GO-2022-0304
and 26 other vulnerabilities
GO-2022-0304 : Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0359 : Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387 : Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453 : Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454 : Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455 : Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0495 : DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd
GO-2022-0516 : Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd
GO-2022-0517 : Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0518 : Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd
GO-2022-0869 : Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892 : Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512 : Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577 : Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670 : Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-1952 : Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018 : Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049 : Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050 : Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085 : Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2728 : Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792 : Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877 : ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2902 : Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3006 : The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
GO-2025-3427 : ArgoCD Namespace Isolation Break in github.com/argoproj/argo-cd
GO-2025-3433 : Argo CD does not scrub secret values from patch errors in github.com/argoproj/argo-cd
The highest tagged major version is
v2 .
Discover Packages
github.com/argoproj/argo-cd
util
password
package
Version:
v0.11.0-rc2
Opens a new window with list of versions in this module.
Published: Dec 28, 2018
License: Apache-2.0
Opens a new window with license information.
Imports: 3
Opens a new window with list of imports.
Imported by: 43
Opens a new window with list of known importers.
Documentation
¶
HashPassword hashes against the current preferred hasher.
func VerifyPassword(password, hashedPassword string ) (valid, stale bool )
VerifyPassword verifies an entered password against a hashed password and returns whether the hash is "stale" (i.e., was verified using the FIRST preferred hasher above).
type BcryptPasswordHasher struct {
Cost int
}
BcryptPasswordHasher handles password hashing with Bcrypt. Create with `0` as the work factor to default to bcrypt.DefaultCost at hashing time. The Cost field represents work factor.
HashPassword creates a one-way digest ("hash") of a password. In the case of Bcrypt, a pseudorandom salt is included automatically by the underlying library. For security reasons, the work factor is always at _least_ bcrypt.DefaultCost.
VerifyPassword validates whether a one-way digest ("hash") of a password was created from a given plaintext password.
type DummyPasswordHasher struct{}
DummyPasswordHasher is for testing ONLY. DO NOT USE in a production context.
HashPassword creates a one-way digest ("hash") of a password. In the case of Bcrypt, a pseudorandom salt is included automatically by the underlying library.
VerifyPassword validates whether a one-way digest ("hash") of a password was created from a given plaintext password.
PasswordHasher is an interface type to declare a general-purpose password management tool.
¶
Click to show internal directories.
Click to hide internal directories.
Affected by 
The highest tagged major version is
Documentation
¶
Source Files