Affected by GO-2022-0304 and 20 other vulnerabilities

GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd

GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd

GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

GO-2025-3427: ArgoCD Namespace Isolation Break in github.com/argoproj/argo-cd

The highest tagged major version is v2.

config

package

v0.3.1 Latest Latest Go to latest Published: Apr 24, 2018 License: Apache-2.0 Imports: 8 Imported by: 44

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/argoproj/argo-cd

Links

Open Source Insights

Documentation ¶

Index ¶

type ArgoCDSettings
type ConfigManager
- func NewConfigManager(clientset kubernetes.Interface, namespace string) *ConfigManager
- func (mgr *ConfigManager) GetSettings() (*ArgoCDSettings, error)
- func (mgr *ConfigManager) SaveSettings(settings *ArgoCDSettings) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ArgoCDSettings ¶

type ArgoCDSettings struct {
	// LocalUsers holds users local to (stored on) the server.  This is to be distinguished from any potential alternative future login providers (LDAP, SAML, etc.) that might ever be added.
	LocalUsers map[string]string

	// ServerSignature holds the key used to generate JWT tokens.
	ServerSignature []byte

	// Certificate holds the certificate/private key for the ArgoCD API server.
	// If nil, will run insecure without TLS.
	Certificate *tls.Certificate
}

ArgoCDSettings holds in-memory runtime configuration options.

type ConfigManager ¶

type ConfigManager struct {
	// contains filtered or unexported fields
}

ConfigManager holds config info for a new manager with which to access Kubernetes ConfigMaps.

func NewConfigManager ¶

func NewConfigManager(clientset kubernetes.Interface, namespace string) *ConfigManager

NewConfigManager generates a new ConfigManager pointer and returns it

func (*ConfigManager) GetSettings ¶

func (mgr *ConfigManager) GetSettings() (*ArgoCDSettings, error)

GetSettings retrieves settings from the ConfigManager.

func (*ConfigManager) SaveSettings ¶

func (mgr *ConfigManager) SaveSettings(settings *ArgoCDSettings) error

SaveSettings serializes ArgoCD settings and upserts it into K8s secret/configmap

Source Files ¶

View all Source files

configmanager.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL