Affected by GO-2022-0304 and 25 other vulnerabilities

GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd

GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd

GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

GO-2025-3427: ArgoCD Namespace Isolation Break in github.com/argoproj/argo-cd

GO-2025-3433: Argo CD does not scrub secret values from patch errors in github.com/argoproj/argo-cd

The highest tagged major version is v2.

apiclient

package

v0.5.4 Latest Latest Go to latest Published: Jun 27, 2018 License: Apache-2.0 Imports: 20 Imported by: 58

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/argoproj/argo-cd

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type Client
- func NewClient(opts *ClientOptions) (Client, error)
- func NewClientOrDie(opts *ClientOptions) Client
type ClientOptions

Constants ¶

View Source

const (
	MetaDataTokenKey = "token"
	// EnvArgoCDServer is the environment variable to look for an ArgoCD server address
	EnvArgoCDServer = "ARGOCD_SERVER"
	// EnvArgoCDAuthToken is the environment variable to look for an ArgoCD auth token
	EnvArgoCDAuthToken = "ARGOCD_AUTH_TOKEN"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Client ¶ added in v0.4.2

type Client interface {
	ClientOptions() ClientOptions
	NewConn() (*grpc.ClientConn, error)
	NewRepoClient() (*grpc.ClientConn, repository.RepositoryServiceClient, error)
	NewRepoClientOrDie() (*grpc.ClientConn, repository.RepositoryServiceClient)
	NewClusterClient() (*grpc.ClientConn, cluster.ClusterServiceClient, error)
	NewClusterClientOrDie() (*grpc.ClientConn, cluster.ClusterServiceClient)
	NewApplicationClient() (*grpc.ClientConn, application.ApplicationServiceClient, error)
	NewApplicationClientOrDie() (*grpc.ClientConn, application.ApplicationServiceClient)
	NewSessionClient() (*grpc.ClientConn, session.SessionServiceClient, error)
	NewSessionClientOrDie() (*grpc.ClientConn, session.SessionServiceClient)
	NewSettingsClient() (*grpc.ClientConn, settings.SettingsServiceClient, error)
	NewSettingsClientOrDie() (*grpc.ClientConn, settings.SettingsServiceClient)
	NewVersionClient() (*grpc.ClientConn, version.VersionServiceClient, error)
	NewVersionClientOrDie() (*grpc.ClientConn, version.VersionServiceClient)
}

Client defines an interface for interaction with an Argo CD server.

func NewClient ¶

func NewClient(opts *ClientOptions) (Client, error)

NewClient creates a new API client from a set of config options.

func NewClientOrDie ¶

func NewClientOrDie(opts *ClientOptions) Client

NewClientOrDie creates a new API client from a set of config options, or fails fatally if the new client creation fails.

type ClientOptions ¶

type ClientOptions struct {
	ServerAddr string
	PlainText  bool
	Insecure   bool
	CertFile   string
	AuthToken  string
	ConfigPath string
	Context    string
}

ClientOptions hold address, security, and other settings for the API client.

Source Files ¶

View all Source files

apiclient.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL