Action not permitted
Modal body text goes here.
cve-2023-40029
Vulnerability from cvelistv5
Published
2023-09-07 22:11
Modified
2024-09-26 18:22
Severity ?
EPSS score ?
Summary
Cluster secret might leak in cluster details page in Argo CD
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:54.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-fwr2-64vr-xv9m",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-fwr2-64vr-xv9m"
},
{
"name": "https://github.com/argoproj/argo-cd/pull/7139",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/argoproj/argo-cd/pull/7139"
},
{
"name": "https://github.com/argoproj/argo-cd/commit/4b2e5b06bff2ffd8ed1970654ddd8e55fc4a41c4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/argoproj/argo-cd/commit/4b2e5b06bff2ffd8ed1970654ddd8e55fc4a41c4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40029",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T18:21:03.707832Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T18:22:28.890Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "argo-cd",
"vendor": "argoproj",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.2.0, \u003c 2.6.15"
},
{
"status": "affected",
"version": "\u003e= 2.7.0, \u003c 2.7.14"
},
{
"status": "affected",
"version": "\u003e= 2.8.0, \u003c 2.8.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored in`kubectl.kubernetes.io/last-applied-configuration` annotation. pull request #7139 introduced the ability to manage cluster labels and annotations. Since clusters are stored as secrets it also exposes the `kubectl.kubernetes.io/last-applied-configuration` annotation which includes full secret body. In order to view the cluster annotations via the Argo CD API, the user must have `clusters, get` RBAC access. **Note:** In many cases, cluster secrets do not contain any actually-secret information. But sometimes, as in bearer-token auth, the contents might be very sensitive. The bug has been patched in versions 2.8.3, 2.7.14, and 2.6.15. Users are advised to upgrade. Users unable to upgrade should update/deploy cluster secret with `server-side-apply` flag which does not use or rely on `kubectl.kubernetes.io/last-applied-configuration` annotation. Note: annotation for existing secrets will require manual removal.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-07T22:11:56.361Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-fwr2-64vr-xv9m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-fwr2-64vr-xv9m"
},
{
"name": "https://github.com/argoproj/argo-cd/pull/7139",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/argoproj/argo-cd/pull/7139"
},
{
"name": "https://github.com/argoproj/argo-cd/commit/4b2e5b06bff2ffd8ed1970654ddd8e55fc4a41c4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/argoproj/argo-cd/commit/4b2e5b06bff2ffd8ed1970654ddd8e55fc4a41c4"
}
],
"source": {
"advisory": "GHSA-fwr2-64vr-xv9m",
"discovery": "UNKNOWN"
},
"title": "Cluster secret might leak in cluster details page in Argo CD"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-40029",
"datePublished": "2023-09-07T22:11:56.361Z",
"dateReserved": "2023-08-08T13:46:25.244Z",
"dateUpdated": "2024-09-26T18:22:28.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-40029\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-09-07T23:15:09.763\",\"lastModified\":\"2024-08-07T15:43:51.540\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored in`kubectl.kubernetes.io/last-applied-configuration` annotation. pull request #7139 introduced the ability to manage cluster labels and annotations. Since clusters are stored as secrets it also exposes the `kubectl.kubernetes.io/last-applied-configuration` annotation which includes full secret body. In order to view the cluster annotations via the Argo CD API, the user must have `clusters, get` RBAC access. **Note:** In many cases, cluster secrets do not contain any actually-secret information. But sometimes, as in bearer-token auth, the contents might be very sensitive. The bug has been patched in versions 2.8.3, 2.7.14, and 2.6.15. Users are advised to upgrade. Users unable to upgrade should update/deploy cluster secret with `server-side-apply` flag which does not use or rely on `kubectl.kubernetes.io/last-applied-configuration` annotation. Note: annotation for existing secrets will require manual removal.\\n\\n\"},{\"lang\":\"es\",\"value\":\"Argo CD es una implementaci\u00f3n continua declarativa para Kubernetes. Los secretos de Argo CD Cluster se pueden administrar de forma declarativa utilizando Argo CD / kubectl apply. Como resultado, el secret body completo se almacena en la anotaci\u00f3n `kubectl.kubernetes.io/last-applied-configuration`. La solicitud de extracci\u00f3n #7139 introdujo la capacidad de administrar etiquetas y anotaciones del cl\u00faster. Dado que los cl\u00fasteres se almacenan como secretos, tambi\u00e9n expone la anotaci\u00f3n `kubectl.kubernetes.io/last-applied-configuration` que incluye el secret body completo. Para ver las anotaciones del cl\u00faster a trav\u00e9s de la API de Argo CD, el usuario debe tener acceso RBAC \\\"clusters, get\\\". **Nota:** En muchos casos, los secretos del cl\u00faster no contienen ninguna informaci\u00f3n realmente secreta. Pero a veces, como en la autenticaci\u00f3n de token de portador, el contenido puede ser muy sensible. El error se corrigi\u00f3 en las versiones 2.8.3, 2.7.14 y 2.6.15. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar deben actualizar/implementar el secreto del cl\u00faster con el indicador `server-side-apply` que no utiliza ni depende de la anotaci\u00f3n `kubectl.kubernetes.io/last-applied-configuration`. Nota: la anotaci\u00f3n de secretos existentes requerir\u00e1 eliminaci\u00f3n manual.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":9.6,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.1,\"impactScore\":5.8},{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\",\"baseScore\":9.9,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.1,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]},{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.2.0\",\"versionEndExcluding\":\"2.6.15\",\"matchCriteriaId\":\"32DE94A6-AD4A-49FB-BDAF-F5EC7074B58D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.7.0\",\"versionEndExcluding\":\"2.7.14\",\"matchCriteriaId\":\"BF1DA08F-D737-493C-B6E1-305260C9DF13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.8.0\",\"versionEndExcluding\":\"2.8.3\",\"matchCriteriaId\":\"4EBB2230-6C25-4B69-9475-239F566E20B3\"}]}]}],\"references\":[{\"url\":\"https://github.com/argoproj/argo-cd/commit/4b2e5b06bff2ffd8ed1970654ddd8e55fc4a41c4\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/argoproj/argo-cd/pull/7139\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/argoproj/argo-cd/security/advisories/GHSA-fwr2-64vr-xv9m\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}"
}
}
rhsa-2023_5030
Vulnerability from csaf_redhat
Published
2023-09-08 13:09
Modified
2024-11-06 03:38
Summary
Red Hat Security Advisory: Red Hat OpenShift GitOps security update
Notes
Topic
An update is now available for Red Hat OpenShift GitOps 1.8.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Security Fix(es):
* ArgoCD: Secrets can be leaked through kubectl.kubernetes.io/last-applied-configuration (CVE-2023-40029)
* ArgoCD: Denial of Service to Argo CD repo-server (CVE-2023-40584)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift GitOps 1.8.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security Fix(es):\n\n* ArgoCD: Secrets can be leaked through kubectl.kubernetes.io/last-applied-configuration (CVE-2023-40029)\n\n* ArgoCD: Denial of Service to Argo CD repo-server (CVE-2023-40584)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5030",
"url": "https://access.redhat.com/errata/RHSA-2023:5030"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "2233203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233203"
},
{
"category": "external",
"summary": "2236530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236530"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5030.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift GitOps security update",
"tracking": {
"current_release_date": "2024-11-06T03:38:43+00:00",
"generator": {
"date": "2024-11-06T03:38:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2023:5030",
"initial_release_date": "2023-09-08T13:09:59+00:00",
"revision_history": [
{
"date": "2023-09-08T13:09:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-08T13:09:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-06T03:38:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.8",
"product": {
"name": "Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_gitops:1.8::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift GitOps"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:ff138ee0ffbb68106573f14aadba1a55051653fc90a212145138e1d20ae7b475_amd64",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:ff138ee0ffbb68106573f14aadba1a55051653fc90a212145138e1d20ae7b475_amd64",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:ff138ee0ffbb68106573f14aadba1a55051653fc90a212145138e1d20ae7b475_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:ff138ee0ffbb68106573f14aadba1a55051653fc90a212145138e1d20ae7b475?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.8.5-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:ea3b7681c3c48e27c0339c415847d40ddee15e52377a67d95d43accc3ae163e0_amd64",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:ea3b7681c3c48e27c0339c415847d40ddee15e52377a67d95d43accc3ae163e0_amd64",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:ea3b7681c3c48e27c0339c415847d40ddee15e52377a67d95d43accc3ae163e0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:ea3b7681c3c48e27c0339c415847d40ddee15e52377a67d95d43accc3ae163e0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.8.5-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:907b7fd50d0c09bb3ca154a3ea9f5af42c3726716d151a88b6f641895f07ffd3_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:907b7fd50d0c09bb3ca154a3ea9f5af42c3726716d151a88b6f641895f07ffd3_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:907b7fd50d0c09bb3ca154a3ea9f5af42c3726716d151a88b6f641895f07ffd3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:907b7fd50d0c09bb3ca154a3ea9f5af42c3726716d151a88b6f641895f07ffd3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.8.5-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:30dbb6630719c9afe0662335cc94e9d7efaf25c055b63b803146c55904fd047b_amd64",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:30dbb6630719c9afe0662335cc94e9d7efaf25c055b63b803146c55904fd047b_amd64",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:30dbb6630719c9afe0662335cc94e9d7efaf25c055b63b803146c55904fd047b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:30dbb6630719c9afe0662335cc94e9d7efaf25c055b63b803146c55904fd047b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.8.5-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:f14fcdaea3727a86b7c3ee91acab72d0fd4540482b2bc42f4c350f544ee9d871_amd64",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:f14fcdaea3727a86b7c3ee91acab72d0fd4540482b2bc42f4c350f544ee9d871_amd64",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:f14fcdaea3727a86b7c3ee91acab72d0fd4540482b2bc42f4c350f544ee9d871_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:f14fcdaea3727a86b7c3ee91acab72d0fd4540482b2bc42f4c350f544ee9d871?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.8.5-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:70db58fd5b998a759f31a92fc84caf71f4a59e70563b1539970feabd23f65d5d_amd64",
"product": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:70db58fd5b998a759f31a92fc84caf71f4a59e70563b1539970feabd23f65d5d_amd64",
"product_id": "openshift-gitops-1/gitops-operator-bundle@sha256:70db58fd5b998a759f31a92fc84caf71f4a59e70563b1539970feabd23f65d5d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-operator-bundle@sha256:70db58fd5b998a759f31a92fc84caf71f4a59e70563b1539970feabd23f65d5d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-operator-bundle\u0026tag=v1.8.5-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:e1adc977c267cdeb7f68cab8c21d5b119e6ac031157b52c873f65c4a70e9e01e_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:e1adc977c267cdeb7f68cab8c21d5b119e6ac031157b52c873f65c4a70e9e01e_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:e1adc977c267cdeb7f68cab8c21d5b119e6ac031157b52c873f65c4a70e9e01e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:e1adc977c267cdeb7f68cab8c21d5b119e6ac031157b52c873f65c4a70e9e01e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.8.5-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:f53c95450e275391d992b092748441e99f2162a48861e03d11fcc5b31f21a08b_s390x",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:f53c95450e275391d992b092748441e99f2162a48861e03d11fcc5b31f21a08b_s390x",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:f53c95450e275391d992b092748441e99f2162a48861e03d11fcc5b31f21a08b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:f53c95450e275391d992b092748441e99f2162a48861e03d11fcc5b31f21a08b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.8.5-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:67c40e4fe95e2a1329b075102ef5b9a28b1f6c99d68e31f63d8bacd90e0b6224_s390x",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:67c40e4fe95e2a1329b075102ef5b9a28b1f6c99d68e31f63d8bacd90e0b6224_s390x",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:67c40e4fe95e2a1329b075102ef5b9a28b1f6c99d68e31f63d8bacd90e0b6224_s390x",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:67c40e4fe95e2a1329b075102ef5b9a28b1f6c99d68e31f63d8bacd90e0b6224?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.8.5-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:5380b02cad0c40565dcbd90688b07b20c2e13304922d478e15ae359da1ded46d_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:5380b02cad0c40565dcbd90688b07b20c2e13304922d478e15ae359da1ded46d_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:5380b02cad0c40565dcbd90688b07b20c2e13304922d478e15ae359da1ded46d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:5380b02cad0c40565dcbd90688b07b20c2e13304922d478e15ae359da1ded46d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.8.5-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:f992523610a69e94b1db531dc10bcc003aa8e4b84913a0e8d7a520eada0de07c_s390x",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:f992523610a69e94b1db531dc10bcc003aa8e4b84913a0e8d7a520eada0de07c_s390x",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:f992523610a69e94b1db531dc10bcc003aa8e4b84913a0e8d7a520eada0de07c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:f992523610a69e94b1db531dc10bcc003aa8e4b84913a0e8d7a520eada0de07c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.8.5-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:320fce29ab84b25b4cedbb10ccd481dcfdec9d182d0dd44096f3cbdda3ee5f6a_s390x",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:320fce29ab84b25b4cedbb10ccd481dcfdec9d182d0dd44096f3cbdda3ee5f6a_s390x",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:320fce29ab84b25b4cedbb10ccd481dcfdec9d182d0dd44096f3cbdda3ee5f6a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:320fce29ab84b25b4cedbb10ccd481dcfdec9d182d0dd44096f3cbdda3ee5f6a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.8.5-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:c6ecd15ad1e8a8bc99e484c3be6d0a91951b42180c83d0f447428795234f35a4_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:c6ecd15ad1e8a8bc99e484c3be6d0a91951b42180c83d0f447428795234f35a4_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:c6ecd15ad1e8a8bc99e484c3be6d0a91951b42180c83d0f447428795234f35a4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:c6ecd15ad1e8a8bc99e484c3be6d0a91951b42180c83d0f447428795234f35a4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.8.5-1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:49f4c4c33b27dd44cb380b61ba269d21e93aa306e7a4dd3174f8e7028ae8fb16_arm64",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:49f4c4c33b27dd44cb380b61ba269d21e93aa306e7a4dd3174f8e7028ae8fb16_arm64",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:49f4c4c33b27dd44cb380b61ba269d21e93aa306e7a4dd3174f8e7028ae8fb16_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:49f4c4c33b27dd44cb380b61ba269d21e93aa306e7a4dd3174f8e7028ae8fb16?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.8.5-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:c99e14d74329e326a4c078fac6a0299e0eb873c55da156f87c8f038975882392_arm64",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:c99e14d74329e326a4c078fac6a0299e0eb873c55da156f87c8f038975882392_arm64",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:c99e14d74329e326a4c078fac6a0299e0eb873c55da156f87c8f038975882392_arm64",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:c99e14d74329e326a4c078fac6a0299e0eb873c55da156f87c8f038975882392?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.8.5-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:08e888b49efe41284285d7824a3115ef9f1b3ebe540b956ede7b5b0df438e369_arm64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:08e888b49efe41284285d7824a3115ef9f1b3ebe540b956ede7b5b0df438e369_arm64",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:08e888b49efe41284285d7824a3115ef9f1b3ebe540b956ede7b5b0df438e369_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:08e888b49efe41284285d7824a3115ef9f1b3ebe540b956ede7b5b0df438e369?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.8.5-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:eaa02afd0eba3fce426b5f8a20ae660a38b091e5df1c17f09a23513a923a3734_arm64",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:eaa02afd0eba3fce426b5f8a20ae660a38b091e5df1c17f09a23513a923a3734_arm64",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:eaa02afd0eba3fce426b5f8a20ae660a38b091e5df1c17f09a23513a923a3734_arm64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:eaa02afd0eba3fce426b5f8a20ae660a38b091e5df1c17f09a23513a923a3734?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.8.5-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:333457e34ea2a27a9eaa56477f7b775ec1e1cdbc89d2fe8f2d0d74a690ee3ef8_arm64",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:333457e34ea2a27a9eaa56477f7b775ec1e1cdbc89d2fe8f2d0d74a690ee3ef8_arm64",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:333457e34ea2a27a9eaa56477f7b775ec1e1cdbc89d2fe8f2d0d74a690ee3ef8_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:333457e34ea2a27a9eaa56477f7b775ec1e1cdbc89d2fe8f2d0d74a690ee3ef8?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.8.5-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:d6bc56e3bbc646fc90953e9ce85f4465fc6df0ed97da244d0e2913bc0e4517e1_arm64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:d6bc56e3bbc646fc90953e9ce85f4465fc6df0ed97da244d0e2913bc0e4517e1_arm64",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:d6bc56e3bbc646fc90953e9ce85f4465fc6df0ed97da244d0e2913bc0e4517e1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:d6bc56e3bbc646fc90953e9ce85f4465fc6df0ed97da244d0e2913bc0e4517e1?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.8.5-1"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:605466994766917f7f57f6e3b493d5506067214687852dd115ef29252eb82ed8_ppc64le",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:605466994766917f7f57f6e3b493d5506067214687852dd115ef29252eb82ed8_ppc64le",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:605466994766917f7f57f6e3b493d5506067214687852dd115ef29252eb82ed8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:605466994766917f7f57f6e3b493d5506067214687852dd115ef29252eb82ed8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.8.5-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:b1a750ea8c58f936297900f9d21645bb4ce955cce669ec7eccfe0bac1a473aee_ppc64le",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:b1a750ea8c58f936297900f9d21645bb4ce955cce669ec7eccfe0bac1a473aee_ppc64le",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:b1a750ea8c58f936297900f9d21645bb4ce955cce669ec7eccfe0bac1a473aee_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:b1a750ea8c58f936297900f9d21645bb4ce955cce669ec7eccfe0bac1a473aee?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.8.5-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:17f0f5d82384c88ed4650b6713a72d7c048effa48e01baf85d7d9e20695fa02c_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:17f0f5d82384c88ed4650b6713a72d7c048effa48e01baf85d7d9e20695fa02c_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:17f0f5d82384c88ed4650b6713a72d7c048effa48e01baf85d7d9e20695fa02c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:17f0f5d82384c88ed4650b6713a72d7c048effa48e01baf85d7d9e20695fa02c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.8.5-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:9f1a8964b0e48346118b7bf82b79bd9d1202d416076eb447b365cc68959ed0bb_ppc64le",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:9f1a8964b0e48346118b7bf82b79bd9d1202d416076eb447b365cc68959ed0bb_ppc64le",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:9f1a8964b0e48346118b7bf82b79bd9d1202d416076eb447b365cc68959ed0bb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:9f1a8964b0e48346118b7bf82b79bd9d1202d416076eb447b365cc68959ed0bb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.8.5-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:5fe68cd77f99e7a40773177ec2b2482d0fbc3b58e126327fe65f8fcc37f5c3b4_ppc64le",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:5fe68cd77f99e7a40773177ec2b2482d0fbc3b58e126327fe65f8fcc37f5c3b4_ppc64le",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:5fe68cd77f99e7a40773177ec2b2482d0fbc3b58e126327fe65f8fcc37f5c3b4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:5fe68cd77f99e7a40773177ec2b2482d0fbc3b58e126327fe65f8fcc37f5c3b4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.8.5-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:67ea71348244066577717989936a6ac90af99b3d1b9bebf1c51630fe6dfe59c5_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:67ea71348244066577717989936a6ac90af99b3d1b9bebf1c51630fe6dfe59c5_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:67ea71348244066577717989936a6ac90af99b3d1b9bebf1c51630fe6dfe59c5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:67ea71348244066577717989936a6ac90af99b3d1b9bebf1c51630fe6dfe59c5?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.8.5-1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:49f4c4c33b27dd44cb380b61ba269d21e93aa306e7a4dd3174f8e7028ae8fb16_arm64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:49f4c4c33b27dd44cb380b61ba269d21e93aa306e7a4dd3174f8e7028ae8fb16_arm64"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:49f4c4c33b27dd44cb380b61ba269d21e93aa306e7a4dd3174f8e7028ae8fb16_arm64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:605466994766917f7f57f6e3b493d5506067214687852dd115ef29252eb82ed8_ppc64le as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:605466994766917f7f57f6e3b493d5506067214687852dd115ef29252eb82ed8_ppc64le"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:605466994766917f7f57f6e3b493d5506067214687852dd115ef29252eb82ed8_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:f53c95450e275391d992b092748441e99f2162a48861e03d11fcc5b31f21a08b_s390x as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:f53c95450e275391d992b092748441e99f2162a48861e03d11fcc5b31f21a08b_s390x"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:f53c95450e275391d992b092748441e99f2162a48861e03d11fcc5b31f21a08b_s390x",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:ff138ee0ffbb68106573f14aadba1a55051653fc90a212145138e1d20ae7b475_amd64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:ff138ee0ffbb68106573f14aadba1a55051653fc90a212145138e1d20ae7b475_amd64"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:ff138ee0ffbb68106573f14aadba1a55051653fc90a212145138e1d20ae7b475_amd64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:67c40e4fe95e2a1329b075102ef5b9a28b1f6c99d68e31f63d8bacd90e0b6224_s390x as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:67c40e4fe95e2a1329b075102ef5b9a28b1f6c99d68e31f63d8bacd90e0b6224_s390x"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:67c40e4fe95e2a1329b075102ef5b9a28b1f6c99d68e31f63d8bacd90e0b6224_s390x",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:b1a750ea8c58f936297900f9d21645bb4ce955cce669ec7eccfe0bac1a473aee_ppc64le as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:b1a750ea8c58f936297900f9d21645bb4ce955cce669ec7eccfe0bac1a473aee_ppc64le"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:b1a750ea8c58f936297900f9d21645bb4ce955cce669ec7eccfe0bac1a473aee_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:c99e14d74329e326a4c078fac6a0299e0eb873c55da156f87c8f038975882392_arm64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:c99e14d74329e326a4c078fac6a0299e0eb873c55da156f87c8f038975882392_arm64"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:c99e14d74329e326a4c078fac6a0299e0eb873c55da156f87c8f038975882392_arm64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:ea3b7681c3c48e27c0339c415847d40ddee15e52377a67d95d43accc3ae163e0_amd64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:ea3b7681c3c48e27c0339c415847d40ddee15e52377a67d95d43accc3ae163e0_amd64"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:ea3b7681c3c48e27c0339c415847d40ddee15e52377a67d95d43accc3ae163e0_amd64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:30dbb6630719c9afe0662335cc94e9d7efaf25c055b63b803146c55904fd047b_amd64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:30dbb6630719c9afe0662335cc94e9d7efaf25c055b63b803146c55904fd047b_amd64"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:30dbb6630719c9afe0662335cc94e9d7efaf25c055b63b803146c55904fd047b_amd64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:9f1a8964b0e48346118b7bf82b79bd9d1202d416076eb447b365cc68959ed0bb_ppc64le as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:9f1a8964b0e48346118b7bf82b79bd9d1202d416076eb447b365cc68959ed0bb_ppc64le"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:9f1a8964b0e48346118b7bf82b79bd9d1202d416076eb447b365cc68959ed0bb_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:eaa02afd0eba3fce426b5f8a20ae660a38b091e5df1c17f09a23513a923a3734_arm64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:eaa02afd0eba3fce426b5f8a20ae660a38b091e5df1c17f09a23513a923a3734_arm64"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:eaa02afd0eba3fce426b5f8a20ae660a38b091e5df1c17f09a23513a923a3734_arm64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:f992523610a69e94b1db531dc10bcc003aa8e4b84913a0e8d7a520eada0de07c_s390x as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:f992523610a69e94b1db531dc10bcc003aa8e4b84913a0e8d7a520eada0de07c_s390x"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:f992523610a69e94b1db531dc10bcc003aa8e4b84913a0e8d7a520eada0de07c_s390x",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:70db58fd5b998a759f31a92fc84caf71f4a59e70563b1539970feabd23f65d5d_amd64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-operator-bundle@sha256:70db58fd5b998a759f31a92fc84caf71f4a59e70563b1539970feabd23f65d5d_amd64"
},
"product_reference": "openshift-gitops-1/gitops-operator-bundle@sha256:70db58fd5b998a759f31a92fc84caf71f4a59e70563b1539970feabd23f65d5d_amd64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:67ea71348244066577717989936a6ac90af99b3d1b9bebf1c51630fe6dfe59c5_ppc64le as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:67ea71348244066577717989936a6ac90af99b3d1b9bebf1c51630fe6dfe59c5_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:67ea71348244066577717989936a6ac90af99b3d1b9bebf1c51630fe6dfe59c5_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:c6ecd15ad1e8a8bc99e484c3be6d0a91951b42180c83d0f447428795234f35a4_s390x as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:c6ecd15ad1e8a8bc99e484c3be6d0a91951b42180c83d0f447428795234f35a4_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:c6ecd15ad1e8a8bc99e484c3be6d0a91951b42180c83d0f447428795234f35a4_s390x",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:d6bc56e3bbc646fc90953e9ce85f4465fc6df0ed97da244d0e2913bc0e4517e1_arm64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:d6bc56e3bbc646fc90953e9ce85f4465fc6df0ed97da244d0e2913bc0e4517e1_arm64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:d6bc56e3bbc646fc90953e9ce85f4465fc6df0ed97da244d0e2913bc0e4517e1_arm64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:e1adc977c267cdeb7f68cab8c21d5b119e6ac031157b52c873f65c4a70e9e01e_amd64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:e1adc977c267cdeb7f68cab8c21d5b119e6ac031157b52c873f65c4a70e9e01e_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:e1adc977c267cdeb7f68cab8c21d5b119e6ac031157b52c873f65c4a70e9e01e_amd64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:08e888b49efe41284285d7824a3115ef9f1b3ebe540b956ede7b5b0df438e369_arm64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:08e888b49efe41284285d7824a3115ef9f1b3ebe540b956ede7b5b0df438e369_arm64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:08e888b49efe41284285d7824a3115ef9f1b3ebe540b956ede7b5b0df438e369_arm64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:17f0f5d82384c88ed4650b6713a72d7c048effa48e01baf85d7d9e20695fa02c_ppc64le as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:17f0f5d82384c88ed4650b6713a72d7c048effa48e01baf85d7d9e20695fa02c_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:17f0f5d82384c88ed4650b6713a72d7c048effa48e01baf85d7d9e20695fa02c_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:5380b02cad0c40565dcbd90688b07b20c2e13304922d478e15ae359da1ded46d_s390x as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:5380b02cad0c40565dcbd90688b07b20c2e13304922d478e15ae359da1ded46d_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:5380b02cad0c40565dcbd90688b07b20c2e13304922d478e15ae359da1ded46d_s390x",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:907b7fd50d0c09bb3ca154a3ea9f5af42c3726716d151a88b6f641895f07ffd3_amd64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:907b7fd50d0c09bb3ca154a3ea9f5af42c3726716d151a88b6f641895f07ffd3_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:907b7fd50d0c09bb3ca154a3ea9f5af42c3726716d151a88b6f641895f07ffd3_amd64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:320fce29ab84b25b4cedbb10ccd481dcfdec9d182d0dd44096f3cbdda3ee5f6a_s390x as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:320fce29ab84b25b4cedbb10ccd481dcfdec9d182d0dd44096f3cbdda3ee5f6a_s390x"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:320fce29ab84b25b4cedbb10ccd481dcfdec9d182d0dd44096f3cbdda3ee5f6a_s390x",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:333457e34ea2a27a9eaa56477f7b775ec1e1cdbc89d2fe8f2d0d74a690ee3ef8_arm64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:333457e34ea2a27a9eaa56477f7b775ec1e1cdbc89d2fe8f2d0d74a690ee3ef8_arm64"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:333457e34ea2a27a9eaa56477f7b775ec1e1cdbc89d2fe8f2d0d74a690ee3ef8_arm64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:5fe68cd77f99e7a40773177ec2b2482d0fbc3b58e126327fe65f8fcc37f5c3b4_ppc64le as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:5fe68cd77f99e7a40773177ec2b2482d0fbc3b58e126327fe65f8fcc37f5c3b4_ppc64le"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:5fe68cd77f99e7a40773177ec2b2482d0fbc3b58e126327fe65f8fcc37f5c3b4_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:f14fcdaea3727a86b7c3ee91acab72d0fd4540482b2bc42f4c350f544ee9d871_amd64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:f14fcdaea3727a86b7c3ee91acab72d0fd4540482b2bc42f4c350f544ee9d871_amd64"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:f14fcdaea3727a86b7c3ee91acab72d0fd4540482b2bc42f4c350f544ee9d871_amd64",
"relates_to_product_reference": "8Base-GitOps-1.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-40029",
"discovery_date": "2023-08-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:67c40e4fe95e2a1329b075102ef5b9a28b1f6c99d68e31f63d8bacd90e0b6224_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:b1a750ea8c58f936297900f9d21645bb4ce955cce669ec7eccfe0bac1a473aee_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:c99e14d74329e326a4c078fac6a0299e0eb873c55da156f87c8f038975882392_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:ea3b7681c3c48e27c0339c415847d40ddee15e52377a67d95d43accc3ae163e0_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:30dbb6630719c9afe0662335cc94e9d7efaf25c055b63b803146c55904fd047b_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:9f1a8964b0e48346118b7bf82b79bd9d1202d416076eb447b365cc68959ed0bb_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:eaa02afd0eba3fce426b5f8a20ae660a38b091e5df1c17f09a23513a923a3734_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:f992523610a69e94b1db531dc10bcc003aa8e4b84913a0e8d7a520eada0de07c_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-operator-bundle@sha256:70db58fd5b998a759f31a92fc84caf71f4a59e70563b1539970feabd23f65d5d_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:67ea71348244066577717989936a6ac90af99b3d1b9bebf1c51630fe6dfe59c5_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:c6ecd15ad1e8a8bc99e484c3be6d0a91951b42180c83d0f447428795234f35a4_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:d6bc56e3bbc646fc90953e9ce85f4465fc6df0ed97da244d0e2913bc0e4517e1_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:e1adc977c267cdeb7f68cab8c21d5b119e6ac031157b52c873f65c4a70e9e01e_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:08e888b49efe41284285d7824a3115ef9f1b3ebe540b956ede7b5b0df438e369_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:17f0f5d82384c88ed4650b6713a72d7c048effa48e01baf85d7d9e20695fa02c_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:5380b02cad0c40565dcbd90688b07b20c2e13304922d478e15ae359da1ded46d_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:907b7fd50d0c09bb3ca154a3ea9f5af42c3726716d151a88b6f641895f07ffd3_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:320fce29ab84b25b4cedbb10ccd481dcfdec9d182d0dd44096f3cbdda3ee5f6a_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:333457e34ea2a27a9eaa56477f7b775ec1e1cdbc89d2fe8f2d0d74a690ee3ef8_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:5fe68cd77f99e7a40773177ec2b2482d0fbc3b58e126327fe65f8fcc37f5c3b4_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:f14fcdaea3727a86b7c3ee91acab72d0fd4540482b2bc42f4c350f544ee9d871_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2233203"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the ArgoCD package, used by Red Hat GitOps, that allows cluster secrets to be managed declaratively using the `kubectl apply` functionality, resulting in the full secret body being stored in `kubectl.kubernetes.io/last-applied-configuration` annotation. Since ArgoCD has included the ability to manage cluster labels and annotations via its API, an attacker can retrieve sensitive authentication information by leveraging this capability, imposing a high impact on data confidentiality and integrity for the targeted ArgoCD cluster. To perform a successful attack, the malicious actor should have `clusters, get` RBAC access granted to its user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ArgoCD: secrets can be leak through kubectl.kubernetes.io/last-applied-configuration",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:49f4c4c33b27dd44cb380b61ba269d21e93aa306e7a4dd3174f8e7028ae8fb16_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:605466994766917f7f57f6e3b493d5506067214687852dd115ef29252eb82ed8_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:f53c95450e275391d992b092748441e99f2162a48861e03d11fcc5b31f21a08b_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:ff138ee0ffbb68106573f14aadba1a55051653fc90a212145138e1d20ae7b475_amd64"
],
"known_not_affected": [
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:67c40e4fe95e2a1329b075102ef5b9a28b1f6c99d68e31f63d8bacd90e0b6224_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:b1a750ea8c58f936297900f9d21645bb4ce955cce669ec7eccfe0bac1a473aee_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:c99e14d74329e326a4c078fac6a0299e0eb873c55da156f87c8f038975882392_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:ea3b7681c3c48e27c0339c415847d40ddee15e52377a67d95d43accc3ae163e0_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:30dbb6630719c9afe0662335cc94e9d7efaf25c055b63b803146c55904fd047b_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:9f1a8964b0e48346118b7bf82b79bd9d1202d416076eb447b365cc68959ed0bb_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:eaa02afd0eba3fce426b5f8a20ae660a38b091e5df1c17f09a23513a923a3734_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:f992523610a69e94b1db531dc10bcc003aa8e4b84913a0e8d7a520eada0de07c_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-operator-bundle@sha256:70db58fd5b998a759f31a92fc84caf71f4a59e70563b1539970feabd23f65d5d_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:67ea71348244066577717989936a6ac90af99b3d1b9bebf1c51630fe6dfe59c5_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:c6ecd15ad1e8a8bc99e484c3be6d0a91951b42180c83d0f447428795234f35a4_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:d6bc56e3bbc646fc90953e9ce85f4465fc6df0ed97da244d0e2913bc0e4517e1_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:e1adc977c267cdeb7f68cab8c21d5b119e6ac031157b52c873f65c4a70e9e01e_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:08e888b49efe41284285d7824a3115ef9f1b3ebe540b956ede7b5b0df438e369_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:17f0f5d82384c88ed4650b6713a72d7c048effa48e01baf85d7d9e20695fa02c_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:5380b02cad0c40565dcbd90688b07b20c2e13304922d478e15ae359da1ded46d_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:907b7fd50d0c09bb3ca154a3ea9f5af42c3726716d151a88b6f641895f07ffd3_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:320fce29ab84b25b4cedbb10ccd481dcfdec9d182d0dd44096f3cbdda3ee5f6a_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:333457e34ea2a27a9eaa56477f7b775ec1e1cdbc89d2fe8f2d0d74a690ee3ef8_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:5fe68cd77f99e7a40773177ec2b2482d0fbc3b58e126327fe65f8fcc37f5c3b4_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:f14fcdaea3727a86b7c3ee91acab72d0fd4540482b2bc42f4c350f544ee9d871_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40029"
},
{
"category": "external",
"summary": "RHBZ#2233203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40029",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40029"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40029",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40029"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-fwr2-64vr-xv9m",
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-fwr2-64vr-xv9m"
}
],
"release_date": "2023-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-08T13:09:59+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:49f4c4c33b27dd44cb380b61ba269d21e93aa306e7a4dd3174f8e7028ae8fb16_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:605466994766917f7f57f6e3b493d5506067214687852dd115ef29252eb82ed8_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:f53c95450e275391d992b092748441e99f2162a48861e03d11fcc5b31f21a08b_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:ff138ee0ffbb68106573f14aadba1a55051653fc90a212145138e1d20ae7b475_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5030"
},
{
"category": "workaround",
"details": "Update/deploy the cluster secret with the`server-side-apply` flag, which does not use or rely on the `kubectl.kubernetes.io/last-applied-configuration` \u003chttp://kubectl.kubernetes.io/last-applied-configuration\u003e annotation.\n\nNote: Annotation for existing secrets will require manual removal.",
"product_ids": [
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:49f4c4c33b27dd44cb380b61ba269d21e93aa306e7a4dd3174f8e7028ae8fb16_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:605466994766917f7f57f6e3b493d5506067214687852dd115ef29252eb82ed8_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:f53c95450e275391d992b092748441e99f2162a48861e03d11fcc5b31f21a08b_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:ff138ee0ffbb68106573f14aadba1a55051653fc90a212145138e1d20ae7b475_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:67c40e4fe95e2a1329b075102ef5b9a28b1f6c99d68e31f63d8bacd90e0b6224_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:b1a750ea8c58f936297900f9d21645bb4ce955cce669ec7eccfe0bac1a473aee_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:c99e14d74329e326a4c078fac6a0299e0eb873c55da156f87c8f038975882392_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:ea3b7681c3c48e27c0339c415847d40ddee15e52377a67d95d43accc3ae163e0_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:30dbb6630719c9afe0662335cc94e9d7efaf25c055b63b803146c55904fd047b_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:9f1a8964b0e48346118b7bf82b79bd9d1202d416076eb447b365cc68959ed0bb_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:eaa02afd0eba3fce426b5f8a20ae660a38b091e5df1c17f09a23513a923a3734_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:f992523610a69e94b1db531dc10bcc003aa8e4b84913a0e8d7a520eada0de07c_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-operator-bundle@sha256:70db58fd5b998a759f31a92fc84caf71f4a59e70563b1539970feabd23f65d5d_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:67ea71348244066577717989936a6ac90af99b3d1b9bebf1c51630fe6dfe59c5_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:c6ecd15ad1e8a8bc99e484c3be6d0a91951b42180c83d0f447428795234f35a4_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:d6bc56e3bbc646fc90953e9ce85f4465fc6df0ed97da244d0e2913bc0e4517e1_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:e1adc977c267cdeb7f68cab8c21d5b119e6ac031157b52c873f65c4a70e9e01e_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:08e888b49efe41284285d7824a3115ef9f1b3ebe540b956ede7b5b0df438e369_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:17f0f5d82384c88ed4650b6713a72d7c048effa48e01baf85d7d9e20695fa02c_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:5380b02cad0c40565dcbd90688b07b20c2e13304922d478e15ae359da1ded46d_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:907b7fd50d0c09bb3ca154a3ea9f5af42c3726716d151a88b6f641895f07ffd3_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:320fce29ab84b25b4cedbb10ccd481dcfdec9d182d0dd44096f3cbdda3ee5f6a_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:333457e34ea2a27a9eaa56477f7b775ec1e1cdbc89d2fe8f2d0d74a690ee3ef8_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:5fe68cd77f99e7a40773177ec2b2482d0fbc3b58e126327fe65f8fcc37f5c3b4_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:f14fcdaea3727a86b7c3ee91acab72d0fd4540482b2bc42f4c350f544ee9d871_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:49f4c4c33b27dd44cb380b61ba269d21e93aa306e7a4dd3174f8e7028ae8fb16_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:605466994766917f7f57f6e3b493d5506067214687852dd115ef29252eb82ed8_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:f53c95450e275391d992b092748441e99f2162a48861e03d11fcc5b31f21a08b_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:ff138ee0ffbb68106573f14aadba1a55051653fc90a212145138e1d20ae7b475_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "ArgoCD: secrets can be leak through kubectl.kubernetes.io/last-applied-configuration"
},
{
"cve": "CVE-2023-40584",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-08-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:67c40e4fe95e2a1329b075102ef5b9a28b1f6c99d68e31f63d8bacd90e0b6224_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:b1a750ea8c58f936297900f9d21645bb4ce955cce669ec7eccfe0bac1a473aee_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:c99e14d74329e326a4c078fac6a0299e0eb873c55da156f87c8f038975882392_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:ea3b7681c3c48e27c0339c415847d40ddee15e52377a67d95d43accc3ae163e0_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:30dbb6630719c9afe0662335cc94e9d7efaf25c055b63b803146c55904fd047b_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:9f1a8964b0e48346118b7bf82b79bd9d1202d416076eb447b365cc68959ed0bb_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:eaa02afd0eba3fce426b5f8a20ae660a38b091e5df1c17f09a23513a923a3734_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:f992523610a69e94b1db531dc10bcc003aa8e4b84913a0e8d7a520eada0de07c_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-operator-bundle@sha256:70db58fd5b998a759f31a92fc84caf71f4a59e70563b1539970feabd23f65d5d_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:67ea71348244066577717989936a6ac90af99b3d1b9bebf1c51630fe6dfe59c5_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:c6ecd15ad1e8a8bc99e484c3be6d0a91951b42180c83d0f447428795234f35a4_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:d6bc56e3bbc646fc90953e9ce85f4465fc6df0ed97da244d0e2913bc0e4517e1_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:e1adc977c267cdeb7f68cab8c21d5b119e6ac031157b52c873f65c4a70e9e01e_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:08e888b49efe41284285d7824a3115ef9f1b3ebe540b956ede7b5b0df438e369_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:17f0f5d82384c88ed4650b6713a72d7c048effa48e01baf85d7d9e20695fa02c_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:5380b02cad0c40565dcbd90688b07b20c2e13304922d478e15ae359da1ded46d_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:907b7fd50d0c09bb3ca154a3ea9f5af42c3726716d151a88b6f641895f07ffd3_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:320fce29ab84b25b4cedbb10ccd481dcfdec9d182d0dd44096f3cbdda3ee5f6a_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:333457e34ea2a27a9eaa56477f7b775ec1e1cdbc89d2fe8f2d0d74a690ee3ef8_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:5fe68cd77f99e7a40773177ec2b2482d0fbc3b58e126327fe65f8fcc37f5c3b4_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:f14fcdaea3727a86b7c3ee91acab72d0fd4540482b2bc42f4c350f544ee9d871_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236530"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ArgoCD, where it failed to properly validate the user-controlled tar.gz file uploaded to the repo-server component. As a result, a maliciously crafted tar.gz file sent by a low-privileged user may result in resource starvation and further denial of service of the ArgoCD server. Additionally, the lack of permissions checking for the inner files in the tar.gz file may lead to an attacker creating files that cannot be further deleted from the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ArgoCD: Denial of Service to Argo CD repo-server",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:49f4c4c33b27dd44cb380b61ba269d21e93aa306e7a4dd3174f8e7028ae8fb16_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:605466994766917f7f57f6e3b493d5506067214687852dd115ef29252eb82ed8_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:f53c95450e275391d992b092748441e99f2162a48861e03d11fcc5b31f21a08b_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:ff138ee0ffbb68106573f14aadba1a55051653fc90a212145138e1d20ae7b475_amd64"
],
"known_not_affected": [
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:67c40e4fe95e2a1329b075102ef5b9a28b1f6c99d68e31f63d8bacd90e0b6224_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:b1a750ea8c58f936297900f9d21645bb4ce955cce669ec7eccfe0bac1a473aee_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:c99e14d74329e326a4c078fac6a0299e0eb873c55da156f87c8f038975882392_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:ea3b7681c3c48e27c0339c415847d40ddee15e52377a67d95d43accc3ae163e0_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:30dbb6630719c9afe0662335cc94e9d7efaf25c055b63b803146c55904fd047b_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:9f1a8964b0e48346118b7bf82b79bd9d1202d416076eb447b365cc68959ed0bb_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:eaa02afd0eba3fce426b5f8a20ae660a38b091e5df1c17f09a23513a923a3734_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:f992523610a69e94b1db531dc10bcc003aa8e4b84913a0e8d7a520eada0de07c_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-operator-bundle@sha256:70db58fd5b998a759f31a92fc84caf71f4a59e70563b1539970feabd23f65d5d_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:67ea71348244066577717989936a6ac90af99b3d1b9bebf1c51630fe6dfe59c5_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:c6ecd15ad1e8a8bc99e484c3be6d0a91951b42180c83d0f447428795234f35a4_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:d6bc56e3bbc646fc90953e9ce85f4465fc6df0ed97da244d0e2913bc0e4517e1_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:e1adc977c267cdeb7f68cab8c21d5b119e6ac031157b52c873f65c4a70e9e01e_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:08e888b49efe41284285d7824a3115ef9f1b3ebe540b956ede7b5b0df438e369_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:17f0f5d82384c88ed4650b6713a72d7c048effa48e01baf85d7d9e20695fa02c_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:5380b02cad0c40565dcbd90688b07b20c2e13304922d478e15ae359da1ded46d_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:907b7fd50d0c09bb3ca154a3ea9f5af42c3726716d151a88b6f641895f07ffd3_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:320fce29ab84b25b4cedbb10ccd481dcfdec9d182d0dd44096f3cbdda3ee5f6a_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:333457e34ea2a27a9eaa56477f7b775ec1e1cdbc89d2fe8f2d0d74a690ee3ef8_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:5fe68cd77f99e7a40773177ec2b2482d0fbc3b58e126327fe65f8fcc37f5c3b4_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:f14fcdaea3727a86b7c3ee91acab72d0fd4540482b2bc42f4c350f544ee9d871_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40584"
},
{
"category": "external",
"summary": "RHBZ#2236530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236530"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40584",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40584"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40584",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40584"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-g687-f2gx-6wm8",
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-g687-f2gx-6wm8"
}
],
"release_date": "2023-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-08T13:09:59+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:49f4c4c33b27dd44cb380b61ba269d21e93aa306e7a4dd3174f8e7028ae8fb16_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:605466994766917f7f57f6e3b493d5506067214687852dd115ef29252eb82ed8_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:f53c95450e275391d992b092748441e99f2162a48861e03d11fcc5b31f21a08b_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:ff138ee0ffbb68106573f14aadba1a55051653fc90a212145138e1d20ae7b475_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5030"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:49f4c4c33b27dd44cb380b61ba269d21e93aa306e7a4dd3174f8e7028ae8fb16_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:605466994766917f7f57f6e3b493d5506067214687852dd115ef29252eb82ed8_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:f53c95450e275391d992b092748441e99f2162a48861e03d11fcc5b31f21a08b_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:ff138ee0ffbb68106573f14aadba1a55051653fc90a212145138e1d20ae7b475_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ArgoCD: Denial of Service to Argo CD repo-server"
}
]
}
rhsa-2023_5029
Vulnerability from csaf_redhat
Published
2023-09-08 13:00
Modified
2024-11-06 03:38
Summary
Red Hat Security Advisory: Red Hat OpenShift GitOps security update
Notes
Topic
An update is now available for Red Hat OpenShift GitOps 1.9.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Security Fix(es):
* ArgoCD: secrets can be leaked through kubectl.kubernetes.io/last-applied-configuration (CVE-2023-40029)
* ArgoCD: Denial of Service to Argo CD repo-server (CVE-2023-40584)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift GitOps 1.9.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security Fix(es):\n\n* ArgoCD: secrets can be leaked through kubectl.kubernetes.io/last-applied-configuration (CVE-2023-40029)\n\n* ArgoCD: Denial of Service to Argo CD repo-server (CVE-2023-40584)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5029",
"url": "https://access.redhat.com/errata/RHSA-2023:5029"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "2233203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233203"
},
{
"category": "external",
"summary": "2236530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236530"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5029.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift GitOps security update",
"tracking": {
"current_release_date": "2024-11-06T03:38:33+00:00",
"generator": {
"date": "2024-11-06T03:38:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2023:5029",
"initial_release_date": "2023-09-08T13:00:32+00:00",
"revision_history": [
{
"date": "2023-09-08T13:00:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-08T13:00:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-06T03:38:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.9",
"product": {
"name": "Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_gitops:1.9::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift GitOps"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:03d223c3928b2284d2ab6870652a8a34bb56e05f52388f0f90174da05f670535_arm64",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:03d223c3928b2284d2ab6870652a8a34bb56e05f52388f0f90174da05f670535_arm64",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:03d223c3928b2284d2ab6870652a8a34bb56e05f52388f0f90174da05f670535_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:03d223c3928b2284d2ab6870652a8a34bb56e05f52388f0f90174da05f670535?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.9.2-2"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:d29dcb4565dfa3750254ac943059452c7f9e8f6c6ff7ca1ea19ac8e51bd10b1b_arm64",
"product": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:d29dcb4565dfa3750254ac943059452c7f9e8f6c6ff7ca1ea19ac8e51bd10b1b_arm64",
"product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:d29dcb4565dfa3750254ac943059452c7f9e8f6c6ff7ca1ea19ac8e51bd10b1b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256:d29dcb4565dfa3750254ac943059452c7f9e8f6c6ff7ca1ea19ac8e51bd10b1b?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.9.2-2"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:6c0e00705e55f098a6927b93af39bc9e645eb989b58957eab6b0c6560c3f9952_arm64",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:6c0e00705e55f098a6927b93af39bc9e645eb989b58957eab6b0c6560c3f9952_arm64",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:6c0e00705e55f098a6927b93af39bc9e645eb989b58957eab6b0c6560c3f9952_arm64",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:6c0e00705e55f098a6927b93af39bc9e645eb989b58957eab6b0c6560c3f9952?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.9.2-2"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:fcd40768542ab495c16147d412a36759ee55a9bec58a90224f27e89ca3772178_arm64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:fcd40768542ab495c16147d412a36759ee55a9bec58a90224f27e89ca3772178_arm64",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:fcd40768542ab495c16147d412a36759ee55a9bec58a90224f27e89ca3772178_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:fcd40768542ab495c16147d412a36759ee55a9bec58a90224f27e89ca3772178?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.9.2-2"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:ea441e824727aaaf3603d111bb8041a6062832ba99f341eba6af46f206e14f21_arm64",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:ea441e824727aaaf3603d111bb8041a6062832ba99f341eba6af46f206e14f21_arm64",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:ea441e824727aaaf3603d111bb8041a6062832ba99f341eba6af46f206e14f21_arm64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:ea441e824727aaaf3603d111bb8041a6062832ba99f341eba6af46f206e14f21?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.9.2-2"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:86877c978adc1f22d87199fd23ea6f5fa05412badad3b3d3cbc74ba63a9a8721_arm64",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:86877c978adc1f22d87199fd23ea6f5fa05412badad3b3d3cbc74ba63a9a8721_arm64",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:86877c978adc1f22d87199fd23ea6f5fa05412badad3b3d3cbc74ba63a9a8721_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:86877c978adc1f22d87199fd23ea6f5fa05412badad3b3d3cbc74ba63a9a8721?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.9.2-2"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/must-gather-rhel8@sha256:e6375ddb6b79f665f7c76a785d1e66dbc77d6cf72799d8f64cc71a1881c699b2_arm64",
"product": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:e6375ddb6b79f665f7c76a785d1e66dbc77d6cf72799d8f64cc71a1881c699b2_arm64",
"product_id": "openshift-gitops-1/must-gather-rhel8@sha256:e6375ddb6b79f665f7c76a785d1e66dbc77d6cf72799d8f64cc71a1881c699b2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256:e6375ddb6b79f665f7c76a785d1e66dbc77d6cf72799d8f64cc71a1881c699b2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.9.2-2"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:8704816375bd42dc5d9dc442694e511cb7307fce42090c5a335a320951f65f92_arm64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:8704816375bd42dc5d9dc442694e511cb7307fce42090c5a335a320951f65f92_arm64",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:8704816375bd42dc5d9dc442694e511cb7307fce42090c5a335a320951f65f92_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:8704816375bd42dc5d9dc442694e511cb7307fce42090c5a335a320951f65f92?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.9.2-2"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:f0054516df984bda47e005a2aaa5e7256c3039429aa5aa37c1a4b0f6f7942519_amd64",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:f0054516df984bda47e005a2aaa5e7256c3039429aa5aa37c1a4b0f6f7942519_amd64",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:f0054516df984bda47e005a2aaa5e7256c3039429aa5aa37c1a4b0f6f7942519_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:f0054516df984bda47e005a2aaa5e7256c3039429aa5aa37c1a4b0f6f7942519?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.9.2-2"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:7048e08a52ebcbf6ee3e2c70c6b12b92a044899e976a98ccf398931c01a48333_amd64",
"product": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:7048e08a52ebcbf6ee3e2c70c6b12b92a044899e976a98ccf398931c01a48333_amd64",
"product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:7048e08a52ebcbf6ee3e2c70c6b12b92a044899e976a98ccf398931c01a48333_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256:7048e08a52ebcbf6ee3e2c70c6b12b92a044899e976a98ccf398931c01a48333?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.9.2-2"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:7a0128152d1f40c8a9b908ca40518cbee671755b0749eb602bfaec51223ac4d3_amd64",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:7a0128152d1f40c8a9b908ca40518cbee671755b0749eb602bfaec51223ac4d3_amd64",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:7a0128152d1f40c8a9b908ca40518cbee671755b0749eb602bfaec51223ac4d3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:7a0128152d1f40c8a9b908ca40518cbee671755b0749eb602bfaec51223ac4d3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.9.2-2"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:97b6649067c47e120f8b38bec0c34904d941d408d12fda8350a09650fbb229a2_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:97b6649067c47e120f8b38bec0c34904d941d408d12fda8350a09650fbb229a2_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:97b6649067c47e120f8b38bec0c34904d941d408d12fda8350a09650fbb229a2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:97b6649067c47e120f8b38bec0c34904d941d408d12fda8350a09650fbb229a2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.9.2-2"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:c413aa3194057340397bf9800d8460f5907f744e992cd2c77a5749e1afd76b79_amd64",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:c413aa3194057340397bf9800d8460f5907f744e992cd2c77a5749e1afd76b79_amd64",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:c413aa3194057340397bf9800d8460f5907f744e992cd2c77a5749e1afd76b79_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:c413aa3194057340397bf9800d8460f5907f744e992cd2c77a5749e1afd76b79?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.9.2-2"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:3bf8384e62a5540ea4bcd8d86170647ea6c5a84f090d56ca38037a41d5494c6c_amd64",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:3bf8384e62a5540ea4bcd8d86170647ea6c5a84f090d56ca38037a41d5494c6c_amd64",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:3bf8384e62a5540ea4bcd8d86170647ea6c5a84f090d56ca38037a41d5494c6c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:3bf8384e62a5540ea4bcd8d86170647ea6c5a84f090d56ca38037a41d5494c6c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.9.2-2"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/must-gather-rhel8@sha256:f55e668c4fd9beb02af82d79e107aa39d4e849a3ecdf20eedaa8bb81bea8062b_amd64",
"product": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:f55e668c4fd9beb02af82d79e107aa39d4e849a3ecdf20eedaa8bb81bea8062b_amd64",
"product_id": "openshift-gitops-1/must-gather-rhel8@sha256:f55e668c4fd9beb02af82d79e107aa39d4e849a3ecdf20eedaa8bb81bea8062b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256:f55e668c4fd9beb02af82d79e107aa39d4e849a3ecdf20eedaa8bb81bea8062b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.9.2-2"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:2201eec03ba3e0b01a5e2352d9a158c8d4e10063b699c1239c7a9eedc717dfa8_amd64",
"product": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:2201eec03ba3e0b01a5e2352d9a158c8d4e10063b699c1239c7a9eedc717dfa8_amd64",
"product_id": "openshift-gitops-1/gitops-operator-bundle@sha256:2201eec03ba3e0b01a5e2352d9a158c8d4e10063b699c1239c7a9eedc717dfa8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-operator-bundle@sha256:2201eec03ba3e0b01a5e2352d9a158c8d4e10063b699c1239c7a9eedc717dfa8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-operator-bundle\u0026tag=v1.9.2-2"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:e1ac5234661969b0d0ec93b1d029a9b9d3e7f6f9d89ecf0334db98f1a2b251f2_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:e1ac5234661969b0d0ec93b1d029a9b9d3e7f6f9d89ecf0334db98f1a2b251f2_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:e1ac5234661969b0d0ec93b1d029a9b9d3e7f6f9d89ecf0334db98f1a2b251f2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:e1ac5234661969b0d0ec93b1d029a9b9d3e7f6f9d89ecf0334db98f1a2b251f2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.9.2-2"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:29921e02d3d3620ac789825260158e85b501faebfec67276308e4440f2c40ccc_s390x",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:29921e02d3d3620ac789825260158e85b501faebfec67276308e4440f2c40ccc_s390x",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:29921e02d3d3620ac789825260158e85b501faebfec67276308e4440f2c40ccc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:29921e02d3d3620ac789825260158e85b501faebfec67276308e4440f2c40ccc?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.9.2-2"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:747f8e0c69886810a16418f88d4b6796f50566ac02680b4f3d9136c03b38b41f_s390x",
"product": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:747f8e0c69886810a16418f88d4b6796f50566ac02680b4f3d9136c03b38b41f_s390x",
"product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:747f8e0c69886810a16418f88d4b6796f50566ac02680b4f3d9136c03b38b41f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256:747f8e0c69886810a16418f88d4b6796f50566ac02680b4f3d9136c03b38b41f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.9.2-2"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:9ca8dacee46cb72f5ae2936ee737875c35f3feb4e405a4fac4513038867496ae_s390x",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:9ca8dacee46cb72f5ae2936ee737875c35f3feb4e405a4fac4513038867496ae_s390x",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:9ca8dacee46cb72f5ae2936ee737875c35f3feb4e405a4fac4513038867496ae_s390x",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:9ca8dacee46cb72f5ae2936ee737875c35f3feb4e405a4fac4513038867496ae?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.9.2-2"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:b57adda5e21a2a4a7bd301d27a301c5f8faf9bbfefcaf33a4b25be7508f243f8_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:b57adda5e21a2a4a7bd301d27a301c5f8faf9bbfefcaf33a4b25be7508f243f8_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:b57adda5e21a2a4a7bd301d27a301c5f8faf9bbfefcaf33a4b25be7508f243f8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:b57adda5e21a2a4a7bd301d27a301c5f8faf9bbfefcaf33a4b25be7508f243f8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.9.2-2"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:5c9950c9bf0fa1ca260d57eac882ad6123d45b305aafe5bc6d8bef15f2ef2eb9_s390x",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:5c9950c9bf0fa1ca260d57eac882ad6123d45b305aafe5bc6d8bef15f2ef2eb9_s390x",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:5c9950c9bf0fa1ca260d57eac882ad6123d45b305aafe5bc6d8bef15f2ef2eb9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:5c9950c9bf0fa1ca260d57eac882ad6123d45b305aafe5bc6d8bef15f2ef2eb9?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.9.2-2"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:7fcc5fb4733d4d733b47fc24dd92f902ce9f54ee5bbc42ce6e2376b9a8eb7e81_s390x",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:7fcc5fb4733d4d733b47fc24dd92f902ce9f54ee5bbc42ce6e2376b9a8eb7e81_s390x",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:7fcc5fb4733d4d733b47fc24dd92f902ce9f54ee5bbc42ce6e2376b9a8eb7e81_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:7fcc5fb4733d4d733b47fc24dd92f902ce9f54ee5bbc42ce6e2376b9a8eb7e81?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.9.2-2"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/must-gather-rhel8@sha256:67b6c9b9ae88c126653b774276ae66ced91ff84cb7809c3b2af57b00f5ae32e4_s390x",
"product": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:67b6c9b9ae88c126653b774276ae66ced91ff84cb7809c3b2af57b00f5ae32e4_s390x",
"product_id": "openshift-gitops-1/must-gather-rhel8@sha256:67b6c9b9ae88c126653b774276ae66ced91ff84cb7809c3b2af57b00f5ae32e4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256:67b6c9b9ae88c126653b774276ae66ced91ff84cb7809c3b2af57b00f5ae32e4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.9.2-2"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:5c4fbf250c9af004dbc57b71a208635798f7c95e0a099d7560c0efd95d007c0e_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:5c4fbf250c9af004dbc57b71a208635798f7c95e0a099d7560c0efd95d007c0e_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:5c4fbf250c9af004dbc57b71a208635798f7c95e0a099d7560c0efd95d007c0e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:5c4fbf250c9af004dbc57b71a208635798f7c95e0a099d7560c0efd95d007c0e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.9.2-2"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:2730303d0766822aebbec417ffbfb71abf072026a42a2c358c28227c7c7fa3ba_ppc64le",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:2730303d0766822aebbec417ffbfb71abf072026a42a2c358c28227c7c7fa3ba_ppc64le",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:2730303d0766822aebbec417ffbfb71abf072026a42a2c358c28227c7c7fa3ba_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:2730303d0766822aebbec417ffbfb71abf072026a42a2c358c28227c7c7fa3ba?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.9.2-2"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:5c2dda1779ea4cb1d038dfc66d8479dfe950ac431fb4b34491b49aaa9e932727_ppc64le",
"product": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:5c2dda1779ea4cb1d038dfc66d8479dfe950ac431fb4b34491b49aaa9e932727_ppc64le",
"product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:5c2dda1779ea4cb1d038dfc66d8479dfe950ac431fb4b34491b49aaa9e932727_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256:5c2dda1779ea4cb1d038dfc66d8479dfe950ac431fb4b34491b49aaa9e932727?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.9.2-2"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:599bb3b2d0cce5913aae5415805a721f2ab4f3597b7cda64e1c7ace211f72dac_ppc64le",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:599bb3b2d0cce5913aae5415805a721f2ab4f3597b7cda64e1c7ace211f72dac_ppc64le",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:599bb3b2d0cce5913aae5415805a721f2ab4f3597b7cda64e1c7ace211f72dac_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:599bb3b2d0cce5913aae5415805a721f2ab4f3597b7cda64e1c7ace211f72dac?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.9.2-2"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:71106ba3b6d72314a7a0d49a2c74dd4fdb30f126f995f6d1254d28a868a16149_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:71106ba3b6d72314a7a0d49a2c74dd4fdb30f126f995f6d1254d28a868a16149_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:71106ba3b6d72314a7a0d49a2c74dd4fdb30f126f995f6d1254d28a868a16149_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:71106ba3b6d72314a7a0d49a2c74dd4fdb30f126f995f6d1254d28a868a16149?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.9.2-2"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:c86a4edc82ab73512e10304f8d4bf9339992e8ce253afdb8fffe476cb192ca3a_ppc64le",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:c86a4edc82ab73512e10304f8d4bf9339992e8ce253afdb8fffe476cb192ca3a_ppc64le",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:c86a4edc82ab73512e10304f8d4bf9339992e8ce253afdb8fffe476cb192ca3a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:c86a4edc82ab73512e10304f8d4bf9339992e8ce253afdb8fffe476cb192ca3a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.9.2-2"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:0b24e4ddc8a54dcfcf72312cc63b372307eece7bf06031f2d03b5dcbe208f16b_ppc64le",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:0b24e4ddc8a54dcfcf72312cc63b372307eece7bf06031f2d03b5dcbe208f16b_ppc64le",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:0b24e4ddc8a54dcfcf72312cc63b372307eece7bf06031f2d03b5dcbe208f16b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:0b24e4ddc8a54dcfcf72312cc63b372307eece7bf06031f2d03b5dcbe208f16b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.9.2-2"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/must-gather-rhel8@sha256:7c63f56044f12403ac6aab8e7813409415e62858258bd2164982a391afd45deb_ppc64le",
"product": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:7c63f56044f12403ac6aab8e7813409415e62858258bd2164982a391afd45deb_ppc64le",
"product_id": "openshift-gitops-1/must-gather-rhel8@sha256:7c63f56044f12403ac6aab8e7813409415e62858258bd2164982a391afd45deb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256:7c63f56044f12403ac6aab8e7813409415e62858258bd2164982a391afd45deb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.9.2-2"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:ef894220b2c60a8077e434cd2561dbab365814139c71317c0be6585a30856da8_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:ef894220b2c60a8077e434cd2561dbab365814139c71317c0be6585a30856da8_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:ef894220b2c60a8077e434cd2561dbab365814139c71317c0be6585a30856da8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:ef894220b2c60a8077e434cd2561dbab365814139c71317c0be6585a30856da8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.9.2-2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:5c2dda1779ea4cb1d038dfc66d8479dfe950ac431fb4b34491b49aaa9e932727_ppc64le as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:5c2dda1779ea4cb1d038dfc66d8479dfe950ac431fb4b34491b49aaa9e932727_ppc64le"
},
"product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:5c2dda1779ea4cb1d038dfc66d8479dfe950ac431fb4b34491b49aaa9e932727_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:7048e08a52ebcbf6ee3e2c70c6b12b92a044899e976a98ccf398931c01a48333_amd64 as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:7048e08a52ebcbf6ee3e2c70c6b12b92a044899e976a98ccf398931c01a48333_amd64"
},
"product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:7048e08a52ebcbf6ee3e2c70c6b12b92a044899e976a98ccf398931c01a48333_amd64",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:747f8e0c69886810a16418f88d4b6796f50566ac02680b4f3d9136c03b38b41f_s390x as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:747f8e0c69886810a16418f88d4b6796f50566ac02680b4f3d9136c03b38b41f_s390x"
},
"product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:747f8e0c69886810a16418f88d4b6796f50566ac02680b4f3d9136c03b38b41f_s390x",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:d29dcb4565dfa3750254ac943059452c7f9e8f6c6ff7ca1ea19ac8e51bd10b1b_arm64 as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:d29dcb4565dfa3750254ac943059452c7f9e8f6c6ff7ca1ea19ac8e51bd10b1b_arm64"
},
"product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:d29dcb4565dfa3750254ac943059452c7f9e8f6c6ff7ca1ea19ac8e51bd10b1b_arm64",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:03d223c3928b2284d2ab6870652a8a34bb56e05f52388f0f90174da05f670535_arm64 as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:03d223c3928b2284d2ab6870652a8a34bb56e05f52388f0f90174da05f670535_arm64"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:03d223c3928b2284d2ab6870652a8a34bb56e05f52388f0f90174da05f670535_arm64",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:2730303d0766822aebbec417ffbfb71abf072026a42a2c358c28227c7c7fa3ba_ppc64le as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:2730303d0766822aebbec417ffbfb71abf072026a42a2c358c28227c7c7fa3ba_ppc64le"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:2730303d0766822aebbec417ffbfb71abf072026a42a2c358c28227c7c7fa3ba_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:29921e02d3d3620ac789825260158e85b501faebfec67276308e4440f2c40ccc_s390x as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:29921e02d3d3620ac789825260158e85b501faebfec67276308e4440f2c40ccc_s390x"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:29921e02d3d3620ac789825260158e85b501faebfec67276308e4440f2c40ccc_s390x",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:f0054516df984bda47e005a2aaa5e7256c3039429aa5aa37c1a4b0f6f7942519_amd64 as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:f0054516df984bda47e005a2aaa5e7256c3039429aa5aa37c1a4b0f6f7942519_amd64"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:f0054516df984bda47e005a2aaa5e7256c3039429aa5aa37c1a4b0f6f7942519_amd64",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:599bb3b2d0cce5913aae5415805a721f2ab4f3597b7cda64e1c7ace211f72dac_ppc64le as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:599bb3b2d0cce5913aae5415805a721f2ab4f3597b7cda64e1c7ace211f72dac_ppc64le"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:599bb3b2d0cce5913aae5415805a721f2ab4f3597b7cda64e1c7ace211f72dac_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:6c0e00705e55f098a6927b93af39bc9e645eb989b58957eab6b0c6560c3f9952_arm64 as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:6c0e00705e55f098a6927b93af39bc9e645eb989b58957eab6b0c6560c3f9952_arm64"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:6c0e00705e55f098a6927b93af39bc9e645eb989b58957eab6b0c6560c3f9952_arm64",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:7a0128152d1f40c8a9b908ca40518cbee671755b0749eb602bfaec51223ac4d3_amd64 as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:7a0128152d1f40c8a9b908ca40518cbee671755b0749eb602bfaec51223ac4d3_amd64"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:7a0128152d1f40c8a9b908ca40518cbee671755b0749eb602bfaec51223ac4d3_amd64",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:9ca8dacee46cb72f5ae2936ee737875c35f3feb4e405a4fac4513038867496ae_s390x as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:9ca8dacee46cb72f5ae2936ee737875c35f3feb4e405a4fac4513038867496ae_s390x"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:9ca8dacee46cb72f5ae2936ee737875c35f3feb4e405a4fac4513038867496ae_s390x",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:5c9950c9bf0fa1ca260d57eac882ad6123d45b305aafe5bc6d8bef15f2ef2eb9_s390x as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:5c9950c9bf0fa1ca260d57eac882ad6123d45b305aafe5bc6d8bef15f2ef2eb9_s390x"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:5c9950c9bf0fa1ca260d57eac882ad6123d45b305aafe5bc6d8bef15f2ef2eb9_s390x",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:c413aa3194057340397bf9800d8460f5907f744e992cd2c77a5749e1afd76b79_amd64 as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:c413aa3194057340397bf9800d8460f5907f744e992cd2c77a5749e1afd76b79_amd64"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:c413aa3194057340397bf9800d8460f5907f744e992cd2c77a5749e1afd76b79_amd64",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:c86a4edc82ab73512e10304f8d4bf9339992e8ce253afdb8fffe476cb192ca3a_ppc64le as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:c86a4edc82ab73512e10304f8d4bf9339992e8ce253afdb8fffe476cb192ca3a_ppc64le"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:c86a4edc82ab73512e10304f8d4bf9339992e8ce253afdb8fffe476cb192ca3a_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:ea441e824727aaaf3603d111bb8041a6062832ba99f341eba6af46f206e14f21_arm64 as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:ea441e824727aaaf3603d111bb8041a6062832ba99f341eba6af46f206e14f21_arm64"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:ea441e824727aaaf3603d111bb8041a6062832ba99f341eba6af46f206e14f21_arm64",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:2201eec03ba3e0b01a5e2352d9a158c8d4e10063b699c1239c7a9eedc717dfa8_amd64 as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-1/gitops-operator-bundle@sha256:2201eec03ba3e0b01a5e2352d9a158c8d4e10063b699c1239c7a9eedc717dfa8_amd64"
},
"product_reference": "openshift-gitops-1/gitops-operator-bundle@sha256:2201eec03ba3e0b01a5e2352d9a158c8d4e10063b699c1239c7a9eedc717dfa8_amd64",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:5c4fbf250c9af004dbc57b71a208635798f7c95e0a099d7560c0efd95d007c0e_s390x as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:5c4fbf250c9af004dbc57b71a208635798f7c95e0a099d7560c0efd95d007c0e_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:5c4fbf250c9af004dbc57b71a208635798f7c95e0a099d7560c0efd95d007c0e_s390x",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:8704816375bd42dc5d9dc442694e511cb7307fce42090c5a335a320951f65f92_arm64 as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:8704816375bd42dc5d9dc442694e511cb7307fce42090c5a335a320951f65f92_arm64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:8704816375bd42dc5d9dc442694e511cb7307fce42090c5a335a320951f65f92_arm64",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:e1ac5234661969b0d0ec93b1d029a9b9d3e7f6f9d89ecf0334db98f1a2b251f2_amd64 as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:e1ac5234661969b0d0ec93b1d029a9b9d3e7f6f9d89ecf0334db98f1a2b251f2_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:e1ac5234661969b0d0ec93b1d029a9b9d3e7f6f9d89ecf0334db98f1a2b251f2_amd64",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:ef894220b2c60a8077e434cd2561dbab365814139c71317c0be6585a30856da8_ppc64le as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:ef894220b2c60a8077e434cd2561dbab365814139c71317c0be6585a30856da8_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:ef894220b2c60a8077e434cd2561dbab365814139c71317c0be6585a30856da8_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:71106ba3b6d72314a7a0d49a2c74dd4fdb30f126f995f6d1254d28a868a16149_ppc64le as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:71106ba3b6d72314a7a0d49a2c74dd4fdb30f126f995f6d1254d28a868a16149_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:71106ba3b6d72314a7a0d49a2c74dd4fdb30f126f995f6d1254d28a868a16149_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:97b6649067c47e120f8b38bec0c34904d941d408d12fda8350a09650fbb229a2_amd64 as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:97b6649067c47e120f8b38bec0c34904d941d408d12fda8350a09650fbb229a2_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:97b6649067c47e120f8b38bec0c34904d941d408d12fda8350a09650fbb229a2_amd64",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:b57adda5e21a2a4a7bd301d27a301c5f8faf9bbfefcaf33a4b25be7508f243f8_s390x as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:b57adda5e21a2a4a7bd301d27a301c5f8faf9bbfefcaf33a4b25be7508f243f8_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:b57adda5e21a2a4a7bd301d27a301c5f8faf9bbfefcaf33a4b25be7508f243f8_s390x",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:fcd40768542ab495c16147d412a36759ee55a9bec58a90224f27e89ca3772178_arm64 as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:fcd40768542ab495c16147d412a36759ee55a9bec58a90224f27e89ca3772178_arm64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:fcd40768542ab495c16147d412a36759ee55a9bec58a90224f27e89ca3772178_arm64",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:0b24e4ddc8a54dcfcf72312cc63b372307eece7bf06031f2d03b5dcbe208f16b_ppc64le as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:0b24e4ddc8a54dcfcf72312cc63b372307eece7bf06031f2d03b5dcbe208f16b_ppc64le"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:0b24e4ddc8a54dcfcf72312cc63b372307eece7bf06031f2d03b5dcbe208f16b_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:3bf8384e62a5540ea4bcd8d86170647ea6c5a84f090d56ca38037a41d5494c6c_amd64 as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:3bf8384e62a5540ea4bcd8d86170647ea6c5a84f090d56ca38037a41d5494c6c_amd64"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:3bf8384e62a5540ea4bcd8d86170647ea6c5a84f090d56ca38037a41d5494c6c_amd64",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:7fcc5fb4733d4d733b47fc24dd92f902ce9f54ee5bbc42ce6e2376b9a8eb7e81_s390x as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:7fcc5fb4733d4d733b47fc24dd92f902ce9f54ee5bbc42ce6e2376b9a8eb7e81_s390x"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:7fcc5fb4733d4d733b47fc24dd92f902ce9f54ee5bbc42ce6e2376b9a8eb7e81_s390x",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:86877c978adc1f22d87199fd23ea6f5fa05412badad3b3d3cbc74ba63a9a8721_arm64 as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:86877c978adc1f22d87199fd23ea6f5fa05412badad3b3d3cbc74ba63a9a8721_arm64"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:86877c978adc1f22d87199fd23ea6f5fa05412badad3b3d3cbc74ba63a9a8721_arm64",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:67b6c9b9ae88c126653b774276ae66ced91ff84cb7809c3b2af57b00f5ae32e4_s390x as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:67b6c9b9ae88c126653b774276ae66ced91ff84cb7809c3b2af57b00f5ae32e4_s390x"
},
"product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:67b6c9b9ae88c126653b774276ae66ced91ff84cb7809c3b2af57b00f5ae32e4_s390x",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:7c63f56044f12403ac6aab8e7813409415e62858258bd2164982a391afd45deb_ppc64le as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:7c63f56044f12403ac6aab8e7813409415e62858258bd2164982a391afd45deb_ppc64le"
},
"product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:7c63f56044f12403ac6aab8e7813409415e62858258bd2164982a391afd45deb_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:e6375ddb6b79f665f7c76a785d1e66dbc77d6cf72799d8f64cc71a1881c699b2_arm64 as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:e6375ddb6b79f665f7c76a785d1e66dbc77d6cf72799d8f64cc71a1881c699b2_arm64"
},
"product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:e6375ddb6b79f665f7c76a785d1e66dbc77d6cf72799d8f64cc71a1881c699b2_arm64",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:f55e668c4fd9beb02af82d79e107aa39d4e849a3ecdf20eedaa8bb81bea8062b_amd64 as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:f55e668c4fd9beb02af82d79e107aa39d4e849a3ecdf20eedaa8bb81bea8062b_amd64"
},
"product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:f55e668c4fd9beb02af82d79e107aa39d4e849a3ecdf20eedaa8bb81bea8062b_amd64",
"relates_to_product_reference": "8Base-GitOps-1.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-40029",
"discovery_date": "2023-08-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:5c2dda1779ea4cb1d038dfc66d8479dfe950ac431fb4b34491b49aaa9e932727_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:7048e08a52ebcbf6ee3e2c70c6b12b92a044899e976a98ccf398931c01a48333_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:747f8e0c69886810a16418f88d4b6796f50566ac02680b4f3d9136c03b38b41f_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:d29dcb4565dfa3750254ac943059452c7f9e8f6c6ff7ca1ea19ac8e51bd10b1b_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:599bb3b2d0cce5913aae5415805a721f2ab4f3597b7cda64e1c7ace211f72dac_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:6c0e00705e55f098a6927b93af39bc9e645eb989b58957eab6b0c6560c3f9952_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:7a0128152d1f40c8a9b908ca40518cbee671755b0749eb602bfaec51223ac4d3_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:9ca8dacee46cb72f5ae2936ee737875c35f3feb4e405a4fac4513038867496ae_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:5c9950c9bf0fa1ca260d57eac882ad6123d45b305aafe5bc6d8bef15f2ef2eb9_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:c413aa3194057340397bf9800d8460f5907f744e992cd2c77a5749e1afd76b79_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:c86a4edc82ab73512e10304f8d4bf9339992e8ce253afdb8fffe476cb192ca3a_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:ea441e824727aaaf3603d111bb8041a6062832ba99f341eba6af46f206e14f21_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-operator-bundle@sha256:2201eec03ba3e0b01a5e2352d9a158c8d4e10063b699c1239c7a9eedc717dfa8_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:5c4fbf250c9af004dbc57b71a208635798f7c95e0a099d7560c0efd95d007c0e_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:8704816375bd42dc5d9dc442694e511cb7307fce42090c5a335a320951f65f92_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:e1ac5234661969b0d0ec93b1d029a9b9d3e7f6f9d89ecf0334db98f1a2b251f2_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:ef894220b2c60a8077e434cd2561dbab365814139c71317c0be6585a30856da8_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:71106ba3b6d72314a7a0d49a2c74dd4fdb30f126f995f6d1254d28a868a16149_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:97b6649067c47e120f8b38bec0c34904d941d408d12fda8350a09650fbb229a2_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:b57adda5e21a2a4a7bd301d27a301c5f8faf9bbfefcaf33a4b25be7508f243f8_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:fcd40768542ab495c16147d412a36759ee55a9bec58a90224f27e89ca3772178_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:0b24e4ddc8a54dcfcf72312cc63b372307eece7bf06031f2d03b5dcbe208f16b_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:3bf8384e62a5540ea4bcd8d86170647ea6c5a84f090d56ca38037a41d5494c6c_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:7fcc5fb4733d4d733b47fc24dd92f902ce9f54ee5bbc42ce6e2376b9a8eb7e81_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:86877c978adc1f22d87199fd23ea6f5fa05412badad3b3d3cbc74ba63a9a8721_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:67b6c9b9ae88c126653b774276ae66ced91ff84cb7809c3b2af57b00f5ae32e4_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:7c63f56044f12403ac6aab8e7813409415e62858258bd2164982a391afd45deb_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:e6375ddb6b79f665f7c76a785d1e66dbc77d6cf72799d8f64cc71a1881c699b2_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:f55e668c4fd9beb02af82d79e107aa39d4e849a3ecdf20eedaa8bb81bea8062b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2233203"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the ArgoCD package, used by Red Hat GitOps, that allows cluster secrets to be managed declaratively using the `kubectl apply` functionality, resulting in the full secret body being stored in `kubectl.kubernetes.io/last-applied-configuration` annotation. Since ArgoCD has included the ability to manage cluster labels and annotations via its API, an attacker can retrieve sensitive authentication information by leveraging this capability, imposing a high impact on data confidentiality and integrity for the targeted ArgoCD cluster. To perform a successful attack, the malicious actor should have `clusters, get` RBAC access granted to its user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ArgoCD: secrets can be leak through kubectl.kubernetes.io/last-applied-configuration",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:03d223c3928b2284d2ab6870652a8a34bb56e05f52388f0f90174da05f670535_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:2730303d0766822aebbec417ffbfb71abf072026a42a2c358c28227c7c7fa3ba_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:29921e02d3d3620ac789825260158e85b501faebfec67276308e4440f2c40ccc_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:f0054516df984bda47e005a2aaa5e7256c3039429aa5aa37c1a4b0f6f7942519_amd64"
],
"known_not_affected": [
"8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:5c2dda1779ea4cb1d038dfc66d8479dfe950ac431fb4b34491b49aaa9e932727_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:7048e08a52ebcbf6ee3e2c70c6b12b92a044899e976a98ccf398931c01a48333_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:747f8e0c69886810a16418f88d4b6796f50566ac02680b4f3d9136c03b38b41f_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:d29dcb4565dfa3750254ac943059452c7f9e8f6c6ff7ca1ea19ac8e51bd10b1b_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:599bb3b2d0cce5913aae5415805a721f2ab4f3597b7cda64e1c7ace211f72dac_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:6c0e00705e55f098a6927b93af39bc9e645eb989b58957eab6b0c6560c3f9952_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:7a0128152d1f40c8a9b908ca40518cbee671755b0749eb602bfaec51223ac4d3_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:9ca8dacee46cb72f5ae2936ee737875c35f3feb4e405a4fac4513038867496ae_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:5c9950c9bf0fa1ca260d57eac882ad6123d45b305aafe5bc6d8bef15f2ef2eb9_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:c413aa3194057340397bf9800d8460f5907f744e992cd2c77a5749e1afd76b79_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:c86a4edc82ab73512e10304f8d4bf9339992e8ce253afdb8fffe476cb192ca3a_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:ea441e824727aaaf3603d111bb8041a6062832ba99f341eba6af46f206e14f21_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-operator-bundle@sha256:2201eec03ba3e0b01a5e2352d9a158c8d4e10063b699c1239c7a9eedc717dfa8_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:5c4fbf250c9af004dbc57b71a208635798f7c95e0a099d7560c0efd95d007c0e_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:8704816375bd42dc5d9dc442694e511cb7307fce42090c5a335a320951f65f92_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:e1ac5234661969b0d0ec93b1d029a9b9d3e7f6f9d89ecf0334db98f1a2b251f2_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:ef894220b2c60a8077e434cd2561dbab365814139c71317c0be6585a30856da8_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:71106ba3b6d72314a7a0d49a2c74dd4fdb30f126f995f6d1254d28a868a16149_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:97b6649067c47e120f8b38bec0c34904d941d408d12fda8350a09650fbb229a2_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:b57adda5e21a2a4a7bd301d27a301c5f8faf9bbfefcaf33a4b25be7508f243f8_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:fcd40768542ab495c16147d412a36759ee55a9bec58a90224f27e89ca3772178_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:0b24e4ddc8a54dcfcf72312cc63b372307eece7bf06031f2d03b5dcbe208f16b_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:3bf8384e62a5540ea4bcd8d86170647ea6c5a84f090d56ca38037a41d5494c6c_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:7fcc5fb4733d4d733b47fc24dd92f902ce9f54ee5bbc42ce6e2376b9a8eb7e81_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:86877c978adc1f22d87199fd23ea6f5fa05412badad3b3d3cbc74ba63a9a8721_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:67b6c9b9ae88c126653b774276ae66ced91ff84cb7809c3b2af57b00f5ae32e4_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:7c63f56044f12403ac6aab8e7813409415e62858258bd2164982a391afd45deb_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:e6375ddb6b79f665f7c76a785d1e66dbc77d6cf72799d8f64cc71a1881c699b2_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:f55e668c4fd9beb02af82d79e107aa39d4e849a3ecdf20eedaa8bb81bea8062b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40029"
},
{
"category": "external",
"summary": "RHBZ#2233203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233203"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40029",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40029"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40029",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40029"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-fwr2-64vr-xv9m",
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-fwr2-64vr-xv9m"
}
],
"release_date": "2023-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-08T13:00:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:03d223c3928b2284d2ab6870652a8a34bb56e05f52388f0f90174da05f670535_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:2730303d0766822aebbec417ffbfb71abf072026a42a2c358c28227c7c7fa3ba_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:29921e02d3d3620ac789825260158e85b501faebfec67276308e4440f2c40ccc_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:f0054516df984bda47e005a2aaa5e7256c3039429aa5aa37c1a4b0f6f7942519_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5029"
},
{
"category": "workaround",
"details": "Update/deploy the cluster secret with the`server-side-apply` flag, which does not use or rely on the `kubectl.kubernetes.io/last-applied-configuration` \u003chttp://kubectl.kubernetes.io/last-applied-configuration\u003e annotation.\n\nNote: Annotation for existing secrets will require manual removal.",
"product_ids": [
"8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:5c2dda1779ea4cb1d038dfc66d8479dfe950ac431fb4b34491b49aaa9e932727_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:7048e08a52ebcbf6ee3e2c70c6b12b92a044899e976a98ccf398931c01a48333_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:747f8e0c69886810a16418f88d4b6796f50566ac02680b4f3d9136c03b38b41f_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:d29dcb4565dfa3750254ac943059452c7f9e8f6c6ff7ca1ea19ac8e51bd10b1b_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:03d223c3928b2284d2ab6870652a8a34bb56e05f52388f0f90174da05f670535_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:2730303d0766822aebbec417ffbfb71abf072026a42a2c358c28227c7c7fa3ba_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:29921e02d3d3620ac789825260158e85b501faebfec67276308e4440f2c40ccc_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:f0054516df984bda47e005a2aaa5e7256c3039429aa5aa37c1a4b0f6f7942519_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:599bb3b2d0cce5913aae5415805a721f2ab4f3597b7cda64e1c7ace211f72dac_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:6c0e00705e55f098a6927b93af39bc9e645eb989b58957eab6b0c6560c3f9952_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:7a0128152d1f40c8a9b908ca40518cbee671755b0749eb602bfaec51223ac4d3_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:9ca8dacee46cb72f5ae2936ee737875c35f3feb4e405a4fac4513038867496ae_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:5c9950c9bf0fa1ca260d57eac882ad6123d45b305aafe5bc6d8bef15f2ef2eb9_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:c413aa3194057340397bf9800d8460f5907f744e992cd2c77a5749e1afd76b79_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:c86a4edc82ab73512e10304f8d4bf9339992e8ce253afdb8fffe476cb192ca3a_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:ea441e824727aaaf3603d111bb8041a6062832ba99f341eba6af46f206e14f21_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-operator-bundle@sha256:2201eec03ba3e0b01a5e2352d9a158c8d4e10063b699c1239c7a9eedc717dfa8_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:5c4fbf250c9af004dbc57b71a208635798f7c95e0a099d7560c0efd95d007c0e_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:8704816375bd42dc5d9dc442694e511cb7307fce42090c5a335a320951f65f92_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:e1ac5234661969b0d0ec93b1d029a9b9d3e7f6f9d89ecf0334db98f1a2b251f2_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:ef894220b2c60a8077e434cd2561dbab365814139c71317c0be6585a30856da8_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:71106ba3b6d72314a7a0d49a2c74dd4fdb30f126f995f6d1254d28a868a16149_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:97b6649067c47e120f8b38bec0c34904d941d408d12fda8350a09650fbb229a2_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:b57adda5e21a2a4a7bd301d27a301c5f8faf9bbfefcaf33a4b25be7508f243f8_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:fcd40768542ab495c16147d412a36759ee55a9bec58a90224f27e89ca3772178_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:0b24e4ddc8a54dcfcf72312cc63b372307eece7bf06031f2d03b5dcbe208f16b_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:3bf8384e62a5540ea4bcd8d86170647ea6c5a84f090d56ca38037a41d5494c6c_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:7fcc5fb4733d4d733b47fc24dd92f902ce9f54ee5bbc42ce6e2376b9a8eb7e81_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:86877c978adc1f22d87199fd23ea6f5fa05412badad3b3d3cbc74ba63a9a8721_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:67b6c9b9ae88c126653b774276ae66ced91ff84cb7809c3b2af57b00f5ae32e4_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:7c63f56044f12403ac6aab8e7813409415e62858258bd2164982a391afd45deb_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:e6375ddb6b79f665f7c76a785d1e66dbc77d6cf72799d8f64cc71a1881c699b2_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:f55e668c4fd9beb02af82d79e107aa39d4e849a3ecdf20eedaa8bb81bea8062b_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:03d223c3928b2284d2ab6870652a8a34bb56e05f52388f0f90174da05f670535_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:2730303d0766822aebbec417ffbfb71abf072026a42a2c358c28227c7c7fa3ba_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:29921e02d3d3620ac789825260158e85b501faebfec67276308e4440f2c40ccc_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:f0054516df984bda47e005a2aaa5e7256c3039429aa5aa37c1a4b0f6f7942519_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "ArgoCD: secrets can be leak through kubectl.kubernetes.io/last-applied-configuration"
},
{
"cve": "CVE-2023-40584",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-08-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:5c2dda1779ea4cb1d038dfc66d8479dfe950ac431fb4b34491b49aaa9e932727_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:7048e08a52ebcbf6ee3e2c70c6b12b92a044899e976a98ccf398931c01a48333_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:747f8e0c69886810a16418f88d4b6796f50566ac02680b4f3d9136c03b38b41f_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:d29dcb4565dfa3750254ac943059452c7f9e8f6c6ff7ca1ea19ac8e51bd10b1b_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:599bb3b2d0cce5913aae5415805a721f2ab4f3597b7cda64e1c7ace211f72dac_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:6c0e00705e55f098a6927b93af39bc9e645eb989b58957eab6b0c6560c3f9952_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:7a0128152d1f40c8a9b908ca40518cbee671755b0749eb602bfaec51223ac4d3_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:9ca8dacee46cb72f5ae2936ee737875c35f3feb4e405a4fac4513038867496ae_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:5c9950c9bf0fa1ca260d57eac882ad6123d45b305aafe5bc6d8bef15f2ef2eb9_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:c413aa3194057340397bf9800d8460f5907f744e992cd2c77a5749e1afd76b79_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:c86a4edc82ab73512e10304f8d4bf9339992e8ce253afdb8fffe476cb192ca3a_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:ea441e824727aaaf3603d111bb8041a6062832ba99f341eba6af46f206e14f21_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-operator-bundle@sha256:2201eec03ba3e0b01a5e2352d9a158c8d4e10063b699c1239c7a9eedc717dfa8_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:5c4fbf250c9af004dbc57b71a208635798f7c95e0a099d7560c0efd95d007c0e_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:8704816375bd42dc5d9dc442694e511cb7307fce42090c5a335a320951f65f92_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:e1ac5234661969b0d0ec93b1d029a9b9d3e7f6f9d89ecf0334db98f1a2b251f2_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:ef894220b2c60a8077e434cd2561dbab365814139c71317c0be6585a30856da8_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:71106ba3b6d72314a7a0d49a2c74dd4fdb30f126f995f6d1254d28a868a16149_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:97b6649067c47e120f8b38bec0c34904d941d408d12fda8350a09650fbb229a2_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:b57adda5e21a2a4a7bd301d27a301c5f8faf9bbfefcaf33a4b25be7508f243f8_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:fcd40768542ab495c16147d412a36759ee55a9bec58a90224f27e89ca3772178_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:0b24e4ddc8a54dcfcf72312cc63b372307eece7bf06031f2d03b5dcbe208f16b_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:3bf8384e62a5540ea4bcd8d86170647ea6c5a84f090d56ca38037a41d5494c6c_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:7fcc5fb4733d4d733b47fc24dd92f902ce9f54ee5bbc42ce6e2376b9a8eb7e81_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:86877c978adc1f22d87199fd23ea6f5fa05412badad3b3d3cbc74ba63a9a8721_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:67b6c9b9ae88c126653b774276ae66ced91ff84cb7809c3b2af57b00f5ae32e4_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:7c63f56044f12403ac6aab8e7813409415e62858258bd2164982a391afd45deb_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:e6375ddb6b79f665f7c76a785d1e66dbc77d6cf72799d8f64cc71a1881c699b2_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:f55e668c4fd9beb02af82d79e107aa39d4e849a3ecdf20eedaa8bb81bea8062b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236530"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ArgoCD, where it failed to properly validate the user-controlled tar.gz file uploaded to the repo-server component. As a result, a maliciously crafted tar.gz file sent by a low-privileged user may result in resource starvation and further denial of service of the ArgoCD server. Additionally, the lack of permissions checking for the inner files in the tar.gz file may lead to an attacker creating files that cannot be further deleted from the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ArgoCD: Denial of Service to Argo CD repo-server",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:03d223c3928b2284d2ab6870652a8a34bb56e05f52388f0f90174da05f670535_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:2730303d0766822aebbec417ffbfb71abf072026a42a2c358c28227c7c7fa3ba_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:29921e02d3d3620ac789825260158e85b501faebfec67276308e4440f2c40ccc_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:f0054516df984bda47e005a2aaa5e7256c3039429aa5aa37c1a4b0f6f7942519_amd64"
],
"known_not_affected": [
"8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:5c2dda1779ea4cb1d038dfc66d8479dfe950ac431fb4b34491b49aaa9e932727_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:7048e08a52ebcbf6ee3e2c70c6b12b92a044899e976a98ccf398931c01a48333_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:747f8e0c69886810a16418f88d4b6796f50566ac02680b4f3d9136c03b38b41f_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:d29dcb4565dfa3750254ac943059452c7f9e8f6c6ff7ca1ea19ac8e51bd10b1b_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:599bb3b2d0cce5913aae5415805a721f2ab4f3597b7cda64e1c7ace211f72dac_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:6c0e00705e55f098a6927b93af39bc9e645eb989b58957eab6b0c6560c3f9952_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:7a0128152d1f40c8a9b908ca40518cbee671755b0749eb602bfaec51223ac4d3_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:9ca8dacee46cb72f5ae2936ee737875c35f3feb4e405a4fac4513038867496ae_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:5c9950c9bf0fa1ca260d57eac882ad6123d45b305aafe5bc6d8bef15f2ef2eb9_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:c413aa3194057340397bf9800d8460f5907f744e992cd2c77a5749e1afd76b79_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:c86a4edc82ab73512e10304f8d4bf9339992e8ce253afdb8fffe476cb192ca3a_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:ea441e824727aaaf3603d111bb8041a6062832ba99f341eba6af46f206e14f21_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-operator-bundle@sha256:2201eec03ba3e0b01a5e2352d9a158c8d4e10063b699c1239c7a9eedc717dfa8_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:5c4fbf250c9af004dbc57b71a208635798f7c95e0a099d7560c0efd95d007c0e_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:8704816375bd42dc5d9dc442694e511cb7307fce42090c5a335a320951f65f92_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:e1ac5234661969b0d0ec93b1d029a9b9d3e7f6f9d89ecf0334db98f1a2b251f2_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:ef894220b2c60a8077e434cd2561dbab365814139c71317c0be6585a30856da8_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:71106ba3b6d72314a7a0d49a2c74dd4fdb30f126f995f6d1254d28a868a16149_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:97b6649067c47e120f8b38bec0c34904d941d408d12fda8350a09650fbb229a2_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:b57adda5e21a2a4a7bd301d27a301c5f8faf9bbfefcaf33a4b25be7508f243f8_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:fcd40768542ab495c16147d412a36759ee55a9bec58a90224f27e89ca3772178_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:0b24e4ddc8a54dcfcf72312cc63b372307eece7bf06031f2d03b5dcbe208f16b_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:3bf8384e62a5540ea4bcd8d86170647ea6c5a84f090d56ca38037a41d5494c6c_amd64",
"8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:7fcc5fb4733d4d733b47fc24dd92f902ce9f54ee5bbc42ce6e2376b9a8eb7e81_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:86877c978adc1f22d87199fd23ea6f5fa05412badad3b3d3cbc74ba63a9a8721_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:67b6c9b9ae88c126653b774276ae66ced91ff84cb7809c3b2af57b00f5ae32e4_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:7c63f56044f12403ac6aab8e7813409415e62858258bd2164982a391afd45deb_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:e6375ddb6b79f665f7c76a785d1e66dbc77d6cf72799d8f64cc71a1881c699b2_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:f55e668c4fd9beb02af82d79e107aa39d4e849a3ecdf20eedaa8bb81bea8062b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40584"
},
{
"category": "external",
"summary": "RHBZ#2236530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236530"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40584",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40584"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40584",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40584"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-g687-f2gx-6wm8",
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-g687-f2gx-6wm8"
}
],
"release_date": "2023-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-08T13:00:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:03d223c3928b2284d2ab6870652a8a34bb56e05f52388f0f90174da05f670535_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:2730303d0766822aebbec417ffbfb71abf072026a42a2c358c28227c7c7fa3ba_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:29921e02d3d3620ac789825260158e85b501faebfec67276308e4440f2c40ccc_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:f0054516df984bda47e005a2aaa5e7256c3039429aa5aa37c1a4b0f6f7942519_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5029"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:03d223c3928b2284d2ab6870652a8a34bb56e05f52388f0f90174da05f670535_arm64",
"8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:2730303d0766822aebbec417ffbfb71abf072026a42a2c358c28227c7c7fa3ba_ppc64le",
"8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:29921e02d3d3620ac789825260158e85b501faebfec67276308e4440f2c40ccc_s390x",
"8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:f0054516df984bda47e005a2aaa5e7256c3039429aa5aa37c1a4b0f6f7942519_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ArgoCD: Denial of Service to Argo CD repo-server"
}
]
}
wid-sec-w-2023-2296
Vulnerability from csaf_certbund
Published
2023-09-10 22:00
Modified
2023-09-17 22:00
Summary
Red Hat OpenShift: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2296 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2296.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2296 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2296"
},
{
"category": "external",
"summary": "Red Hat OpenShift GitOps release notes",
"url": "https://docs.openshift.com/container-platform/4.13/cicd/gitops/gitops-release-notes.html#rhsa-2023-5029-gitops-1-9-2-security-update-advisory_gitops-release-notes"
},
{
"category": "external",
"summary": "Red Hat OpenShift GitOps release notes",
"url": "https://docs.openshift.com/container-platform/4.13/cicd/gitops/gitops-release-notes.html#gitops-release-notes-1-8-5_gitops-release-notes"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2023-09-10",
"url": "https://access.redhat.com/errata/RHSA-2023:5030"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2023-09-10",
"url": "https://access.redhat.com/errata/RHSA-2023:5029"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenShift: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-09-17T22:00:00.000+00:00",
"generator": {
"date": "2024-02-15T17:43:24.698+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2023-2296",
"initial_release_date": "2023-09-10T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-09-10T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-09-17T22:00:00.000+00:00",
"number": "2",
"summary": "Pr\u00e4zisierung betroffene Versionen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps \u003c 1.9.2",
"product": {
"name": "Red Hat OpenShift GitOps \u003c 1.9.2",
"product_id": "T029918",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:gitops__1.9.2"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps \u003c 1.8.5",
"product": {
"name": "Red Hat OpenShift GitOps \u003c 1.8.5",
"product_id": "T029919",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:gitops__1.8.5"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-40584",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat OpenShift. Diese ist auf einen Fehler bei der Validierung von tar.gz-Dateien zur\u00fcckzuf\u00fchren. Es ist m\u00f6glich, mithilfe einer malizi\u00f6sen Datei einen erh\u00f6hten Ressourcenverbrauch zu verursachen. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"release_date": "2023-09-10T22:00:00Z",
"title": "CVE-2023-40584"
},
{
"cve": "CVE-2023-40029",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat OpenShift. Diese besteht in der Komponente \"GitOps\" und ist darauf zur\u00fcckzuf\u00fchren, dass Cluster Secrets fehlerhafterweise in \"kubectl.kubernetes.io/last-applied-configuration\" gespeichert werden. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen."
}
],
"release_date": "2023-09-10T22:00:00Z",
"title": "CVE-2023-40029"
}
]
}
ghsa-fwr2-64vr-xv9m
Vulnerability from github
Published
2023-09-11 12:59
Modified
2023-09-11 12:59
Severity ?
Summary
Argo CD cluster secret might leak in cluster details page
Details
Impact
Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored inkubectl.kubernetes.io/last-applied-configuration annotation.
https://github.com/argoproj/argo-cd/pull/7139 introduced the ability to manage cluster labels and annotations. Since clusters are stored as secrets it also exposes the kubectl.kubernetes.io/last-applied-configuration annotation which includes full secret body. In order to view the cluster annotations via the Argo CD API, the user must have clusters, get RBAC access.
Note: In many cases, cluster secrets do not contain any actually-secret information. But sometimes, as in bearer-token auth, the contents might be very sensitive.
Patches
The bug has been patched in the following versions:
- 2.8.3
- 2.7.14
- 2.6.15
Workarounds
Update/Deploy cluster secret with server-side-apply flag which does not use or rely on kubectl.kubernetes.io/last-applied-configuration annotation. Note: annotation for existing secrets will require manual removal.
For more information
- Open an issue in the Argo CD issue tracker or discussions
- Join us on Slack in channel #argo-cd
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/argoproj/argo-cd/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.6.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/argoproj/argo-cd/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/argoproj/argo-cd/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-40029"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2023-09-11T12:59:30Z",
"nvd_published_at": "2023-09-07T23:15:09Z",
"severity": "CRITICAL"
},
"details": "### Impact\n\nArgo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored in`kubectl.kubernetes.io/last-applied-configuration` annotation. \n\nhttps://github.com/argoproj/argo-cd/pull/7139 introduced the ability to manage cluster labels and annotations. Since clusters are stored as secrets it also exposes the `kubectl.kubernetes.io/last-applied-configuration` annotation which includes full secret body. In order to view the cluster annotations via the Argo CD API, the user must have `clusters, get` RBAC access.\n\n**Note:** In many cases, cluster secrets do not contain any actually-secret information. But sometimes, as in bearer-token auth, the contents might be very sensitive.\n\n### Patches\n\nThe bug has been patched in the following versions:\n\n* 2.8.3\n* 2.7.14\n* 2.6.15\n\n### Workarounds\n\nUpdate/Deploy cluster secret with `server-side-apply` flag which does not use or rely on `kubectl.kubernetes.io/last-applied-configuration` annotation. Note: annotation for existing secrets will require manual removal.\n\n### For more information\n\n* Open an issue in [the Argo CD issue tracker](https://github.com/argoproj/argo-cd/issues) or [discussions](https://github.com/argoproj/argo-cd/discussions)\n* Join us on [Slack](https://argoproj.github.io/community/join-slack) in channel #argo-cd",
"id": "GHSA-fwr2-64vr-xv9m",
"modified": "2023-09-11T12:59:30Z",
"published": "2023-09-11T12:59:30Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-fwr2-64vr-xv9m"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40029"
},
{
"type": "WEB",
"url": "https://github.com/argoproj/argo-cd/pull/7139"
},
{
"type": "WEB",
"url": "https://github.com/argoproj/argo-cd/commit/44e52c4ae76e6da1343bdd54e57a822d93549f28"
},
{
"type": "WEB",
"url": "https://github.com/argoproj/argo-cd/commit/4b2e5b06bff2ffd8ed1970654ddd8e55fc4a41c4"
},
{
"type": "WEB",
"url": "https://github.com/argoproj/argo-cd/commit/7122b83fc346ec2729227405a2f9c2aa84b0bf80"
},
{
"type": "PACKAGE",
"url": "https://github.com/argoproj/argo-cd"
},
{
"type": "WEB",
"url": "https://github.com/argoproj/argo-cd/releases/tag/v2.6.15"
},
{
"type": "WEB",
"url": "https://github.com/argoproj/argo-cd/releases/tag/v2.7.14"
},
{
"type": "WEB",
"url": "https://github.com/argoproj/argo-cd/releases/tag/v2.8.3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"type": "CVSS_V3"
}
],
"summary": "Argo CD cluster secret might leak in cluster details page"
}
gsd-2023-40029
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored in`kubectl.kubernetes.io/last-applied-configuration` annotation. pull request #7139 introduced the ability to manage cluster labels and annotations. Since clusters are stored as secrets it also exposes the `kubectl.kubernetes.io/last-applied-configuration` annotation which includes full secret body. In order to view the cluster annotations via the Argo CD API, the user must have `clusters, get` RBAC access. **Note:** In many cases, cluster secrets do not contain any actually-secret information. But sometimes, as in bearer-token auth, the contents might be very sensitive. The bug has been patched in versions 2.8.3, 2.7.14, and 2.6.15. Users are advised to upgrade. Users unable to upgrade should update/deploy cluster secret with `server-side-apply` flag which does not use or rely on `kubectl.kubernetes.io/last-applied-configuration` annotation. Note: annotation for existing secrets will require manual removal.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-40029",
"id": "GSD-2023-40029"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-40029"
],
"details": "Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored in`kubectl.kubernetes.io/last-applied-configuration` annotation. pull request #7139 introduced the ability to manage cluster labels and annotations. Since clusters are stored as secrets it also exposes the `kubectl.kubernetes.io/last-applied-configuration` annotation which includes full secret body. In order to view the cluster annotations via the Argo CD API, the user must have `clusters, get` RBAC access. **Note:** In many cases, cluster secrets do not contain any actually-secret information. But sometimes, as in bearer-token auth, the contents might be very sensitive. The bug has been patched in versions 2.8.3, 2.7.14, and 2.6.15. Users are advised to upgrade. Users unable to upgrade should update/deploy cluster secret with `server-side-apply` flag which does not use or rely on `kubectl.kubernetes.io/last-applied-configuration` annotation. Note: annotation for existing secrets will require manual removal.\n\n",
"id": "GSD-2023-40029",
"modified": "2023-12-13T01:20:43.620608Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2023-40029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "argo-cd",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "\u003e= 2.2.0, \u003c 2.6.15"
},
{
"version_affected": "=",
"version_value": "\u003e= 2.7.0, \u003c 2.7.14"
},
{
"version_affected": "=",
"version_value": "\u003e= 2.8.0, \u003c 2.8.3"
}
]
}
}
]
},
"vendor_name": "argoproj"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored in`kubectl.kubernetes.io/last-applied-configuration` annotation. pull request #7139 introduced the ability to manage cluster labels and annotations. Since clusters are stored as secrets it also exposes the `kubectl.kubernetes.io/last-applied-configuration` annotation which includes full secret body. In order to view the cluster annotations via the Argo CD API, the user must have `clusters, get` RBAC access. **Note:** In many cases, cluster secrets do not contain any actually-secret information. But sometimes, as in bearer-token auth, the contents might be very sensitive. The bug has been patched in versions 2.8.3, 2.7.14, and 2.6.15. Users are advised to upgrade. Users unable to upgrade should update/deploy cluster secret with `server-side-apply` flag which does not use or rely on `kubectl.kubernetes.io/last-applied-configuration` annotation. Note: annotation for existing secrets will require manual removal.\n\n"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-200",
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-fwr2-64vr-xv9m",
"refsource": "MISC",
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-fwr2-64vr-xv9m"
},
{
"name": "https://github.com/argoproj/argo-cd/pull/7139",
"refsource": "MISC",
"url": "https://github.com/argoproj/argo-cd/pull/7139"
},
{
"name": "https://github.com/argoproj/argo-cd/commit/4b2e5b06bff2ffd8ed1970654ddd8e55fc4a41c4",
"refsource": "MISC",
"url": "https://github.com/argoproj/argo-cd/commit/4b2e5b06bff2ffd8ed1970654ddd8e55fc4a41c4"
}
]
},
"source": {
"advisory": "GHSA-fwr2-64vr-xv9m",
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:linuxfoundation:argo_continuous_delivery:*:*:*:*:*:kubernetes:*:*",
"cpe_name": [],
"versionEndExcluding": "2.8.3",
"versionStartIncluding": "2.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:linuxfoundation:argo_continuous_delivery:*:*:*:*:*:kubernetes:*:*",
"cpe_name": [],
"versionEndExcluding": "2.7.14",
"versionStartIncluding": "2.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:linuxfoundation:argo_continuous_delivery:*:*:*:*:*:kubernetes:*:*",
"cpe_name": [],
"versionEndExcluding": "2.6.15",
"versionStartIncluding": "2.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2023-40029"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored in`kubectl.kubernetes.io/last-applied-configuration` annotation. pull request #7139 introduced the ability to manage cluster labels and annotations. Since clusters are stored as secrets it also exposes the `kubectl.kubernetes.io/last-applied-configuration` annotation which includes full secret body. In order to view the cluster annotations via the Argo CD API, the user must have `clusters, get` RBAC access. **Note:** In many cases, cluster secrets do not contain any actually-secret information. But sometimes, as in bearer-token auth, the contents might be very sensitive. The bug has been patched in versions 2.8.3, 2.7.14, and 2.6.15. Users are advised to upgrade. Users unable to upgrade should update/deploy cluster secret with `server-side-apply` flag which does not use or rely on `kubectl.kubernetes.io/last-applied-configuration` annotation. Note: annotation for existing secrets will require manual removal.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/argoproj/argo-cd/pull/7139",
"refsource": "MISC",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/argoproj/argo-cd/pull/7139"
},
{
"name": "https://github.com/argoproj/argo-cd/commit/4b2e5b06bff2ffd8ed1970654ddd8e55fc4a41c4",
"refsource": "MISC",
"tags": [
"Patch"
],
"url": "https://github.com/argoproj/argo-cd/commit/4b2e5b06bff2ffd8ed1970654ddd8e55fc4a41c4"
},
{
"name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-fwr2-64vr-xv9m",
"refsource": "MISC",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-fwr2-64vr-xv9m"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 5.8
}
},
"lastModifiedDate": "2023-10-27T14:31Z",
"publishedDate": "2023-09-07T23:15Z"
}
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.