apiclient

Mar 3, 2021 GO-2022-0304 +30 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1520: JWT audience claim is not verified in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Feb 26, 2021 GO-2022-0304 +31 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1520: JWT audience claim is not verified in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Feb 20, 2021 GO-2022-0304 +32 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1520: JWT audience claim is not verified in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Feb 5, 2021 GO-2022-0304 +32 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1520: JWT audience claim is not verified in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Jan 21, 2021 GO-2022-0304 +32 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1520: JWT audience claim is not verified in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Jan 10, 2021 GO-2022-0304 +32 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1520: JWT audience claim is not verified in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Changes in this version

+ func NewConnection(address string, timeoutSeconds int) (*grpc.ClientConn, error)

Dec 10, 2020 GO-2022-0304 +31 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Dec 9, 2020 GO-2022-0304 +31 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Changes in this version

+ type ListRefsRequest struct

+ Repo *v1alpha1.Repository

+ XXX_NoUnkeyedLiteral struct{}

+ XXX_sizecache int32

+ XXX_unrecognized []byte

+ func (*ListRefsRequest) Descriptor() ([]byte, []int)

+ func (*ListRefsRequest) ProtoMessage()

+ func (m *ListRefsRequest) GetRepo() *v1alpha1.Repository

+ func (m *ListRefsRequest) Marshal() (dAtA []byte, err error)

+ func (m *ListRefsRequest) MarshalTo(dAtA []byte) (int, error)

+ func (m *ListRefsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error)

+ func (m *ListRefsRequest) Reset()

+ func (m *ListRefsRequest) Size() (n int)

+ func (m *ListRefsRequest) String() string

+ func (m *ListRefsRequest) Unmarshal(dAtA []byte) error

+ func (m *ListRefsRequest) XXX_DiscardUnknown()

+ func (m *ListRefsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

+ func (m *ListRefsRequest) XXX_Merge(src proto.Message)

+ func (m *ListRefsRequest) XXX_Size() int

+ func (m *ListRefsRequest) XXX_Unmarshal(b []byte) error

+ type Refs struct

+ Branches []string

+ Tags []string

+ XXX_NoUnkeyedLiteral struct{}

+ XXX_sizecache int32

+ XXX_unrecognized []byte

+ func (*Refs) Descriptor() ([]byte, []int)

+ func (*Refs) ProtoMessage()

+ func (m *Refs) GetBranches() []string

+ func (m *Refs) GetTags() []string

+ func (m *Refs) Marshal() (dAtA []byte, err error)

+ func (m *Refs) MarshalTo(dAtA []byte) (int, error)

+ func (m *Refs) MarshalToSizedBuffer(dAtA []byte) (int, error)

+ func (m *Refs) Reset()

+ func (m *Refs) Size() (n int)

+ func (m *Refs) String() string

+ func (m *Refs) Unmarshal(dAtA []byte) error

+ func (m *Refs) XXX_DiscardUnknown()

+ func (m *Refs) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

+ func (m *Refs) XXX_Merge(src proto.Message)

+ func (m *Refs) XXX_Size() int

+ func (m *Refs) XXX_Unmarshal(b []byte) error

type RepoServerRevisionMetadataRequest

+ CheckSignature bool

+ func (m *RepoServerRevisionMetadataRequest) GetCheckSignature() bool

type RepoServerServiceClient

+ ListRefs func(ctx context.Context, in *ListRefsRequest, opts ...grpc.CallOption) (*Refs, error)

type RepoServerServiceServer

+ ListRefs func(context.Context, *ListRefsRequest) (*Refs, error)

type UnimplementedRepoServerServiceServer

+ func (*UnimplementedRepoServerServiceServer) ListRefs(ctx context.Context, req *ListRefsRequest) (*Refs, error)

Dec 3, 2020 GO-2022-0304 +29 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Nov 25, 2020 GO-2022-0304 +29 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Mar 3, 2021 GO-2022-0304 +29 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Feb 26, 2021 GO-2022-0304 +30 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Feb 5, 2021 GO-2022-0304 +31 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Dec 10, 2020 GO-2022-0304 +31 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Nov 20, 2020 GO-2022-0304 +31 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Nov 17, 2020 GO-2022-0304 +31 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Oct 15, 2020 GO-2022-0304 +31 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Sep 29, 2020 GO-2022-0304 +31 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Sep 19, 2020 GO-2022-0304 +31 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Sep 15, 2020 GO-2022-0304 +31 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Sep 5, 2020 GO-2022-0304 +31 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Sep 1, 2020 GO-2022-0304 +31 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Aug 27, 2020 GO-2022-0304 +31 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Aug 26, 2020 GO-2022-0304 +31 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Aug 25, 2020 GO-2022-0304 +31 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Changes in this version

type ManifestRequest

+ VerifySignature bool

+ func (m *ManifestRequest) GetVerifySignature() bool

type ManifestResponse

+ VerifyResult string

+ func (m *ManifestResponse) GetVerifyResult() string

Aug 15, 2020 GO-2022-0304 +31 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Jul 31, 2020 GO-2022-0304 +31 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Jun 19, 2020 GO-2022-0304 +31 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Jun 16, 2020 GO-2022-0304 +31 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Jun 9, 2020 GO-2022-0304 +31 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Jun 2, 2020 GO-2022-0304 +31 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Jun 16, 2020 GO-2022-0304 +31 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Jun 9, 2020 GO-2022-0304 +31 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Jun 2, 2020 GO-2022-0304 +31 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

May 16, 2020 GO-2022-0304 +31 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

May 5, 2020 GO-2022-0304 +31 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

May 2, 2020 GO-2022-0304 +31 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Changes in this version

+ const MaxGRPCMessageSize

Apr 15, 2020 GO-2022-0304 +31 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Apr 6, 2020 GO-2022-0304 +31 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Apr 2, 2020 GO-2022-0304 +33 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0358: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2022-0882: Observable Discrepancy in Argo in github.com/argoproj/argo-cd

  GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Changes in this version

type HelmAppSpec

+ FileParameters []*v1alpha1.HelmFileParameter

+ func (m *HelmAppSpec) GetFileParameters() []*v1alpha1.HelmFileParameter

type ManifestRequest

+ ApiVersions []string

+ func (m *ManifestRequest) GetApiVersions() []string

Mar 30, 2020 GO-2022-0304 +31 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Mar 26, 2020 GO-2022-0304 +31 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Mar 20, 2020 GO-2022-0304 +31 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Apr 15, 2020 GO-2022-0304 +32 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Jan 24, 2020 GO-2022-0304 +32 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Jan 22, 2020 GO-2022-0304 +32 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Jan 18, 2020 GO-2022-0304 +32 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Changes in this version

+ var ErrUnexpectedEndOfGroupRepository = fmt.Errorf("proto: unexpected end of group")

type AppList

+ func (m *AppList) MarshalToSizedBuffer(dAtA []byte) (int, error)

type DirectoryAppSpec

+ func (m *DirectoryAppSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

type HelmAppSpec

+ func (m *HelmAppSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

type HelmChart

+ func (m *HelmChart) MarshalToSizedBuffer(dAtA []byte) (int, error)

type HelmChartsRequest

+ func (m *HelmChartsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error)

type HelmChartsResponse

+ func (m *HelmChartsResponse) MarshalToSizedBuffer(dAtA []byte) (int, error)

type KsonnetAppSpec

+ func (m *KsonnetAppSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

type KsonnetEnvironment

+ func (m *KsonnetEnvironment) MarshalToSizedBuffer(dAtA []byte) (int, error)

type KsonnetEnvironmentDestination

+ func (m *KsonnetEnvironmentDestination) MarshalToSizedBuffer(dAtA []byte) (int, error)

type KustomizeAppSpec

+ func (m *KustomizeAppSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

type ListAppsRequest

+ func (m *ListAppsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error)

type ManifestRequest

+ func (m *ManifestRequest) MarshalToSizedBuffer(dAtA []byte) (int, error)

type ManifestResponse

+ func (m *ManifestResponse) MarshalToSizedBuffer(dAtA []byte) (int, error)

type RepoAppDetailsResponse

+ func (m *RepoAppDetailsResponse) MarshalToSizedBuffer(dAtA []byte) (int, error)

type RepoServerAppDetailsQuery

+ func (m *RepoServerAppDetailsQuery) MarshalToSizedBuffer(dAtA []byte) (int, error)

type RepoServerRevisionMetadataRequest

+ func (m *RepoServerRevisionMetadataRequest) MarshalToSizedBuffer(dAtA []byte) (int, error)

+ type UnimplementedRepoServerServiceServer struct

+ func (*UnimplementedRepoServerServiceServer) GenerateManifest(ctx context.Context, req *ManifestRequest) (*ManifestResponse, error)

+ func (*UnimplementedRepoServerServiceServer) GetAppDetails(ctx context.Context, req *RepoServerAppDetailsQuery) (*RepoAppDetailsResponse, error)

+ func (*UnimplementedRepoServerServiceServer) GetHelmCharts(ctx context.Context, req *HelmChartsRequest) (*HelmChartsResponse, error)

+ func (*UnimplementedRepoServerServiceServer) GetRevisionMetadata(ctx context.Context, req *RepoServerRevisionMetadataRequest) (*v1alpha1.RevisionMetadata, error)

+ func (*UnimplementedRepoServerServiceServer) ListApps(ctx context.Context, req *ListAppsRequest) (*AppList, error)

Jan 13, 2020 GO-2022-0304 +32 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Dec 10, 2019 GO-2022-0304 +32 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Dec 9, 2019 GO-2022-0304 +32 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Dec 5, 2019 GO-2022-0304 +32 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Dec 5, 2019 GO-2022-0304 +32 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Dec 3, 2019 GO-2022-0304 +32 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Dec 2, 2019 GO-2022-0304 +32 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Nov 13, 2019 GO-2022-0304 +32 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0357: Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Nov 11, 2019 GO-2022-0304 +30 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Nov 4, 2019 GO-2022-0304 +30 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Oct 29, 2019 GO-2022-0304 +30 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Oct 23, 2019 GO-2022-0304 +30 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Oct 16, 2019 GO-2022-0304 +30 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Oct 29, 2019 GO-2022-0304 +30 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Oct 22, 2019 GO-2022-0304 +30 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Changes in this version

+ type AppList struct

+ Apps map[string]string

+ XXX_NoUnkeyedLiteral struct{}

+ XXX_sizecache int32

+ XXX_unrecognized []byte

+ func (*AppList) Descriptor() ([]byte, []int)

+ func (*AppList) ProtoMessage()

+ func (dst *AppList) XXX_Merge(src proto.Message)

+ func (m *AppList) GetApps() map[string]string

+ func (m *AppList) Marshal() (dAtA []byte, err error)

+ func (m *AppList) MarshalTo(dAtA []byte) (int, error)

+ func (m *AppList) Reset()

+ func (m *AppList) Size() (n int)

+ func (m *AppList) String() string

+ func (m *AppList) Unmarshal(dAtA []byte) error

+ func (m *AppList) XXX_DiscardUnknown()

+ func (m *AppList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

+ func (m *AppList) XXX_Size() int

+ func (m *AppList) XXX_Unmarshal(b []byte) error

type HelmAppSpec

+ Values string

+ func (m *HelmAppSpec) GetValues() string

+ type HelmChart struct

+ Name string

+ Versions []string

+ XXX_NoUnkeyedLiteral struct{}

+ XXX_sizecache int32

+ XXX_unrecognized []byte

+ func (*HelmChart) Descriptor() ([]byte, []int)

+ func (*HelmChart) ProtoMessage()

+ func (dst *HelmChart) XXX_Merge(src proto.Message)

+ func (m *HelmChart) GetName() string

+ func (m *HelmChart) GetVersions() []string

+ func (m *HelmChart) Marshal() (dAtA []byte, err error)

+ func (m *HelmChart) MarshalTo(dAtA []byte) (int, error)

+ func (m *HelmChart) Reset()

+ func (m *HelmChart) Size() (n int)

+ func (m *HelmChart) String() string

+ func (m *HelmChart) Unmarshal(dAtA []byte) error

+ func (m *HelmChart) XXX_DiscardUnknown()

+ func (m *HelmChart) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

+ func (m *HelmChart) XXX_Size() int

+ func (m *HelmChart) XXX_Unmarshal(b []byte) error

+ type HelmChartsRequest struct

+ Repo *v1alpha1.Repository

+ XXX_NoUnkeyedLiteral struct{}

+ XXX_sizecache int32

+ XXX_unrecognized []byte

+ func (*HelmChartsRequest) Descriptor() ([]byte, []int)

+ func (*HelmChartsRequest) ProtoMessage()

+ func (dst *HelmChartsRequest) XXX_Merge(src proto.Message)

+ func (m *HelmChartsRequest) GetRepo() *v1alpha1.Repository

+ func (m *HelmChartsRequest) Marshal() (dAtA []byte, err error)

+ func (m *HelmChartsRequest) MarshalTo(dAtA []byte) (int, error)

+ func (m *HelmChartsRequest) Reset()

+ func (m *HelmChartsRequest) Size() (n int)

+ func (m *HelmChartsRequest) String() string

+ func (m *HelmChartsRequest) Unmarshal(dAtA []byte) error

+ func (m *HelmChartsRequest) XXX_DiscardUnknown()

+ func (m *HelmChartsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

+ func (m *HelmChartsRequest) XXX_Size() int

+ func (m *HelmChartsRequest) XXX_Unmarshal(b []byte) error

+ type HelmChartsResponse struct

+ Items []*HelmChart

+ XXX_NoUnkeyedLiteral struct{}

+ XXX_sizecache int32

+ XXX_unrecognized []byte

+ func (*HelmChartsResponse) Descriptor() ([]byte, []int)

+ func (*HelmChartsResponse) ProtoMessage()

+ func (dst *HelmChartsResponse) XXX_Merge(src proto.Message)

+ func (m *HelmChartsResponse) GetItems() []*HelmChart

+ func (m *HelmChartsResponse) Marshal() (dAtA []byte, err error)

+ func (m *HelmChartsResponse) MarshalTo(dAtA []byte) (int, error)

+ func (m *HelmChartsResponse) Reset()

+ func (m *HelmChartsResponse) Size() (n int)

+ func (m *HelmChartsResponse) String() string

+ func (m *HelmChartsResponse) Unmarshal(dAtA []byte) error

+ func (m *HelmChartsResponse) XXX_DiscardUnknown()

+ func (m *HelmChartsResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

+ func (m *HelmChartsResponse) XXX_Size() int

+ func (m *HelmChartsResponse) XXX_Unmarshal(b []byte) error

+ type ListAppsRequest struct

+ Repo *v1alpha1.Repository

+ Revision string

+ XXX_NoUnkeyedLiteral struct{}

+ XXX_sizecache int32

+ XXX_unrecognized []byte

+ func (*ListAppsRequest) Descriptor() ([]byte, []int)

+ func (*ListAppsRequest) ProtoMessage()

+ func (dst *ListAppsRequest) XXX_Merge(src proto.Message)

+ func (m *ListAppsRequest) GetRepo() *v1alpha1.Repository

+ func (m *ListAppsRequest) GetRevision() string

+ func (m *ListAppsRequest) Marshal() (dAtA []byte, err error)

+ func (m *ListAppsRequest) MarshalTo(dAtA []byte) (int, error)

+ func (m *ListAppsRequest) Reset()

+ func (m *ListAppsRequest) Size() (n int)

+ func (m *ListAppsRequest) String() string

+ func (m *ListAppsRequest) Unmarshal(dAtA []byte) error

+ func (m *ListAppsRequest) XXX_DiscardUnknown()

+ func (m *ListAppsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

+ func (m *ListAppsRequest) XXX_Size() int

+ func (m *ListAppsRequest) XXX_Unmarshal(b []byte) error

type ManifestRequest

+ KubeVersion string

+ Repos []*v1alpha1.Repository

+ func (m *ManifestRequest) GetKubeVersion() string

+ func (m *ManifestRequest) GetRepos() []*v1alpha1.Repository

type RepoServerAppDetailsQuery

+ Repos []*v1alpha1.Repository

+ Source *v1alpha1.ApplicationSource

+ func (m *RepoServerAppDetailsQuery) GetRepos() []*v1alpha1.Repository

+ func (m *RepoServerAppDetailsQuery) GetSource() *v1alpha1.ApplicationSource

type RepoServerServiceClient

+ GetHelmCharts func(ctx context.Context, in *HelmChartsRequest, opts ...grpc.CallOption) (*HelmChartsResponse, error)

+ ListApps func(ctx context.Context, in *ListAppsRequest, opts ...grpc.CallOption) (*AppList, error)

type RepoServerServiceServer

+ GetHelmCharts func(context.Context, *HelmChartsRequest) (*HelmChartsResponse, error)

+ ListApps func(context.Context, *ListAppsRequest) (*AppList, error)

Oct 1, 2019 GO-2022-0304 +30 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Sep 24, 2019 GO-2022-0304 +30 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Sep 12, 2019 GO-2022-0304 +30 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Sep 4, 2019 GO-2022-0304 +30 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Changes in this version

+ var ErrIntOverflowRepository = fmt.Errorf("proto: integer overflow")

+ var ErrInvalidLengthRepository = fmt.Errorf("proto: negative length found during unmarshaling")

+ func RegisterRepoServerServiceServer(s *grpc.Server, srv RepoServerServiceServer)

+ type Clientset interface

+ NewRepoServerClient func() (util.Closer, RepoServerServiceClient, error)

+ func NewRepoServerClientset(address string, timeoutSeconds int) Clientset

+ type DirectoryAppSpec struct

+ XXX_NoUnkeyedLiteral struct{}

+ XXX_sizecache int32

+ XXX_unrecognized []byte

+ func (*DirectoryAppSpec) Descriptor() ([]byte, []int)

+ func (*DirectoryAppSpec) ProtoMessage()

+ func (dst *DirectoryAppSpec) XXX_Merge(src proto.Message)

+ func (m *DirectoryAppSpec) Marshal() (dAtA []byte, err error)

+ func (m *DirectoryAppSpec) MarshalTo(dAtA []byte) (int, error)

+ func (m *DirectoryAppSpec) Reset()

+ func (m *DirectoryAppSpec) Size() (n int)

+ func (m *DirectoryAppSpec) String() string

+ func (m *DirectoryAppSpec) Unmarshal(dAtA []byte) error

+ func (m *DirectoryAppSpec) XXX_DiscardUnknown()

+ func (m *DirectoryAppSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

+ func (m *DirectoryAppSpec) XXX_Size() int

+ func (m *DirectoryAppSpec) XXX_Unmarshal(b []byte) error

+ type FileList struct

+ Items []string

+ XXX_NoUnkeyedLiteral struct{}

+ XXX_sizecache int32

+ XXX_unrecognized []byte

+ func (*FileList) Descriptor() ([]byte, []int)

+ func (*FileList) ProtoMessage()

+ func (dst *FileList) XXX_Merge(src proto.Message)

+ func (m *FileList) GetItems() []string

+ func (m *FileList) Marshal() (dAtA []byte, err error)

+ func (m *FileList) MarshalTo(dAtA []byte) (int, error)

+ func (m *FileList) Reset()

+ func (m *FileList) Size() (n int)

+ func (m *FileList) String() string

+ func (m *FileList) Unmarshal(dAtA []byte) error

+ func (m *FileList) XXX_DiscardUnknown()

+ func (m *FileList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

+ func (m *FileList) XXX_Size() int

+ func (m *FileList) XXX_Unmarshal(b []byte) error

+ type GetFileRequest struct

+ Path string

+ Repo *v1alpha1.Repository

+ Revision string

+ XXX_NoUnkeyedLiteral struct{}

+ XXX_sizecache int32

+ XXX_unrecognized []byte

+ func (*GetFileRequest) Descriptor() ([]byte, []int)

+ func (*GetFileRequest) ProtoMessage()

+ func (dst *GetFileRequest) XXX_Merge(src proto.Message)

+ func (m *GetFileRequest) GetPath() string

+ func (m *GetFileRequest) GetRepo() *v1alpha1.Repository

+ func (m *GetFileRequest) GetRevision() string

+ func (m *GetFileRequest) Marshal() (dAtA []byte, err error)

+ func (m *GetFileRequest) MarshalTo(dAtA []byte) (int, error)

+ func (m *GetFileRequest) Reset()

+ func (m *GetFileRequest) Size() (n int)

+ func (m *GetFileRequest) String() string

+ func (m *GetFileRequest) Unmarshal(dAtA []byte) error

+ func (m *GetFileRequest) XXX_DiscardUnknown()

+ func (m *GetFileRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

+ func (m *GetFileRequest) XXX_Size() int

+ func (m *GetFileRequest) XXX_Unmarshal(b []byte) error

+ type GetFileResponse struct

+ Data []byte

+ XXX_NoUnkeyedLiteral struct{}

+ XXX_sizecache int32

+ XXX_unrecognized []byte

+ func (*GetFileResponse) Descriptor() ([]byte, []int)

+ func (*GetFileResponse) ProtoMessage()

+ func (dst *GetFileResponse) XXX_Merge(src proto.Message)

+ func (m *GetFileResponse) GetData() []byte

+ func (m *GetFileResponse) Marshal() (dAtA []byte, err error)

+ func (m *GetFileResponse) MarshalTo(dAtA []byte) (int, error)

+ func (m *GetFileResponse) Reset()

+ func (m *GetFileResponse) Size() (n int)

+ func (m *GetFileResponse) String() string

+ func (m *GetFileResponse) Unmarshal(dAtA []byte) error

+ func (m *GetFileResponse) XXX_DiscardUnknown()

+ func (m *GetFileResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

+ func (m *GetFileResponse) XXX_Size() int

+ func (m *GetFileResponse) XXX_Unmarshal(b []byte) error

+ type HelmAppDetailsQuery struct

+ ValueFiles []string

+ XXX_NoUnkeyedLiteral struct{}

+ XXX_sizecache int32

+ XXX_unrecognized []byte

+ func (*HelmAppDetailsQuery) Descriptor() ([]byte, []int)

+ func (*HelmAppDetailsQuery) ProtoMessage()

+ func (dst *HelmAppDetailsQuery) XXX_Merge(src proto.Message)

+ func (m *HelmAppDetailsQuery) GetValueFiles() []string

+ func (m *HelmAppDetailsQuery) Marshal() (dAtA []byte, err error)

+ func (m *HelmAppDetailsQuery) MarshalTo(dAtA []byte) (int, error)

+ func (m *HelmAppDetailsQuery) Reset()

+ func (m *HelmAppDetailsQuery) Size() (n int)

+ func (m *HelmAppDetailsQuery) String() string

+ func (m *HelmAppDetailsQuery) Unmarshal(dAtA []byte) error

+ func (m *HelmAppDetailsQuery) XXX_DiscardUnknown()

+ func (m *HelmAppDetailsQuery) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

+ func (m *HelmAppDetailsQuery) XXX_Size() int

+ func (m *HelmAppDetailsQuery) XXX_Unmarshal(b []byte) error

+ type HelmAppSpec struct

+ Name string

+ Parameters []*v1alpha1.HelmParameter

+ Path string

+ ValueFiles []string

+ XXX_NoUnkeyedLiteral struct{}

+ XXX_sizecache int32

+ XXX_unrecognized []byte

+ func (*HelmAppSpec) Descriptor() ([]byte, []int)

+ func (*HelmAppSpec) ProtoMessage()

+ func (dst *HelmAppSpec) XXX_Merge(src proto.Message)

+ func (m *HelmAppSpec) GetName() string

+ func (m *HelmAppSpec) GetParameters() []*v1alpha1.HelmParameter

+ func (m *HelmAppSpec) GetPath() string

+ func (m *HelmAppSpec) GetValueFiles() []string

+ func (m *HelmAppSpec) Marshal() (dAtA []byte, err error)

+ func (m *HelmAppSpec) MarshalTo(dAtA []byte) (int, error)

+ func (m *HelmAppSpec) Reset()

+ func (m *HelmAppSpec) Size() (n int)

+ func (m *HelmAppSpec) String() string

+ func (m *HelmAppSpec) Unmarshal(dAtA []byte) error

+ func (m *HelmAppSpec) XXX_DiscardUnknown()

+ func (m *HelmAppSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

+ func (m *HelmAppSpec) XXX_Size() int

+ func (m *HelmAppSpec) XXX_Unmarshal(b []byte) error

+ type KsonnetAppDetailsQuery struct

+ Environment string

+ XXX_NoUnkeyedLiteral struct{}

+ XXX_sizecache int32

+ XXX_unrecognized []byte

+ func (*KsonnetAppDetailsQuery) Descriptor() ([]byte, []int)

+ func (*KsonnetAppDetailsQuery) ProtoMessage()

+ func (dst *KsonnetAppDetailsQuery) XXX_Merge(src proto.Message)

+ func (m *KsonnetAppDetailsQuery) GetEnvironment() string

+ func (m *KsonnetAppDetailsQuery) Marshal() (dAtA []byte, err error)

+ func (m *KsonnetAppDetailsQuery) MarshalTo(dAtA []byte) (int, error)

+ func (m *KsonnetAppDetailsQuery) Reset()

+ func (m *KsonnetAppDetailsQuery) Size() (n int)

+ func (m *KsonnetAppDetailsQuery) String() string

+ func (m *KsonnetAppDetailsQuery) Unmarshal(dAtA []byte) error

+ func (m *KsonnetAppDetailsQuery) XXX_DiscardUnknown()

+ func (m *KsonnetAppDetailsQuery) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

+ func (m *KsonnetAppDetailsQuery) XXX_Size() int

+ func (m *KsonnetAppDetailsQuery) XXX_Unmarshal(b []byte) error

+ type KsonnetAppSpec struct

+ Environments map[string]*KsonnetEnvironment

+ Name string

+ Parameters []*v1alpha1.KsonnetParameter

+ Path string

+ XXX_NoUnkeyedLiteral struct{}

+ XXX_sizecache int32

+ XXX_unrecognized []byte

+ func (*KsonnetAppSpec) Descriptor() ([]byte, []int)

+ func (*KsonnetAppSpec) ProtoMessage()

+ func (dst *KsonnetAppSpec) XXX_Merge(src proto.Message)

+ func (m *KsonnetAppSpec) GetEnvironments() map[string]*KsonnetEnvironment

+ func (m *KsonnetAppSpec) GetName() string

+ func (m *KsonnetAppSpec) GetParameters() []*v1alpha1.KsonnetParameter

+ func (m *KsonnetAppSpec) GetPath() string

+ func (m *KsonnetAppSpec) Marshal() (dAtA []byte, err error)

+ func (m *KsonnetAppSpec) MarshalTo(dAtA []byte) (int, error)

+ func (m *KsonnetAppSpec) Reset()

+ func (m *KsonnetAppSpec) Size() (n int)

+ func (m *KsonnetAppSpec) String() string

+ func (m *KsonnetAppSpec) Unmarshal(dAtA []byte) error

+ func (m *KsonnetAppSpec) XXX_DiscardUnknown()

+ func (m *KsonnetAppSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

+ func (m *KsonnetAppSpec) XXX_Size() int

+ func (m *KsonnetAppSpec) XXX_Unmarshal(b []byte) error

+ type KsonnetEnvironment struct

+ Destination *KsonnetEnvironmentDestination

+ K8SVersion string

+ Name string

+ Path string

+ XXX_NoUnkeyedLiteral struct{}

+ XXX_sizecache int32

+ XXX_unrecognized []byte

+ func (*KsonnetEnvironment) Descriptor() ([]byte, []int)

+ func (*KsonnetEnvironment) ProtoMessage()

+ func (dst *KsonnetEnvironment) XXX_Merge(src proto.Message)

+ func (m *KsonnetEnvironment) GetDestination() *KsonnetEnvironmentDestination

+ func (m *KsonnetEnvironment) GetK8SVersion() string

+ func (m *KsonnetEnvironment) GetName() string

+ func (m *KsonnetEnvironment) GetPath() string

+ func (m *KsonnetEnvironment) Marshal() (dAtA []byte, err error)

+ func (m *KsonnetEnvironment) MarshalTo(dAtA []byte) (int, error)

+ func (m *KsonnetEnvironment) Reset()

+ func (m *KsonnetEnvironment) Size() (n int)

+ func (m *KsonnetEnvironment) String() string

+ func (m *KsonnetEnvironment) Unmarshal(dAtA []byte) error

+ func (m *KsonnetEnvironment) XXX_DiscardUnknown()

+ func (m *KsonnetEnvironment) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

+ func (m *KsonnetEnvironment) XXX_Size() int

+ func (m *KsonnetEnvironment) XXX_Unmarshal(b []byte) error

+ type KsonnetEnvironmentDestination struct

+ Namespace string

+ Server string

+ XXX_NoUnkeyedLiteral struct{}

+ XXX_sizecache int32

+ XXX_unrecognized []byte

+ func (*KsonnetEnvironmentDestination) Descriptor() ([]byte, []int)

+ func (*KsonnetEnvironmentDestination) ProtoMessage()

+ func (dst *KsonnetEnvironmentDestination) XXX_Merge(src proto.Message)

+ func (m *KsonnetEnvironmentDestination) GetNamespace() string

+ func (m *KsonnetEnvironmentDestination) GetServer() string

+ func (m *KsonnetEnvironmentDestination) Marshal() (dAtA []byte, err error)

+ func (m *KsonnetEnvironmentDestination) MarshalTo(dAtA []byte) (int, error)

+ func (m *KsonnetEnvironmentDestination) Reset()

+ func (m *KsonnetEnvironmentDestination) Size() (n int)

+ func (m *KsonnetEnvironmentDestination) String() string

+ func (m *KsonnetEnvironmentDestination) Unmarshal(dAtA []byte) error

+ func (m *KsonnetEnvironmentDestination) XXX_DiscardUnknown()

+ func (m *KsonnetEnvironmentDestination) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

+ func (m *KsonnetEnvironmentDestination) XXX_Size() int

+ func (m *KsonnetEnvironmentDestination) XXX_Unmarshal(b []byte) error

+ type KustomizeAppSpec struct

+ Images []string

+ Path string

+ XXX_NoUnkeyedLiteral struct{}

+ XXX_sizecache int32

+ XXX_unrecognized []byte

+ func (*KustomizeAppSpec) Descriptor() ([]byte, []int)

+ func (*KustomizeAppSpec) ProtoMessage()

+ func (dst *KustomizeAppSpec) XXX_Merge(src proto.Message)

+ func (m *KustomizeAppSpec) GetImages() []string

+ func (m *KustomizeAppSpec) GetPath() string

+ func (m *KustomizeAppSpec) Marshal() (dAtA []byte, err error)

+ func (m *KustomizeAppSpec) MarshalTo(dAtA []byte) (int, error)

+ func (m *KustomizeAppSpec) Reset()

+ func (m *KustomizeAppSpec) Size() (n int)

+ func (m *KustomizeAppSpec) String() string

+ func (m *KustomizeAppSpec) Unmarshal(dAtA []byte) error

+ func (m *KustomizeAppSpec) XXX_DiscardUnknown()

+ func (m *KustomizeAppSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

+ func (m *KustomizeAppSpec) XXX_Size() int

+ func (m *KustomizeAppSpec) XXX_Unmarshal(b []byte) error

+ type ListDirRequest struct

+ Path string

+ Repo *v1alpha1.Repository

+ Revision string

+ XXX_NoUnkeyedLiteral struct{}

+ XXX_sizecache int32

+ XXX_unrecognized []byte

+ func (*ListDirRequest) Descriptor() ([]byte, []int)

+ func (*ListDirRequest) ProtoMessage()

+ func (dst *ListDirRequest) XXX_Merge(src proto.Message)

+ func (m *ListDirRequest) GetPath() string

+ func (m *ListDirRequest) GetRepo() *v1alpha1.Repository

+ func (m *ListDirRequest) GetRevision() string

+ func (m *ListDirRequest) Marshal() (dAtA []byte, err error)

+ func (m *ListDirRequest) MarshalTo(dAtA []byte) (int, error)

+ func (m *ListDirRequest) Reset()

+ func (m *ListDirRequest) Size() (n int)

+ func (m *ListDirRequest) String() string

+ func (m *ListDirRequest) Unmarshal(dAtA []byte) error

+ func (m *ListDirRequest) XXX_DiscardUnknown()

+ func (m *ListDirRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

+ func (m *ListDirRequest) XXX_Size() int

+ func (m *ListDirRequest) XXX_Unmarshal(b []byte) error

+ type ManifestRequest struct

+ AppLabelKey string

+ AppLabelValue string

+ ApplicationSource *v1alpha1.ApplicationSource

+ HelmRepos []*v1alpha1.HelmRepository

+ KustomizeOptions *v1alpha1.KustomizeOptions

+ Namespace string

+ NoCache bool

+ Plugins []*v1alpha1.ConfigManagementPlugin

+ Repo *v1alpha1.Repository

+ Revision string

+ XXX_NoUnkeyedLiteral struct{}

+ XXX_sizecache int32

+ XXX_unrecognized []byte

+ func (*ManifestRequest) Descriptor() ([]byte, []int)

+ func (*ManifestRequest) ProtoMessage()

+ func (dst *ManifestRequest) XXX_Merge(src proto.Message)

+ func (m *ManifestRequest) GetAppLabelKey() string

+ func (m *ManifestRequest) GetAppLabelValue() string

+ func (m *ManifestRequest) GetApplicationSource() *v1alpha1.ApplicationSource

+ func (m *ManifestRequest) GetHelmRepos() []*v1alpha1.HelmRepository

+ func (m *ManifestRequest) GetKustomizeOptions() *v1alpha1.KustomizeOptions

+ func (m *ManifestRequest) GetNamespace() string

+ func (m *ManifestRequest) GetNoCache() bool

+ func (m *ManifestRequest) GetPlugins() []*v1alpha1.ConfigManagementPlugin

+ func (m *ManifestRequest) GetRepo() *v1alpha1.Repository

+ func (m *ManifestRequest) GetRevision() string

+ func (m *ManifestRequest) Marshal() (dAtA []byte, err error)

+ func (m *ManifestRequest) MarshalTo(dAtA []byte) (int, error)

+ func (m *ManifestRequest) Reset()

+ func (m *ManifestRequest) Size() (n int)

+ func (m *ManifestRequest) String() string

+ func (m *ManifestRequest) Unmarshal(dAtA []byte) error

+ func (m *ManifestRequest) XXX_DiscardUnknown()

+ func (m *ManifestRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

+ func (m *ManifestRequest) XXX_Size() int

+ func (m *ManifestRequest) XXX_Unmarshal(b []byte) error

+ type ManifestResponse struct

+ Manifests []string

+ Namespace string

+ Revision string

+ Server string

+ SourceType string

+ XXX_NoUnkeyedLiteral struct{}

+ XXX_sizecache int32

+ XXX_unrecognized []byte

+ func (*ManifestResponse) Descriptor() ([]byte, []int)

+ func (*ManifestResponse) ProtoMessage()

+ func (dst *ManifestResponse) XXX_Merge(src proto.Message)

+ func (m *ManifestResponse) GetManifests() []string

+ func (m *ManifestResponse) GetNamespace() string

+ func (m *ManifestResponse) GetRevision() string

+ func (m *ManifestResponse) GetServer() string

+ func (m *ManifestResponse) GetSourceType() string

+ func (m *ManifestResponse) Marshal() (dAtA []byte, err error)

+ func (m *ManifestResponse) MarshalTo(dAtA []byte) (int, error)

+ func (m *ManifestResponse) Reset()

+ func (m *ManifestResponse) Size() (n int)

+ func (m *ManifestResponse) String() string

+ func (m *ManifestResponse) Unmarshal(dAtA []byte) error

+ func (m *ManifestResponse) XXX_DiscardUnknown()

+ func (m *ManifestResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

+ func (m *ManifestResponse) XXX_Size() int

+ func (m *ManifestResponse) XXX_Unmarshal(b []byte) error

+ type RepoAppDetailsResponse struct

+ Directory *DirectoryAppSpec

+ Helm *HelmAppSpec

+ Ksonnet *KsonnetAppSpec

+ Kustomize *KustomizeAppSpec

+ Type string

+ XXX_NoUnkeyedLiteral struct{}

+ XXX_sizecache int32

+ XXX_unrecognized []byte

+ func (*RepoAppDetailsResponse) Descriptor() ([]byte, []int)

+ func (*RepoAppDetailsResponse) ProtoMessage()

+ func (dst *RepoAppDetailsResponse) XXX_Merge(src proto.Message)

+ func (m *RepoAppDetailsResponse) GetDirectory() *DirectoryAppSpec

+ func (m *RepoAppDetailsResponse) GetHelm() *HelmAppSpec

+ func (m *RepoAppDetailsResponse) GetKsonnet() *KsonnetAppSpec

+ func (m *RepoAppDetailsResponse) GetKustomize() *KustomizeAppSpec

+ func (m *RepoAppDetailsResponse) GetType() string

+ func (m *RepoAppDetailsResponse) Marshal() (dAtA []byte, err error)

+ func (m *RepoAppDetailsResponse) MarshalTo(dAtA []byte) (int, error)

+ func (m *RepoAppDetailsResponse) Reset()

+ func (m *RepoAppDetailsResponse) Size() (n int)

+ func (m *RepoAppDetailsResponse) String() string

+ func (m *RepoAppDetailsResponse) Unmarshal(dAtA []byte) error

+ func (m *RepoAppDetailsResponse) XXX_DiscardUnknown()

+ func (m *RepoAppDetailsResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

+ func (m *RepoAppDetailsResponse) XXX_Size() int

+ func (m *RepoAppDetailsResponse) XXX_Unmarshal(b []byte) error

+ type RepoServerAppDetailsQuery struct

+ Helm *HelmAppDetailsQuery

+ HelmRepos []*v1alpha1.HelmRepository

+ Ksonnet *KsonnetAppDetailsQuery

+ KustomizeOptions *v1alpha1.KustomizeOptions

+ Path string

+ Plugins []*v1alpha1.ConfigManagementPlugin

+ Repo *v1alpha1.Repository

+ Revision string

+ XXX_NoUnkeyedLiteral struct{}

+ XXX_sizecache int32

+ XXX_unrecognized []byte

+ func (*RepoServerAppDetailsQuery) Descriptor() ([]byte, []int)

+ func (*RepoServerAppDetailsQuery) ProtoMessage()

+ func (dst *RepoServerAppDetailsQuery) XXX_Merge(src proto.Message)

+ func (m *RepoServerAppDetailsQuery) GetHelm() *HelmAppDetailsQuery

+ func (m *RepoServerAppDetailsQuery) GetHelmRepos() []*v1alpha1.HelmRepository

+ func (m *RepoServerAppDetailsQuery) GetKsonnet() *KsonnetAppDetailsQuery

+ func (m *RepoServerAppDetailsQuery) GetKustomizeOptions() *v1alpha1.KustomizeOptions

+ func (m *RepoServerAppDetailsQuery) GetPath() string

+ func (m *RepoServerAppDetailsQuery) GetPlugins() []*v1alpha1.ConfigManagementPlugin

+ func (m *RepoServerAppDetailsQuery) GetRepo() *v1alpha1.Repository

+ func (m *RepoServerAppDetailsQuery) GetRevision() string

+ func (m *RepoServerAppDetailsQuery) Marshal() (dAtA []byte, err error)

+ func (m *RepoServerAppDetailsQuery) MarshalTo(dAtA []byte) (int, error)

+ func (m *RepoServerAppDetailsQuery) Reset()

+ func (m *RepoServerAppDetailsQuery) Size() (n int)

+ func (m *RepoServerAppDetailsQuery) String() string

+ func (m *RepoServerAppDetailsQuery) Unmarshal(dAtA []byte) error

+ func (m *RepoServerAppDetailsQuery) XXX_DiscardUnknown()

+ func (m *RepoServerAppDetailsQuery) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

+ func (m *RepoServerAppDetailsQuery) XXX_Size() int

+ func (m *RepoServerAppDetailsQuery) XXX_Unmarshal(b []byte) error

+ type RepoServerRevisionMetadataRequest struct

+ Repo *v1alpha1.Repository

+ Revision string

+ XXX_NoUnkeyedLiteral struct{}

+ XXX_sizecache int32

+ XXX_unrecognized []byte

+ func (*RepoServerRevisionMetadataRequest) Descriptor() ([]byte, []int)

+ func (*RepoServerRevisionMetadataRequest) ProtoMessage()

+ func (dst *RepoServerRevisionMetadataRequest) XXX_Merge(src proto.Message)

+ func (m *RepoServerRevisionMetadataRequest) GetRepo() *v1alpha1.Repository

+ func (m *RepoServerRevisionMetadataRequest) GetRevision() string

+ func (m *RepoServerRevisionMetadataRequest) Marshal() (dAtA []byte, err error)

+ func (m *RepoServerRevisionMetadataRequest) MarshalTo(dAtA []byte) (int, error)

+ func (m *RepoServerRevisionMetadataRequest) Reset()

+ func (m *RepoServerRevisionMetadataRequest) Size() (n int)

+ func (m *RepoServerRevisionMetadataRequest) String() string

+ func (m *RepoServerRevisionMetadataRequest) Unmarshal(dAtA []byte) error

+ func (m *RepoServerRevisionMetadataRequest) XXX_DiscardUnknown()

+ func (m *RepoServerRevisionMetadataRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

+ func (m *RepoServerRevisionMetadataRequest) XXX_Size() int

+ func (m *RepoServerRevisionMetadataRequest) XXX_Unmarshal(b []byte) error

+ type RepoServerServiceClient interface

+ GenerateManifest func(ctx context.Context, in *ManifestRequest, opts ...grpc.CallOption) (*ManifestResponse, error)

+ GetAppDetails func(ctx context.Context, in *RepoServerAppDetailsQuery, opts ...grpc.CallOption) (*RepoAppDetailsResponse, error)

+ GetFile func(ctx context.Context, in *GetFileRequest, opts ...grpc.CallOption) (*GetFileResponse, error)

+ GetRevisionMetadata func(ctx context.Context, in *RepoServerRevisionMetadataRequest, ...) (*v1alpha1.RevisionMetadata, error)

+ ListDir func(ctx context.Context, in *ListDirRequest, opts ...grpc.CallOption) (*FileList, error)

+ func NewRepoServerServiceClient(cc *grpc.ClientConn) RepoServerServiceClient

+ type RepoServerServiceServer interface

+ GenerateManifest func(context.Context, *ManifestRequest) (*ManifestResponse, error)

+ GetAppDetails func(context.Context, *RepoServerAppDetailsQuery) (*RepoAppDetailsResponse, error)

+ GetFile func(context.Context, *GetFileRequest) (*GetFileResponse, error)

+ GetRevisionMetadata func(context.Context, *RepoServerRevisionMetadataRequest) (*v1alpha1.RevisionMetadata, error)

+ ListDir func(context.Context, *ListDirRequest) (*FileList, error)

Aug 21, 2019 GO-2022-0304 +30 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd

Aug 6, 2019 GO-2022-0304 +30 more

  GO-2022-0304: Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0359: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0387: Helm OCI credentials leaked into Argo CD logs in github.com/argoproj/argo-cd

  GO-2022-0453: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2022-0454: Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd

  GO-2022-0455: Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

  GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

  GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

  GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

  GO-2022-0516: Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd

  GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

  GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

  GO-2022-0869: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd

  GO-2022-0892: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd

  GO-2023-1512: Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

  GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

  GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

  GO-2023-1952: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd

  GO-2023-2018: Argo CD web terminal session doesn't expire in github.com/argoproj/argo-cd

  GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

  GO-2023-2050: Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd

  GO-2023-2085: Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

  GO-2024-2643: Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

  GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

  GO-2024-2728: Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

  GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

  GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

  GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

  GO-2024-2902: Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

  GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

  GO-2024-3006: The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd