Affected by GO-2023-1520 and 13 other vulnerabilities

GO-2023-1520: JWT audience claim is not verified in github.com/argoproj/argo-cd

GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

GO-2025-3433: Argo CD does not scrub secret values from patch errors in github.com/argoproj/argo-cd

GO-2025-3720: Argo CD allows cross-site scripting on repositories page in github.com/argoproj/argo-cd

GO-2025-3993: Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload in github.com/argoproj/argo-cd

GO-2025-3994: Repository Credentials Race Condition Crashes Argo CD Server in github.com/argoproj/argo-cd

GO-2025-3996: argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload in github.com/argoproj/argo-cd

The highest tagged major version is v3.

dex

package

v2.3.13 Latest Latest Go to latest Published: Jan 18, 2023 License: Apache-2.0 Imports: 13 Imported by: 2

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/argoproj/argo-cd

Links

Open Source Insights

Documentation ¶

Index ¶

func GenerateDexConfigYAML(settings *settings.ArgoCDSettings) ([]byte, error)
func NewDexHTTPReverseProxy(serverAddr string, baseHRef string) func(writer http.ResponseWriter, request *http.Request)
type DexRewriteURLRoundTripper
- func NewDexRewriteURLRoundTripper(dexServerAddr string, T http.RoundTripper) DexRewriteURLRoundTripper
- func (s DexRewriteURLRoundTripper) RoundTrip(r *http.Request) (*http.Response, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GenerateDexConfigYAML ¶

func GenerateDexConfigYAML(settings *settings.ArgoCDSettings) ([]byte, error)

func NewDexHTTPReverseProxy ¶

func NewDexHTTPReverseProxy(serverAddr string, baseHRef string) func(writer http.ResponseWriter, request *http.Request)

NewDexHTTPReverseProxy returns a reverse proxy to the Dex server. Dex is assumed to be configured with the external issuer URL muxed to the same path configured in server.go. In other words, if Argo CD API server wants to proxy requests at /api/dex, then the dex config yaml issuer URL should also be /api/dex (e.g. issuer: https://argocd.example.com/api/dex)

Types ¶

type DexRewriteURLRoundTripper ¶

type DexRewriteURLRoundTripper struct {
	DexURL *url.URL
	T      http.RoundTripper
}

DexRewriteURLRoundTripper is an HTTP RoundTripper to rewrite HTTP requests to the specified dex server address. This is used when reverse proxying Dex to avoid the API server from unnecessarily communicating to Argo CD through its externally facing load balancer, which is not always permitted in firewalled/air-gapped networks.

func NewDexRewriteURLRoundTripper ¶

func NewDexRewriteURLRoundTripper(dexServerAddr string, T http.RoundTripper) DexRewriteURLRoundTripper

NewDexRewriteURLRoundTripper creates a new DexRewriteURLRoundTripper

func (DexRewriteURLRoundTripper) RoundTrip ¶

func (s DexRewriteURLRoundTripper) RoundTrip(r *http.Request) (*http.Response, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL