Affected by GO-2022-0304 and 25 other vulnerabilities

GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd

GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd

GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

GO-2025-3427: ArgoCD Namespace Isolation Break in github.com/argoproj/argo-cd

GO-2025-3433: Argo CD does not scrub secret values from patch errors in github.com/argoproj/argo-cd

The highest tagged major version is v2.

rbac

package

v0.6.1 Latest Latest Go to latest Published: Jul 18, 2018 License: Apache-2.0 Imports: 17 Imported by: 90

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/argoproj/argo-cd

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type ClaimsEnforcerFunc
type Enforcer
- func NewEnforcer(clientset kubernetes.Interface, namespace, configmap string, ...) *Enforcer

Constants ¶

View Source

const (
	ConfigMapPolicyCSVKey     = "policy.csv"
	ConfigMapPolicyDefaultKey = "policy.default"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Enforcer ¶

type Enforcer struct {
	*casbin.Enforcer
	// contains filtered or unexported fields
}

func NewEnforcer ¶

func NewEnforcer(clientset kubernetes.Interface, namespace, configmap string, claimsEnforcer ClaimsEnforcerFunc) *Enforcer

func (*Enforcer) Enforce ¶

func (e *Enforcer) Enforce(rvals ...interface{}) bool

Enforce is a wrapper around casbin.Enforce to additionally enforce a default role

func (*Enforcer) EnforceClaims ¶

func (e *Enforcer) EnforceClaims(rvals ...interface{}) bool

EnforceClaims checks if the first value is a jwt.Claims and runs enforce against its groups and sub

func (*Enforcer) RunPolicyLoader ¶

func (e *Enforcer) RunPolicyLoader(ctx context.Context) error

RunPolicyLoader runs the policy loader which watches policy updates from the configmap and reloads them

func (*Enforcer) SetBuiltinPolicy ¶

func (e *Enforcer) SetBuiltinPolicy(policy string) error

SetBuiltinPolicy sets a built-in policy, which augments any user defined policies

func (*Enforcer) SetClaimsEnforcerFunc ¶

func (e *Enforcer) SetClaimsEnforcerFunc(claimsEnforcer ClaimsEnforcerFunc)

SetClaimsEnforcerFunc sets a claims enforce function during enforcement. The claims enforce function can extract claims from JWT token and do the proper enforcement based on user, group or any information available in the input parameter list

func (*Enforcer) SetDefaultRole ¶

func (e *Enforcer) SetDefaultRole(roleName string)

SetDefaultRole sets a default role to use during enforcement. Will fall back to this role if normal enforcement fails

func (*Enforcer) SetUserPolicy ¶

func (e *Enforcer) SetUserPolicy(policy string) error

SetUserPolicy sets a user policy, augmenting the built-in policy

Source Files ¶

View all Source files

rbac.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL