Affected by GO-2022-0304
and 21 other vulnerabilities
GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd
GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd
GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd
GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd
GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd
GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd
GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
GO-2025-3427: ArgoCD Namespace Isolation Break in github.com/argoproj/argo-cd
GO-2025-3433: Argo CD does not scrub secret values from patch errors in github.com/argoproj/argo-cd
The highest tagged major version is
v2.
package
Version:
v0.3.1
Opens a new window with list of versions in this module.
Published: Apr 24, 2018
License: Apache-2.0
Opens a new window with license information.
Imports: 5
Opens a new window with list of imports.
Imported by: 106
Opens a new window with list of known importers.
Documentation
¶
MakeSignature generates a cryptographically-secure pseudo-random token, based on a given number of random bytes, for signing purposes.
type SessionManager struct {
}
SessionManager generates and validates JWT tokens for login sessions.
MakeSessionManager creates a new session manager with the given secret key.
Create creates a new token for a given subject (user) and returns it as a string.
LoginLocalUser checks if a username/password combo is correct and creates a new token if so.
[TODO] This may belong elsewhere.
Parse tries to parse the provided string and returns the token claims.
SessionManagerTokenClaims holds claim metadata for a token.
Source Files
¶
Click to show internal directories.
Click to hide internal directories.