbound will validate if the given candidate path is inside the
baseDir. This is useful to make sure that malicious candidates
are not targeting a file outside of baseDir boundaries.
Considerations:
- baseDir must be absolute path. Will return false otherwise
- candidate can be absolute or relative path
- candidate should not be symlink as only syntatic validation is
applied by this function
IsSymlink return true if the given FileInfo relates to a
symlink file. Returns false otherwise.
¶
Click to show internal directories.
Click to hide internal directories.
Affected by 
Documentation
¶
Source Files