Action not permitted
Modal body text goes here.
cve-2023-40584
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:38:50.409Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-g687-f2gx-6wm8", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-g687-f2gx-6wm8" }, { "name": "https://github.com/argoproj/argo-cd/commit/b8f92c4ff226346624f43de3f25d81dac6386674", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/argoproj/argo-cd/commit/b8f92c4ff226346624f43de3f25d81dac6386674" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-40584", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T13:59:54.034261Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T14:05:55.634Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "argo-cd", "vendor": "argoproj", "versions": [ { "status": "affected", "version": "\u003e= 2.4.0, \u003c 2.6.15" }, { "status": "affected", "version": "\u003e= 2.7.0, \u003c 2.7.14" }, { "status": "affected", "version": "\u003e= 2.8.0, \u003c 2.8.3" } ] } ], "descriptions": [ { "lang": "en", "value": "Argo CD is a declarative continuous deployment for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, the said component extracts a user-controlled tar.gz file without validating the size of its inner files. As a result, a malicious, low-privileged user can send a malicious tar.gz file that exploits this vulnerability to the repo-server, thereby harming the system\u0027s functionality and availability. Additionally, the repo-server is susceptible to another vulnerability due to the fact that it does not check the extracted file permissions before attempting to delete them. Consequently, an attacker can craft a malicious tar.gz archive in a way that prevents the deletion of its inner files when the manifest generation process is completed. A patch for this vulnerability has been released in versions 2.6.15, 2.7.14, and 2.8.3. Users are advised to upgrade. The only way to completely resolve the issue is to upgrade, however users unable to upgrade should configure RBAC (Role-Based Access Control) and provide access for configuring applications only to a limited number of administrators. These administrators should utilize trusted and verified Helm charts." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-07T22:14:58.573Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-g687-f2gx-6wm8", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-g687-f2gx-6wm8" }, { "name": "https://github.com/argoproj/argo-cd/commit/b8f92c4ff226346624f43de3f25d81dac6386674", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/argoproj/argo-cd/commit/b8f92c4ff226346624f43de3f25d81dac6386674" } ], "source": { "advisory": "GHSA-g687-f2gx-6wm8", "discovery": "UNKNOWN" }, "title": "Denial of Service to Argo CD repo-server " } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-40584", "datePublished": "2023-09-07T22:14:58.573Z", "dateReserved": "2023-08-16T18:24:02.391Z", "dateUpdated": "2024-09-26T14:05:55.634Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-40584\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-09-07T23:15:10.240\",\"lastModified\":\"2024-08-07T15:43:51.540\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Argo CD is a declarative continuous deployment for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, the said component extracts a user-controlled tar.gz file without validating the size of its inner files. As a result, a malicious, low-privileged user can send a malicious tar.gz file that exploits this vulnerability to the repo-server, thereby harming the system\u0027s functionality and availability. Additionally, the repo-server is susceptible to another vulnerability due to the fact that it does not check the extracted file permissions before attempting to delete them. Consequently, an attacker can craft a malicious tar.gz archive in a way that prevents the deletion of its inner files when the manifest generation process is completed. A patch for this vulnerability has been released in versions 2.6.15, 2.7.14, and 2.8.3. Users are advised to upgrade. The only way to completely resolve the issue is to upgrade, however users unable to upgrade should configure RBAC (Role-Based Access Control) and provide access for configuring applications only to a limited number of administrators. These administrators should utilize trusted and verified Helm charts.\"},{\"lang\":\"es\",\"value\":\"Argo CD es una implementaci\u00f3n continua declarativa para Kubernetes. Todas las versiones de ArgoCD a partir de la v2.4 tienen un error por el cual el componente del servidor de repositorio de ArgoCD es vulnerable a un vector de ataque de denegaci\u00f3n de servicio. Espec\u00edficamente, dicho componente extrae un archivo tar.gz controlado por el usuario sin validar el tama\u00f1o de sus archivos internos. Como resultado, un usuario malicioso y con pocos privilegios puede enviar un archivo tar.gz malicioso que aproveche esta vulnerabilidad al servidor de repositorio, da\u00f1ando as\u00ed la funcionalidad y disponibilidad del sistema. Adem\u00e1s, el servidor del repositorio es susceptible a otra vulnerabilidad debido a que no verifica los permisos de los archivos extra\u00eddos antes de intentar eliminarlos. En consecuencia, un atacante puede crear un archivo tar.gz malicioso de manera que impida la eliminaci\u00f3n de sus archivos internos cuando se completa el proceso de generaci\u00f3n del manifiesto. Se lanz\u00f3 un parche para esta vulnerabilidad en las versiones 2.6.15, 2.7.14 y 2.8.3. Se recomienda a los usuarios que actualicen. La \u00fanica forma de resolver completamente el problema es actualizar; sin embargo, los usuarios que no puedan actualizar deben configurar RBAC (Control de Acceso Basado en Roles) y brindar acceso para configurar aplicaciones solo a un n\u00famero limitado de administradores. Estos administradores deben utilizar gr\u00e1ficos Helm confiables y verificados.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.4.0\",\"versionEndExcluding\":\"2.6.15\",\"matchCriteriaId\":\"F3DCC701-128D-4059-9E81-702384A48AD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.7.0\",\"versionEndExcluding\":\"2.7.14\",\"matchCriteriaId\":\"BF1DA08F-D737-493C-B6E1-305260C9DF13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.8.0\",\"versionEndExcluding\":\"2.8.3\",\"matchCriteriaId\":\"4EBB2230-6C25-4B69-9475-239F566E20B3\"}]}]}],\"references\":[{\"url\":\"https://github.com/argoproj/argo-cd/commit/b8f92c4ff226346624f43de3f25d81dac6386674\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/argoproj/argo-cd/security/advisories/GHSA-g687-f2gx-6wm8\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
ghsa-g687-f2gx-6wm8
Vulnerability from github
Impact
All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, the said component extracts a user-controlled tar.gz file without validating the size of its inner files. As a result, a malicious, low-privileged user can send a malicious tar.gz file that exploits this vulnerability to the repo-server, thereby harming the system's functionality and availability. Additionally, the repo-server is susceptible to another vulnerability due to the fact that it does not check the extracted file permissions before attempting to delete them. Consequently, an attacker can craft a malicious tar.gz archive in a way that prevents the deletion of its inner files when the manifest generation process is completed.
Patches
A patch for this vulnerability has been released in the following Argo CD versions:
- v2.6.15
- v2.7.14
- v2.8.3
Workarounds
The only way to completely resolve the issue is to upgrade.
Mitigations
Configure RBAC (Role-Based Access Control) and provide access for configuring applications only to a limited number of administrators. These administrators should utilize trusted and verified Helm charts.
For more information
If you have any questions or comments about this advisory: * Open an issue in the Argo CD issue tracker or discussions * Join us on Slack in channel #argo-cd
Credits
This vulnerability was found & reported by GE Vernova – Amit Laish.
The Argo team would like to thank these contributors for their responsible disclosure and constructive communications during the resolve of this issue
{ "affected": [ { "package": { "ecosystem": "Go", "name": "github.com/argoproj/argo-cd/v2" }, "ranges": [ { "events": [ { "introduced": "2.4.0" }, { "fixed": "2.6.15" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Go", "name": "github.com/argoproj/argo-cd/v2" }, "ranges": [ { "events": [ { "introduced": "2.7.0" }, { "fixed": "2.7.14" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Go", "name": "github.com/argoproj/argo-cd/v2" }, "ranges": [ { "events": [ { "introduced": "2.8.0" }, { "fixed": "2.8.3" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2023-40584" ], "database_specific": { "cwe_ids": [ "CWE-400" ], "github_reviewed": true, "github_reviewed_at": "2023-09-11T12:59:48Z", "nvd_published_at": "2023-09-07T23:15:10Z", "severity": "MODERATE" }, "details": "### Impact\nAll versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, the said component extracts a user-controlled tar.gz file without validating the size of its inner files. As a result, a malicious, low-privileged user can send a malicious tar.gz file that exploits this vulnerability to the repo-server, thereby harming the system\u0027s functionality and availability. Additionally, the repo-server is susceptible to another vulnerability due to the fact that it does not check the extracted file permissions before attempting to delete them. Consequently, an attacker can craft a malicious tar.gz archive in a way that prevents the deletion of its inner files when the manifest generation process is completed.\n\n\n### Patches\nA patch for this vulnerability has been released in the following Argo CD versions:\n\n* v2.6.15\n* v2.7.14\n* v2.8.3\n\n### Workarounds\nThe only way to completely resolve the issue is to upgrade.\n\n#### Mitigations\nConfigure RBAC (Role-Based Access Control) and provide access for configuring applications only to a limited number of administrators. These administrators should utilize trusted and verified Helm charts.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [the Argo CD issue tracker](https://github.com/argoproj/argo-cd/issues) or [discussions](https://github.com/argoproj/argo-cd/discussions)\n* Join us on [Slack](https://argoproj.github.io/community/join-slack) in channel #argo-cd\n\n### Credits\nThis vulnerability was found \u0026 reported by GE Vernova \u2013 Amit Laish.\n\nThe Argo team would like to thank these contributors for their responsible disclosure and constructive communications during the resolve of this issue\n", "id": "GHSA-g687-f2gx-6wm8", "modified": "2023-09-11T12:59:48Z", "published": "2023-09-11T12:59:48Z", "references": [ { "type": "WEB", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-g687-f2gx-6wm8" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40584" }, { "type": "WEB", "url": "https://github.com/argoproj/argo-cd/commit/1391ba72149655e4884d357586d3201f15bc92dc" }, { "type": "WEB", "url": "https://github.com/argoproj/argo-cd/commit/b8f92c4ff226346624f43de3f25d81dac6386674" }, { "type": "PACKAGE", "url": "https://github.com/argoproj/argo-cd" }, { "type": "WEB", "url": "https://github.com/argoproj/argo-cd/releases/tag/v2.6.15" }, { "type": "WEB", "url": "https://github.com/argoproj/argo-cd/releases/tag/v2.7.14" }, { "type": "WEB", "url": "https://github.com/argoproj/argo-cd/releases/tag/v2.8.3" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ], "summary": "Argo CD repo-server Denial of Service vulnerability" }
wid-sec-w-2023-2296
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-2296 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2296.json" }, { "category": "self", "summary": "WID-SEC-2023-2296 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2296" }, { "category": "external", "summary": "Red Hat OpenShift GitOps release notes", "url": "https://docs.openshift.com/container-platform/4.13/cicd/gitops/gitops-release-notes.html#rhsa-2023-5029-gitops-1-9-2-security-update-advisory_gitops-release-notes" }, { "category": "external", "summary": "Red Hat OpenShift GitOps release notes", "url": "https://docs.openshift.com/container-platform/4.13/cicd/gitops/gitops-release-notes.html#gitops-release-notes-1-8-5_gitops-release-notes" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2023-09-10", "url": "https://access.redhat.com/errata/RHSA-2023:5030" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2023-09-10", "url": "https://access.redhat.com/errata/RHSA-2023:5029" } ], "source_lang": "en-US", "title": "Red Hat OpenShift: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-09-17T22:00:00.000+00:00", "generator": { "date": "2024-02-15T17:43:24.698+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-2296", "initial_release_date": "2023-09-10T22:00:00.000+00:00", "revision_history": [ { "date": "2023-09-10T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2023-09-17T22:00:00.000+00:00", "number": "2", "summary": "Pr\u00e4zisierung betroffene Versionen" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift GitOps \u003c 1.9.2", "product": { "name": "Red Hat OpenShift GitOps \u003c 1.9.2", "product_id": "T029918", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:gitops__1.9.2" } } }, { "category": "product_name", "name": "Red Hat OpenShift GitOps \u003c 1.8.5", "product": { "name": "Red Hat OpenShift GitOps \u003c 1.8.5", "product_id": "T029919", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:gitops__1.8.5" } } } ], "category": "product_name", "name": "OpenShift" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-40584", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in Red Hat OpenShift. Diese ist auf einen Fehler bei der Validierung von tar.gz-Dateien zur\u00fcckzuf\u00fchren. Es ist m\u00f6glich, mithilfe einer malizi\u00f6sen Datei einen erh\u00f6hten Ressourcenverbrauch zu verursachen. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2023-09-10T22:00:00Z", "title": "CVE-2023-40584" }, { "cve": "CVE-2023-40029", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in Red Hat OpenShift. Diese besteht in der Komponente \"GitOps\" und ist darauf zur\u00fcckzuf\u00fchren, dass Cluster Secrets fehlerhafterweise in \"kubectl.kubernetes.io/last-applied-configuration\" gespeichert werden. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen." } ], "release_date": "2023-09-10T22:00:00Z", "title": "CVE-2023-40029" } ] }
rhsa-2023_5029
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat OpenShift GitOps 1.9.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Security Fix(es):\n\n* ArgoCD: secrets can be leaked through kubectl.kubernetes.io/last-applied-configuration (CVE-2023-40029)\n\n* ArgoCD: Denial of Service to Argo CD repo-server (CVE-2023-40584)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:5029", "url": "https://access.redhat.com/errata/RHSA-2023:5029" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "2233203", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233203" }, { "category": "external", "summary": "2236530", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236530" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5029.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift GitOps security update", "tracking": { "current_release_date": "2024-11-06T03:38:33+00:00", "generator": { "date": "2024-11-06T03:38:33+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2023:5029", "initial_release_date": "2023-09-08T13:00:32+00:00", "revision_history": [ { "date": "2023-09-08T13:00:32+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-09-08T13:00:32+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T03:38:33+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift GitOps 1.9", "product": { "name": "Red Hat OpenShift GitOps 1.9", "product_id": "8Base-GitOps-1.9", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_gitops:1.9::el9" } } } ], "category": "product_family", "name": "Red Hat OpenShift GitOps" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-1/argocd-rhel8@sha256:03d223c3928b2284d2ab6870652a8a34bb56e05f52388f0f90174da05f670535_arm64", "product": { "name": "openshift-gitops-1/argocd-rhel8@sha256:03d223c3928b2284d2ab6870652a8a34bb56e05f52388f0f90174da05f670535_arm64", "product_id": "openshift-gitops-1/argocd-rhel8@sha256:03d223c3928b2284d2ab6870652a8a34bb56e05f52388f0f90174da05f670535_arm64", "product_identification_helper": { "purl": "pkg:oci/argocd-rhel8@sha256:03d223c3928b2284d2ab6870652a8a34bb56e05f52388f0f90174da05f670535?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.9.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:d29dcb4565dfa3750254ac943059452c7f9e8f6c6ff7ca1ea19ac8e51bd10b1b_arm64", "product": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:d29dcb4565dfa3750254ac943059452c7f9e8f6c6ff7ca1ea19ac8e51bd10b1b_arm64", "product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:d29dcb4565dfa3750254ac943059452c7f9e8f6c6ff7ca1ea19ac8e51bd10b1b_arm64", "product_identification_helper": { "purl": "pkg:oci/argo-rollouts-rhel8@sha256:d29dcb4565dfa3750254ac943059452c7f9e8f6c6ff7ca1ea19ac8e51bd10b1b?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.9.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/console-plugin-rhel8@sha256:6c0e00705e55f098a6927b93af39bc9e645eb989b58957eab6b0c6560c3f9952_arm64", "product": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:6c0e00705e55f098a6927b93af39bc9e645eb989b58957eab6b0c6560c3f9952_arm64", "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:6c0e00705e55f098a6927b93af39bc9e645eb989b58957eab6b0c6560c3f9952_arm64", "product_identification_helper": { "purl": "pkg:oci/console-plugin-rhel8@sha256:6c0e00705e55f098a6927b93af39bc9e645eb989b58957eab6b0c6560c3f9952?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.9.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8@sha256:fcd40768542ab495c16147d412a36759ee55a9bec58a90224f27e89ca3772178_arm64", "product": { "name": "openshift-gitops-1/gitops-rhel8@sha256:fcd40768542ab495c16147d412a36759ee55a9bec58a90224f27e89ca3772178_arm64", "product_id": "openshift-gitops-1/gitops-rhel8@sha256:fcd40768542ab495c16147d412a36759ee55a9bec58a90224f27e89ca3772178_arm64", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8@sha256:fcd40768542ab495c16147d412a36759ee55a9bec58a90224f27e89ca3772178?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.9.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/dex-rhel8@sha256:ea441e824727aaaf3603d111bb8041a6062832ba99f341eba6af46f206e14f21_arm64", "product": { "name": "openshift-gitops-1/dex-rhel8@sha256:ea441e824727aaaf3603d111bb8041a6062832ba99f341eba6af46f206e14f21_arm64", "product_id": "openshift-gitops-1/dex-rhel8@sha256:ea441e824727aaaf3603d111bb8041a6062832ba99f341eba6af46f206e14f21_arm64", "product_identification_helper": { "purl": "pkg:oci/dex-rhel8@sha256:ea441e824727aaaf3603d111bb8041a6062832ba99f341eba6af46f206e14f21?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.9.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:86877c978adc1f22d87199fd23ea6f5fa05412badad3b3d3cbc74ba63a9a8721_arm64", "product": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:86877c978adc1f22d87199fd23ea6f5fa05412badad3b3d3cbc74ba63a9a8721_arm64", "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:86877c978adc1f22d87199fd23ea6f5fa05412badad3b3d3cbc74ba63a9a8721_arm64", "product_identification_helper": { "purl": "pkg:oci/kam-delivery-rhel8@sha256:86877c978adc1f22d87199fd23ea6f5fa05412badad3b3d3cbc74ba63a9a8721?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.9.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/must-gather-rhel8@sha256:e6375ddb6b79f665f7c76a785d1e66dbc77d6cf72799d8f64cc71a1881c699b2_arm64", "product": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:e6375ddb6b79f665f7c76a785d1e66dbc77d6cf72799d8f64cc71a1881c699b2_arm64", "product_id": "openshift-gitops-1/must-gather-rhel8@sha256:e6375ddb6b79f665f7c76a785d1e66dbc77d6cf72799d8f64cc71a1881c699b2_arm64", "product_identification_helper": { "purl": "pkg:oci/must-gather-rhel8@sha256:e6375ddb6b79f665f7c76a785d1e66dbc77d6cf72799d8f64cc71a1881c699b2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.9.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:8704816375bd42dc5d9dc442694e511cb7307fce42090c5a335a320951f65f92_arm64", "product": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:8704816375bd42dc5d9dc442694e511cb7307fce42090c5a335a320951f65f92_arm64", "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:8704816375bd42dc5d9dc442694e511cb7307fce42090c5a335a320951f65f92_arm64", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8-operator@sha256:8704816375bd42dc5d9dc442694e511cb7307fce42090c5a335a320951f65f92?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.9.2-2" } } } ], "category": "architecture", "name": "arm64" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-1/argocd-rhel8@sha256:f0054516df984bda47e005a2aaa5e7256c3039429aa5aa37c1a4b0f6f7942519_amd64", "product": { "name": "openshift-gitops-1/argocd-rhel8@sha256:f0054516df984bda47e005a2aaa5e7256c3039429aa5aa37c1a4b0f6f7942519_amd64", "product_id": "openshift-gitops-1/argocd-rhel8@sha256:f0054516df984bda47e005a2aaa5e7256c3039429aa5aa37c1a4b0f6f7942519_amd64", "product_identification_helper": { "purl": "pkg:oci/argocd-rhel8@sha256:f0054516df984bda47e005a2aaa5e7256c3039429aa5aa37c1a4b0f6f7942519?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.9.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:7048e08a52ebcbf6ee3e2c70c6b12b92a044899e976a98ccf398931c01a48333_amd64", "product": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:7048e08a52ebcbf6ee3e2c70c6b12b92a044899e976a98ccf398931c01a48333_amd64", "product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:7048e08a52ebcbf6ee3e2c70c6b12b92a044899e976a98ccf398931c01a48333_amd64", "product_identification_helper": { "purl": "pkg:oci/argo-rollouts-rhel8@sha256:7048e08a52ebcbf6ee3e2c70c6b12b92a044899e976a98ccf398931c01a48333?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.9.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/console-plugin-rhel8@sha256:7a0128152d1f40c8a9b908ca40518cbee671755b0749eb602bfaec51223ac4d3_amd64", "product": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:7a0128152d1f40c8a9b908ca40518cbee671755b0749eb602bfaec51223ac4d3_amd64", "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:7a0128152d1f40c8a9b908ca40518cbee671755b0749eb602bfaec51223ac4d3_amd64", "product_identification_helper": { "purl": "pkg:oci/console-plugin-rhel8@sha256:7a0128152d1f40c8a9b908ca40518cbee671755b0749eb602bfaec51223ac4d3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.9.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8@sha256:97b6649067c47e120f8b38bec0c34904d941d408d12fda8350a09650fbb229a2_amd64", "product": { "name": "openshift-gitops-1/gitops-rhel8@sha256:97b6649067c47e120f8b38bec0c34904d941d408d12fda8350a09650fbb229a2_amd64", "product_id": "openshift-gitops-1/gitops-rhel8@sha256:97b6649067c47e120f8b38bec0c34904d941d408d12fda8350a09650fbb229a2_amd64", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8@sha256:97b6649067c47e120f8b38bec0c34904d941d408d12fda8350a09650fbb229a2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.9.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/dex-rhel8@sha256:c413aa3194057340397bf9800d8460f5907f744e992cd2c77a5749e1afd76b79_amd64", "product": { "name": "openshift-gitops-1/dex-rhel8@sha256:c413aa3194057340397bf9800d8460f5907f744e992cd2c77a5749e1afd76b79_amd64", "product_id": "openshift-gitops-1/dex-rhel8@sha256:c413aa3194057340397bf9800d8460f5907f744e992cd2c77a5749e1afd76b79_amd64", "product_identification_helper": { "purl": "pkg:oci/dex-rhel8@sha256:c413aa3194057340397bf9800d8460f5907f744e992cd2c77a5749e1afd76b79?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.9.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:3bf8384e62a5540ea4bcd8d86170647ea6c5a84f090d56ca38037a41d5494c6c_amd64", "product": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:3bf8384e62a5540ea4bcd8d86170647ea6c5a84f090d56ca38037a41d5494c6c_amd64", "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:3bf8384e62a5540ea4bcd8d86170647ea6c5a84f090d56ca38037a41d5494c6c_amd64", "product_identification_helper": { "purl": "pkg:oci/kam-delivery-rhel8@sha256:3bf8384e62a5540ea4bcd8d86170647ea6c5a84f090d56ca38037a41d5494c6c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.9.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/must-gather-rhel8@sha256:f55e668c4fd9beb02af82d79e107aa39d4e849a3ecdf20eedaa8bb81bea8062b_amd64", "product": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:f55e668c4fd9beb02af82d79e107aa39d4e849a3ecdf20eedaa8bb81bea8062b_amd64", "product_id": "openshift-gitops-1/must-gather-rhel8@sha256:f55e668c4fd9beb02af82d79e107aa39d4e849a3ecdf20eedaa8bb81bea8062b_amd64", "product_identification_helper": { "purl": "pkg:oci/must-gather-rhel8@sha256:f55e668c4fd9beb02af82d79e107aa39d4e849a3ecdf20eedaa8bb81bea8062b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.9.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-operator-bundle@sha256:2201eec03ba3e0b01a5e2352d9a158c8d4e10063b699c1239c7a9eedc717dfa8_amd64", "product": { "name": "openshift-gitops-1/gitops-operator-bundle@sha256:2201eec03ba3e0b01a5e2352d9a158c8d4e10063b699c1239c7a9eedc717dfa8_amd64", "product_id": "openshift-gitops-1/gitops-operator-bundle@sha256:2201eec03ba3e0b01a5e2352d9a158c8d4e10063b699c1239c7a9eedc717dfa8_amd64", "product_identification_helper": { "purl": "pkg:oci/gitops-operator-bundle@sha256:2201eec03ba3e0b01a5e2352d9a158c8d4e10063b699c1239c7a9eedc717dfa8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-operator-bundle\u0026tag=v1.9.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:e1ac5234661969b0d0ec93b1d029a9b9d3e7f6f9d89ecf0334db98f1a2b251f2_amd64", "product": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:e1ac5234661969b0d0ec93b1d029a9b9d3e7f6f9d89ecf0334db98f1a2b251f2_amd64", "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:e1ac5234661969b0d0ec93b1d029a9b9d3e7f6f9d89ecf0334db98f1a2b251f2_amd64", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8-operator@sha256:e1ac5234661969b0d0ec93b1d029a9b9d3e7f6f9d89ecf0334db98f1a2b251f2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.9.2-2" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-1/argocd-rhel8@sha256:29921e02d3d3620ac789825260158e85b501faebfec67276308e4440f2c40ccc_s390x", "product": { "name": "openshift-gitops-1/argocd-rhel8@sha256:29921e02d3d3620ac789825260158e85b501faebfec67276308e4440f2c40ccc_s390x", "product_id": "openshift-gitops-1/argocd-rhel8@sha256:29921e02d3d3620ac789825260158e85b501faebfec67276308e4440f2c40ccc_s390x", "product_identification_helper": { "purl": "pkg:oci/argocd-rhel8@sha256:29921e02d3d3620ac789825260158e85b501faebfec67276308e4440f2c40ccc?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.9.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:747f8e0c69886810a16418f88d4b6796f50566ac02680b4f3d9136c03b38b41f_s390x", "product": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:747f8e0c69886810a16418f88d4b6796f50566ac02680b4f3d9136c03b38b41f_s390x", "product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:747f8e0c69886810a16418f88d4b6796f50566ac02680b4f3d9136c03b38b41f_s390x", "product_identification_helper": { "purl": "pkg:oci/argo-rollouts-rhel8@sha256:747f8e0c69886810a16418f88d4b6796f50566ac02680b4f3d9136c03b38b41f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.9.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/console-plugin-rhel8@sha256:9ca8dacee46cb72f5ae2936ee737875c35f3feb4e405a4fac4513038867496ae_s390x", "product": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:9ca8dacee46cb72f5ae2936ee737875c35f3feb4e405a4fac4513038867496ae_s390x", "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:9ca8dacee46cb72f5ae2936ee737875c35f3feb4e405a4fac4513038867496ae_s390x", "product_identification_helper": { "purl": "pkg:oci/console-plugin-rhel8@sha256:9ca8dacee46cb72f5ae2936ee737875c35f3feb4e405a4fac4513038867496ae?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.9.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8@sha256:b57adda5e21a2a4a7bd301d27a301c5f8faf9bbfefcaf33a4b25be7508f243f8_s390x", "product": { "name": "openshift-gitops-1/gitops-rhel8@sha256:b57adda5e21a2a4a7bd301d27a301c5f8faf9bbfefcaf33a4b25be7508f243f8_s390x", "product_id": "openshift-gitops-1/gitops-rhel8@sha256:b57adda5e21a2a4a7bd301d27a301c5f8faf9bbfefcaf33a4b25be7508f243f8_s390x", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8@sha256:b57adda5e21a2a4a7bd301d27a301c5f8faf9bbfefcaf33a4b25be7508f243f8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.9.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/dex-rhel8@sha256:5c9950c9bf0fa1ca260d57eac882ad6123d45b305aafe5bc6d8bef15f2ef2eb9_s390x", "product": { "name": "openshift-gitops-1/dex-rhel8@sha256:5c9950c9bf0fa1ca260d57eac882ad6123d45b305aafe5bc6d8bef15f2ef2eb9_s390x", "product_id": "openshift-gitops-1/dex-rhel8@sha256:5c9950c9bf0fa1ca260d57eac882ad6123d45b305aafe5bc6d8bef15f2ef2eb9_s390x", "product_identification_helper": { "purl": "pkg:oci/dex-rhel8@sha256:5c9950c9bf0fa1ca260d57eac882ad6123d45b305aafe5bc6d8bef15f2ef2eb9?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.9.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:7fcc5fb4733d4d733b47fc24dd92f902ce9f54ee5bbc42ce6e2376b9a8eb7e81_s390x", "product": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:7fcc5fb4733d4d733b47fc24dd92f902ce9f54ee5bbc42ce6e2376b9a8eb7e81_s390x", "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:7fcc5fb4733d4d733b47fc24dd92f902ce9f54ee5bbc42ce6e2376b9a8eb7e81_s390x", "product_identification_helper": { "purl": "pkg:oci/kam-delivery-rhel8@sha256:7fcc5fb4733d4d733b47fc24dd92f902ce9f54ee5bbc42ce6e2376b9a8eb7e81?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.9.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/must-gather-rhel8@sha256:67b6c9b9ae88c126653b774276ae66ced91ff84cb7809c3b2af57b00f5ae32e4_s390x", "product": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:67b6c9b9ae88c126653b774276ae66ced91ff84cb7809c3b2af57b00f5ae32e4_s390x", "product_id": "openshift-gitops-1/must-gather-rhel8@sha256:67b6c9b9ae88c126653b774276ae66ced91ff84cb7809c3b2af57b00f5ae32e4_s390x", "product_identification_helper": { "purl": "pkg:oci/must-gather-rhel8@sha256:67b6c9b9ae88c126653b774276ae66ced91ff84cb7809c3b2af57b00f5ae32e4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.9.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:5c4fbf250c9af004dbc57b71a208635798f7c95e0a099d7560c0efd95d007c0e_s390x", "product": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:5c4fbf250c9af004dbc57b71a208635798f7c95e0a099d7560c0efd95d007c0e_s390x", "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:5c4fbf250c9af004dbc57b71a208635798f7c95e0a099d7560c0efd95d007c0e_s390x", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8-operator@sha256:5c4fbf250c9af004dbc57b71a208635798f7c95e0a099d7560c0efd95d007c0e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.9.2-2" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-1/argocd-rhel8@sha256:2730303d0766822aebbec417ffbfb71abf072026a42a2c358c28227c7c7fa3ba_ppc64le", "product": { "name": "openshift-gitops-1/argocd-rhel8@sha256:2730303d0766822aebbec417ffbfb71abf072026a42a2c358c28227c7c7fa3ba_ppc64le", "product_id": "openshift-gitops-1/argocd-rhel8@sha256:2730303d0766822aebbec417ffbfb71abf072026a42a2c358c28227c7c7fa3ba_ppc64le", "product_identification_helper": { "purl": "pkg:oci/argocd-rhel8@sha256:2730303d0766822aebbec417ffbfb71abf072026a42a2c358c28227c7c7fa3ba?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.9.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:5c2dda1779ea4cb1d038dfc66d8479dfe950ac431fb4b34491b49aaa9e932727_ppc64le", "product": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:5c2dda1779ea4cb1d038dfc66d8479dfe950ac431fb4b34491b49aaa9e932727_ppc64le", "product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:5c2dda1779ea4cb1d038dfc66d8479dfe950ac431fb4b34491b49aaa9e932727_ppc64le", "product_identification_helper": { "purl": "pkg:oci/argo-rollouts-rhel8@sha256:5c2dda1779ea4cb1d038dfc66d8479dfe950ac431fb4b34491b49aaa9e932727?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.9.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/console-plugin-rhel8@sha256:599bb3b2d0cce5913aae5415805a721f2ab4f3597b7cda64e1c7ace211f72dac_ppc64le", "product": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:599bb3b2d0cce5913aae5415805a721f2ab4f3597b7cda64e1c7ace211f72dac_ppc64le", "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:599bb3b2d0cce5913aae5415805a721f2ab4f3597b7cda64e1c7ace211f72dac_ppc64le", "product_identification_helper": { "purl": "pkg:oci/console-plugin-rhel8@sha256:599bb3b2d0cce5913aae5415805a721f2ab4f3597b7cda64e1c7ace211f72dac?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.9.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8@sha256:71106ba3b6d72314a7a0d49a2c74dd4fdb30f126f995f6d1254d28a868a16149_ppc64le", "product": { "name": "openshift-gitops-1/gitops-rhel8@sha256:71106ba3b6d72314a7a0d49a2c74dd4fdb30f126f995f6d1254d28a868a16149_ppc64le", "product_id": "openshift-gitops-1/gitops-rhel8@sha256:71106ba3b6d72314a7a0d49a2c74dd4fdb30f126f995f6d1254d28a868a16149_ppc64le", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8@sha256:71106ba3b6d72314a7a0d49a2c74dd4fdb30f126f995f6d1254d28a868a16149?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.9.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/dex-rhel8@sha256:c86a4edc82ab73512e10304f8d4bf9339992e8ce253afdb8fffe476cb192ca3a_ppc64le", "product": { "name": "openshift-gitops-1/dex-rhel8@sha256:c86a4edc82ab73512e10304f8d4bf9339992e8ce253afdb8fffe476cb192ca3a_ppc64le", "product_id": "openshift-gitops-1/dex-rhel8@sha256:c86a4edc82ab73512e10304f8d4bf9339992e8ce253afdb8fffe476cb192ca3a_ppc64le", "product_identification_helper": { "purl": "pkg:oci/dex-rhel8@sha256:c86a4edc82ab73512e10304f8d4bf9339992e8ce253afdb8fffe476cb192ca3a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.9.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:0b24e4ddc8a54dcfcf72312cc63b372307eece7bf06031f2d03b5dcbe208f16b_ppc64le", "product": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:0b24e4ddc8a54dcfcf72312cc63b372307eece7bf06031f2d03b5dcbe208f16b_ppc64le", "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:0b24e4ddc8a54dcfcf72312cc63b372307eece7bf06031f2d03b5dcbe208f16b_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kam-delivery-rhel8@sha256:0b24e4ddc8a54dcfcf72312cc63b372307eece7bf06031f2d03b5dcbe208f16b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.9.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/must-gather-rhel8@sha256:7c63f56044f12403ac6aab8e7813409415e62858258bd2164982a391afd45deb_ppc64le", "product": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:7c63f56044f12403ac6aab8e7813409415e62858258bd2164982a391afd45deb_ppc64le", "product_id": "openshift-gitops-1/must-gather-rhel8@sha256:7c63f56044f12403ac6aab8e7813409415e62858258bd2164982a391afd45deb_ppc64le", "product_identification_helper": { "purl": "pkg:oci/must-gather-rhel8@sha256:7c63f56044f12403ac6aab8e7813409415e62858258bd2164982a391afd45deb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.9.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:ef894220b2c60a8077e434cd2561dbab365814139c71317c0be6585a30856da8_ppc64le", "product": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:ef894220b2c60a8077e434cd2561dbab365814139c71317c0be6585a30856da8_ppc64le", "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:ef894220b2c60a8077e434cd2561dbab365814139c71317c0be6585a30856da8_ppc64le", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8-operator@sha256:ef894220b2c60a8077e434cd2561dbab365814139c71317c0be6585a30856da8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.9.2-2" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:5c2dda1779ea4cb1d038dfc66d8479dfe950ac431fb4b34491b49aaa9e932727_ppc64le as a component of Red Hat OpenShift GitOps 1.9", "product_id": "8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:5c2dda1779ea4cb1d038dfc66d8479dfe950ac431fb4b34491b49aaa9e932727_ppc64le" }, "product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:5c2dda1779ea4cb1d038dfc66d8479dfe950ac431fb4b34491b49aaa9e932727_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:7048e08a52ebcbf6ee3e2c70c6b12b92a044899e976a98ccf398931c01a48333_amd64 as a component of Red Hat OpenShift GitOps 1.9", "product_id": "8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:7048e08a52ebcbf6ee3e2c70c6b12b92a044899e976a98ccf398931c01a48333_amd64" }, "product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:7048e08a52ebcbf6ee3e2c70c6b12b92a044899e976a98ccf398931c01a48333_amd64", "relates_to_product_reference": "8Base-GitOps-1.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:747f8e0c69886810a16418f88d4b6796f50566ac02680b4f3d9136c03b38b41f_s390x as a component of Red Hat OpenShift GitOps 1.9", "product_id": "8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:747f8e0c69886810a16418f88d4b6796f50566ac02680b4f3d9136c03b38b41f_s390x" }, "product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:747f8e0c69886810a16418f88d4b6796f50566ac02680b4f3d9136c03b38b41f_s390x", "relates_to_product_reference": "8Base-GitOps-1.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:d29dcb4565dfa3750254ac943059452c7f9e8f6c6ff7ca1ea19ac8e51bd10b1b_arm64 as a component of Red Hat OpenShift GitOps 1.9", "product_id": "8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:d29dcb4565dfa3750254ac943059452c7f9e8f6c6ff7ca1ea19ac8e51bd10b1b_arm64" }, "product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:d29dcb4565dfa3750254ac943059452c7f9e8f6c6ff7ca1ea19ac8e51bd10b1b_arm64", "relates_to_product_reference": "8Base-GitOps-1.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argocd-rhel8@sha256:03d223c3928b2284d2ab6870652a8a34bb56e05f52388f0f90174da05f670535_arm64 as a component of Red Hat OpenShift GitOps 1.9", "product_id": "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:03d223c3928b2284d2ab6870652a8a34bb56e05f52388f0f90174da05f670535_arm64" }, "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:03d223c3928b2284d2ab6870652a8a34bb56e05f52388f0f90174da05f670535_arm64", "relates_to_product_reference": "8Base-GitOps-1.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argocd-rhel8@sha256:2730303d0766822aebbec417ffbfb71abf072026a42a2c358c28227c7c7fa3ba_ppc64le as a component of Red Hat OpenShift GitOps 1.9", "product_id": "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:2730303d0766822aebbec417ffbfb71abf072026a42a2c358c28227c7c7fa3ba_ppc64le" }, "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:2730303d0766822aebbec417ffbfb71abf072026a42a2c358c28227c7c7fa3ba_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argocd-rhel8@sha256:29921e02d3d3620ac789825260158e85b501faebfec67276308e4440f2c40ccc_s390x as a component of Red Hat OpenShift GitOps 1.9", "product_id": "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:29921e02d3d3620ac789825260158e85b501faebfec67276308e4440f2c40ccc_s390x" }, "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:29921e02d3d3620ac789825260158e85b501faebfec67276308e4440f2c40ccc_s390x", "relates_to_product_reference": "8Base-GitOps-1.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argocd-rhel8@sha256:f0054516df984bda47e005a2aaa5e7256c3039429aa5aa37c1a4b0f6f7942519_amd64 as a component of Red Hat OpenShift GitOps 1.9", "product_id": "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:f0054516df984bda47e005a2aaa5e7256c3039429aa5aa37c1a4b0f6f7942519_amd64" }, "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:f0054516df984bda47e005a2aaa5e7256c3039429aa5aa37c1a4b0f6f7942519_amd64", "relates_to_product_reference": "8Base-GitOps-1.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:599bb3b2d0cce5913aae5415805a721f2ab4f3597b7cda64e1c7ace211f72dac_ppc64le as a component of Red Hat OpenShift GitOps 1.9", "product_id": "8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:599bb3b2d0cce5913aae5415805a721f2ab4f3597b7cda64e1c7ace211f72dac_ppc64le" }, "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:599bb3b2d0cce5913aae5415805a721f2ab4f3597b7cda64e1c7ace211f72dac_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:6c0e00705e55f098a6927b93af39bc9e645eb989b58957eab6b0c6560c3f9952_arm64 as a component of Red Hat OpenShift GitOps 1.9", "product_id": "8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:6c0e00705e55f098a6927b93af39bc9e645eb989b58957eab6b0c6560c3f9952_arm64" }, "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:6c0e00705e55f098a6927b93af39bc9e645eb989b58957eab6b0c6560c3f9952_arm64", "relates_to_product_reference": "8Base-GitOps-1.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:7a0128152d1f40c8a9b908ca40518cbee671755b0749eb602bfaec51223ac4d3_amd64 as a component of Red Hat OpenShift GitOps 1.9", "product_id": "8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:7a0128152d1f40c8a9b908ca40518cbee671755b0749eb602bfaec51223ac4d3_amd64" }, "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:7a0128152d1f40c8a9b908ca40518cbee671755b0749eb602bfaec51223ac4d3_amd64", "relates_to_product_reference": "8Base-GitOps-1.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:9ca8dacee46cb72f5ae2936ee737875c35f3feb4e405a4fac4513038867496ae_s390x as a component of Red Hat OpenShift GitOps 1.9", "product_id": "8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:9ca8dacee46cb72f5ae2936ee737875c35f3feb4e405a4fac4513038867496ae_s390x" }, "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:9ca8dacee46cb72f5ae2936ee737875c35f3feb4e405a4fac4513038867496ae_s390x", "relates_to_product_reference": "8Base-GitOps-1.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/dex-rhel8@sha256:5c9950c9bf0fa1ca260d57eac882ad6123d45b305aafe5bc6d8bef15f2ef2eb9_s390x as a component of Red Hat OpenShift GitOps 1.9", "product_id": "8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:5c9950c9bf0fa1ca260d57eac882ad6123d45b305aafe5bc6d8bef15f2ef2eb9_s390x" }, "product_reference": "openshift-gitops-1/dex-rhel8@sha256:5c9950c9bf0fa1ca260d57eac882ad6123d45b305aafe5bc6d8bef15f2ef2eb9_s390x", "relates_to_product_reference": "8Base-GitOps-1.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/dex-rhel8@sha256:c413aa3194057340397bf9800d8460f5907f744e992cd2c77a5749e1afd76b79_amd64 as a component of Red Hat OpenShift GitOps 1.9", "product_id": "8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:c413aa3194057340397bf9800d8460f5907f744e992cd2c77a5749e1afd76b79_amd64" }, "product_reference": "openshift-gitops-1/dex-rhel8@sha256:c413aa3194057340397bf9800d8460f5907f744e992cd2c77a5749e1afd76b79_amd64", "relates_to_product_reference": "8Base-GitOps-1.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/dex-rhel8@sha256:c86a4edc82ab73512e10304f8d4bf9339992e8ce253afdb8fffe476cb192ca3a_ppc64le as a component of Red Hat OpenShift GitOps 1.9", "product_id": "8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:c86a4edc82ab73512e10304f8d4bf9339992e8ce253afdb8fffe476cb192ca3a_ppc64le" }, "product_reference": "openshift-gitops-1/dex-rhel8@sha256:c86a4edc82ab73512e10304f8d4bf9339992e8ce253afdb8fffe476cb192ca3a_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/dex-rhel8@sha256:ea441e824727aaaf3603d111bb8041a6062832ba99f341eba6af46f206e14f21_arm64 as a component of Red Hat OpenShift GitOps 1.9", "product_id": "8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:ea441e824727aaaf3603d111bb8041a6062832ba99f341eba6af46f206e14f21_arm64" }, "product_reference": "openshift-gitops-1/dex-rhel8@sha256:ea441e824727aaaf3603d111bb8041a6062832ba99f341eba6af46f206e14f21_arm64", "relates_to_product_reference": "8Base-GitOps-1.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-operator-bundle@sha256:2201eec03ba3e0b01a5e2352d9a158c8d4e10063b699c1239c7a9eedc717dfa8_amd64 as a component of Red Hat OpenShift GitOps 1.9", "product_id": "8Base-GitOps-1.9:openshift-gitops-1/gitops-operator-bundle@sha256:2201eec03ba3e0b01a5e2352d9a158c8d4e10063b699c1239c7a9eedc717dfa8_amd64" }, "product_reference": "openshift-gitops-1/gitops-operator-bundle@sha256:2201eec03ba3e0b01a5e2352d9a158c8d4e10063b699c1239c7a9eedc717dfa8_amd64", "relates_to_product_reference": "8Base-GitOps-1.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:5c4fbf250c9af004dbc57b71a208635798f7c95e0a099d7560c0efd95d007c0e_s390x as a component of Red Hat OpenShift GitOps 1.9", "product_id": "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:5c4fbf250c9af004dbc57b71a208635798f7c95e0a099d7560c0efd95d007c0e_s390x" }, "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:5c4fbf250c9af004dbc57b71a208635798f7c95e0a099d7560c0efd95d007c0e_s390x", "relates_to_product_reference": "8Base-GitOps-1.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:8704816375bd42dc5d9dc442694e511cb7307fce42090c5a335a320951f65f92_arm64 as a component of Red Hat OpenShift GitOps 1.9", "product_id": "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:8704816375bd42dc5d9dc442694e511cb7307fce42090c5a335a320951f65f92_arm64" }, "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:8704816375bd42dc5d9dc442694e511cb7307fce42090c5a335a320951f65f92_arm64", "relates_to_product_reference": "8Base-GitOps-1.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:e1ac5234661969b0d0ec93b1d029a9b9d3e7f6f9d89ecf0334db98f1a2b251f2_amd64 as a component of Red Hat OpenShift GitOps 1.9", "product_id": "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:e1ac5234661969b0d0ec93b1d029a9b9d3e7f6f9d89ecf0334db98f1a2b251f2_amd64" }, "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:e1ac5234661969b0d0ec93b1d029a9b9d3e7f6f9d89ecf0334db98f1a2b251f2_amd64", "relates_to_product_reference": "8Base-GitOps-1.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:ef894220b2c60a8077e434cd2561dbab365814139c71317c0be6585a30856da8_ppc64le as a component of Red Hat OpenShift GitOps 1.9", "product_id": "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:ef894220b2c60a8077e434cd2561dbab365814139c71317c0be6585a30856da8_ppc64le" }, "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:ef894220b2c60a8077e434cd2561dbab365814139c71317c0be6585a30856da8_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8@sha256:71106ba3b6d72314a7a0d49a2c74dd4fdb30f126f995f6d1254d28a868a16149_ppc64le as a component of Red Hat OpenShift GitOps 1.9", "product_id": "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:71106ba3b6d72314a7a0d49a2c74dd4fdb30f126f995f6d1254d28a868a16149_ppc64le" }, "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:71106ba3b6d72314a7a0d49a2c74dd4fdb30f126f995f6d1254d28a868a16149_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8@sha256:97b6649067c47e120f8b38bec0c34904d941d408d12fda8350a09650fbb229a2_amd64 as a component of Red Hat OpenShift GitOps 1.9", "product_id": "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:97b6649067c47e120f8b38bec0c34904d941d408d12fda8350a09650fbb229a2_amd64" }, "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:97b6649067c47e120f8b38bec0c34904d941d408d12fda8350a09650fbb229a2_amd64", "relates_to_product_reference": "8Base-GitOps-1.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8@sha256:b57adda5e21a2a4a7bd301d27a301c5f8faf9bbfefcaf33a4b25be7508f243f8_s390x as a component of Red Hat OpenShift GitOps 1.9", "product_id": "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:b57adda5e21a2a4a7bd301d27a301c5f8faf9bbfefcaf33a4b25be7508f243f8_s390x" }, "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:b57adda5e21a2a4a7bd301d27a301c5f8faf9bbfefcaf33a4b25be7508f243f8_s390x", "relates_to_product_reference": "8Base-GitOps-1.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8@sha256:fcd40768542ab495c16147d412a36759ee55a9bec58a90224f27e89ca3772178_arm64 as a component of Red Hat OpenShift GitOps 1.9", "product_id": "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:fcd40768542ab495c16147d412a36759ee55a9bec58a90224f27e89ca3772178_arm64" }, "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:fcd40768542ab495c16147d412a36759ee55a9bec58a90224f27e89ca3772178_arm64", "relates_to_product_reference": "8Base-GitOps-1.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:0b24e4ddc8a54dcfcf72312cc63b372307eece7bf06031f2d03b5dcbe208f16b_ppc64le as a component of Red Hat OpenShift GitOps 1.9", "product_id": "8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:0b24e4ddc8a54dcfcf72312cc63b372307eece7bf06031f2d03b5dcbe208f16b_ppc64le" }, "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:0b24e4ddc8a54dcfcf72312cc63b372307eece7bf06031f2d03b5dcbe208f16b_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:3bf8384e62a5540ea4bcd8d86170647ea6c5a84f090d56ca38037a41d5494c6c_amd64 as a component of Red Hat OpenShift GitOps 1.9", "product_id": "8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:3bf8384e62a5540ea4bcd8d86170647ea6c5a84f090d56ca38037a41d5494c6c_amd64" }, "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:3bf8384e62a5540ea4bcd8d86170647ea6c5a84f090d56ca38037a41d5494c6c_amd64", "relates_to_product_reference": "8Base-GitOps-1.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:7fcc5fb4733d4d733b47fc24dd92f902ce9f54ee5bbc42ce6e2376b9a8eb7e81_s390x as a component of Red Hat OpenShift GitOps 1.9", "product_id": "8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:7fcc5fb4733d4d733b47fc24dd92f902ce9f54ee5bbc42ce6e2376b9a8eb7e81_s390x" }, "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:7fcc5fb4733d4d733b47fc24dd92f902ce9f54ee5bbc42ce6e2376b9a8eb7e81_s390x", "relates_to_product_reference": "8Base-GitOps-1.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:86877c978adc1f22d87199fd23ea6f5fa05412badad3b3d3cbc74ba63a9a8721_arm64 as a component of Red Hat OpenShift GitOps 1.9", "product_id": "8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:86877c978adc1f22d87199fd23ea6f5fa05412badad3b3d3cbc74ba63a9a8721_arm64" }, "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:86877c978adc1f22d87199fd23ea6f5fa05412badad3b3d3cbc74ba63a9a8721_arm64", "relates_to_product_reference": "8Base-GitOps-1.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:67b6c9b9ae88c126653b774276ae66ced91ff84cb7809c3b2af57b00f5ae32e4_s390x as a component of Red Hat OpenShift GitOps 1.9", "product_id": "8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:67b6c9b9ae88c126653b774276ae66ced91ff84cb7809c3b2af57b00f5ae32e4_s390x" }, "product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:67b6c9b9ae88c126653b774276ae66ced91ff84cb7809c3b2af57b00f5ae32e4_s390x", "relates_to_product_reference": "8Base-GitOps-1.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:7c63f56044f12403ac6aab8e7813409415e62858258bd2164982a391afd45deb_ppc64le as a component of Red Hat OpenShift GitOps 1.9", "product_id": "8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:7c63f56044f12403ac6aab8e7813409415e62858258bd2164982a391afd45deb_ppc64le" }, "product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:7c63f56044f12403ac6aab8e7813409415e62858258bd2164982a391afd45deb_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:e6375ddb6b79f665f7c76a785d1e66dbc77d6cf72799d8f64cc71a1881c699b2_arm64 as a component of Red Hat OpenShift GitOps 1.9", "product_id": "8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:e6375ddb6b79f665f7c76a785d1e66dbc77d6cf72799d8f64cc71a1881c699b2_arm64" }, "product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:e6375ddb6b79f665f7c76a785d1e66dbc77d6cf72799d8f64cc71a1881c699b2_arm64", "relates_to_product_reference": "8Base-GitOps-1.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:f55e668c4fd9beb02af82d79e107aa39d4e849a3ecdf20eedaa8bb81bea8062b_amd64 as a component of Red Hat OpenShift GitOps 1.9", "product_id": "8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:f55e668c4fd9beb02af82d79e107aa39d4e849a3ecdf20eedaa8bb81bea8062b_amd64" }, "product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:f55e668c4fd9beb02af82d79e107aa39d4e849a3ecdf20eedaa8bb81bea8062b_amd64", "relates_to_product_reference": "8Base-GitOps-1.9" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-40029", "discovery_date": "2023-08-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:5c2dda1779ea4cb1d038dfc66d8479dfe950ac431fb4b34491b49aaa9e932727_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:7048e08a52ebcbf6ee3e2c70c6b12b92a044899e976a98ccf398931c01a48333_amd64", "8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:747f8e0c69886810a16418f88d4b6796f50566ac02680b4f3d9136c03b38b41f_s390x", "8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:d29dcb4565dfa3750254ac943059452c7f9e8f6c6ff7ca1ea19ac8e51bd10b1b_arm64", "8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:599bb3b2d0cce5913aae5415805a721f2ab4f3597b7cda64e1c7ace211f72dac_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:6c0e00705e55f098a6927b93af39bc9e645eb989b58957eab6b0c6560c3f9952_arm64", "8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:7a0128152d1f40c8a9b908ca40518cbee671755b0749eb602bfaec51223ac4d3_amd64", "8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:9ca8dacee46cb72f5ae2936ee737875c35f3feb4e405a4fac4513038867496ae_s390x", "8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:5c9950c9bf0fa1ca260d57eac882ad6123d45b305aafe5bc6d8bef15f2ef2eb9_s390x", "8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:c413aa3194057340397bf9800d8460f5907f744e992cd2c77a5749e1afd76b79_amd64", "8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:c86a4edc82ab73512e10304f8d4bf9339992e8ce253afdb8fffe476cb192ca3a_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:ea441e824727aaaf3603d111bb8041a6062832ba99f341eba6af46f206e14f21_arm64", "8Base-GitOps-1.9:openshift-gitops-1/gitops-operator-bundle@sha256:2201eec03ba3e0b01a5e2352d9a158c8d4e10063b699c1239c7a9eedc717dfa8_amd64", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:5c4fbf250c9af004dbc57b71a208635798f7c95e0a099d7560c0efd95d007c0e_s390x", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:8704816375bd42dc5d9dc442694e511cb7307fce42090c5a335a320951f65f92_arm64", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:e1ac5234661969b0d0ec93b1d029a9b9d3e7f6f9d89ecf0334db98f1a2b251f2_amd64", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:ef894220b2c60a8077e434cd2561dbab365814139c71317c0be6585a30856da8_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:71106ba3b6d72314a7a0d49a2c74dd4fdb30f126f995f6d1254d28a868a16149_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:97b6649067c47e120f8b38bec0c34904d941d408d12fda8350a09650fbb229a2_amd64", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:b57adda5e21a2a4a7bd301d27a301c5f8faf9bbfefcaf33a4b25be7508f243f8_s390x", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:fcd40768542ab495c16147d412a36759ee55a9bec58a90224f27e89ca3772178_arm64", "8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:0b24e4ddc8a54dcfcf72312cc63b372307eece7bf06031f2d03b5dcbe208f16b_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:3bf8384e62a5540ea4bcd8d86170647ea6c5a84f090d56ca38037a41d5494c6c_amd64", "8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:7fcc5fb4733d4d733b47fc24dd92f902ce9f54ee5bbc42ce6e2376b9a8eb7e81_s390x", "8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:86877c978adc1f22d87199fd23ea6f5fa05412badad3b3d3cbc74ba63a9a8721_arm64", "8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:67b6c9b9ae88c126653b774276ae66ced91ff84cb7809c3b2af57b00f5ae32e4_s390x", "8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:7c63f56044f12403ac6aab8e7813409415e62858258bd2164982a391afd45deb_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:e6375ddb6b79f665f7c76a785d1e66dbc77d6cf72799d8f64cc71a1881c699b2_arm64", "8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:f55e668c4fd9beb02af82d79e107aa39d4e849a3ecdf20eedaa8bb81bea8062b_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2233203" } ], "notes": [ { "category": "description", "text": "A flaw was found in the ArgoCD package, used by Red Hat GitOps, that allows cluster secrets to be managed declaratively using the `kubectl apply` functionality, resulting in the full secret body being stored in `kubectl.kubernetes.io/last-applied-configuration` annotation. Since ArgoCD has included the ability to manage cluster labels and annotations via its API, an attacker can retrieve sensitive authentication information by leveraging this capability, imposing a high impact on data confidentiality and integrity for the targeted ArgoCD cluster. To perform a successful attack, the malicious actor should have `clusters, get` RBAC access granted to its user.", "title": "Vulnerability description" }, { "category": "summary", "text": "ArgoCD: secrets can be leak through kubectl.kubernetes.io/last-applied-configuration", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:03d223c3928b2284d2ab6870652a8a34bb56e05f52388f0f90174da05f670535_arm64", "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:2730303d0766822aebbec417ffbfb71abf072026a42a2c358c28227c7c7fa3ba_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:29921e02d3d3620ac789825260158e85b501faebfec67276308e4440f2c40ccc_s390x", "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:f0054516df984bda47e005a2aaa5e7256c3039429aa5aa37c1a4b0f6f7942519_amd64" ], "known_not_affected": [ "8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:5c2dda1779ea4cb1d038dfc66d8479dfe950ac431fb4b34491b49aaa9e932727_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:7048e08a52ebcbf6ee3e2c70c6b12b92a044899e976a98ccf398931c01a48333_amd64", "8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:747f8e0c69886810a16418f88d4b6796f50566ac02680b4f3d9136c03b38b41f_s390x", "8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:d29dcb4565dfa3750254ac943059452c7f9e8f6c6ff7ca1ea19ac8e51bd10b1b_arm64", "8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:599bb3b2d0cce5913aae5415805a721f2ab4f3597b7cda64e1c7ace211f72dac_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:6c0e00705e55f098a6927b93af39bc9e645eb989b58957eab6b0c6560c3f9952_arm64", "8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:7a0128152d1f40c8a9b908ca40518cbee671755b0749eb602bfaec51223ac4d3_amd64", "8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:9ca8dacee46cb72f5ae2936ee737875c35f3feb4e405a4fac4513038867496ae_s390x", "8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:5c9950c9bf0fa1ca260d57eac882ad6123d45b305aafe5bc6d8bef15f2ef2eb9_s390x", "8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:c413aa3194057340397bf9800d8460f5907f744e992cd2c77a5749e1afd76b79_amd64", "8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:c86a4edc82ab73512e10304f8d4bf9339992e8ce253afdb8fffe476cb192ca3a_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:ea441e824727aaaf3603d111bb8041a6062832ba99f341eba6af46f206e14f21_arm64", "8Base-GitOps-1.9:openshift-gitops-1/gitops-operator-bundle@sha256:2201eec03ba3e0b01a5e2352d9a158c8d4e10063b699c1239c7a9eedc717dfa8_amd64", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:5c4fbf250c9af004dbc57b71a208635798f7c95e0a099d7560c0efd95d007c0e_s390x", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:8704816375bd42dc5d9dc442694e511cb7307fce42090c5a335a320951f65f92_arm64", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:e1ac5234661969b0d0ec93b1d029a9b9d3e7f6f9d89ecf0334db98f1a2b251f2_amd64", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:ef894220b2c60a8077e434cd2561dbab365814139c71317c0be6585a30856da8_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:71106ba3b6d72314a7a0d49a2c74dd4fdb30f126f995f6d1254d28a868a16149_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:97b6649067c47e120f8b38bec0c34904d941d408d12fda8350a09650fbb229a2_amd64", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:b57adda5e21a2a4a7bd301d27a301c5f8faf9bbfefcaf33a4b25be7508f243f8_s390x", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:fcd40768542ab495c16147d412a36759ee55a9bec58a90224f27e89ca3772178_arm64", "8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:0b24e4ddc8a54dcfcf72312cc63b372307eece7bf06031f2d03b5dcbe208f16b_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:3bf8384e62a5540ea4bcd8d86170647ea6c5a84f090d56ca38037a41d5494c6c_amd64", "8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:7fcc5fb4733d4d733b47fc24dd92f902ce9f54ee5bbc42ce6e2376b9a8eb7e81_s390x", "8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:86877c978adc1f22d87199fd23ea6f5fa05412badad3b3d3cbc74ba63a9a8721_arm64", "8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:67b6c9b9ae88c126653b774276ae66ced91ff84cb7809c3b2af57b00f5ae32e4_s390x", "8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:7c63f56044f12403ac6aab8e7813409415e62858258bd2164982a391afd45deb_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:e6375ddb6b79f665f7c76a785d1e66dbc77d6cf72799d8f64cc71a1881c699b2_arm64", "8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:f55e668c4fd9beb02af82d79e107aa39d4e849a3ecdf20eedaa8bb81bea8062b_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-40029" }, { "category": "external", "summary": "RHBZ#2233203", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233203" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-40029", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40029" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40029", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40029" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-fwr2-64vr-xv9m", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-fwr2-64vr-xv9m" } ], "release_date": "2023-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-09-08T13:00:32+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:03d223c3928b2284d2ab6870652a8a34bb56e05f52388f0f90174da05f670535_arm64", "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:2730303d0766822aebbec417ffbfb71abf072026a42a2c358c28227c7c7fa3ba_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:29921e02d3d3620ac789825260158e85b501faebfec67276308e4440f2c40ccc_s390x", "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:f0054516df984bda47e005a2aaa5e7256c3039429aa5aa37c1a4b0f6f7942519_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5029" }, { "category": "workaround", "details": "Update/deploy the cluster secret with the`server-side-apply` flag, which does not use or rely on the `kubectl.kubernetes.io/last-applied-configuration` \u003chttp://kubectl.kubernetes.io/last-applied-configuration\u003e annotation.\n\nNote: Annotation for existing secrets will require manual removal.", "product_ids": [ "8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:5c2dda1779ea4cb1d038dfc66d8479dfe950ac431fb4b34491b49aaa9e932727_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:7048e08a52ebcbf6ee3e2c70c6b12b92a044899e976a98ccf398931c01a48333_amd64", "8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:747f8e0c69886810a16418f88d4b6796f50566ac02680b4f3d9136c03b38b41f_s390x", "8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:d29dcb4565dfa3750254ac943059452c7f9e8f6c6ff7ca1ea19ac8e51bd10b1b_arm64", "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:03d223c3928b2284d2ab6870652a8a34bb56e05f52388f0f90174da05f670535_arm64", "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:2730303d0766822aebbec417ffbfb71abf072026a42a2c358c28227c7c7fa3ba_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:29921e02d3d3620ac789825260158e85b501faebfec67276308e4440f2c40ccc_s390x", "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:f0054516df984bda47e005a2aaa5e7256c3039429aa5aa37c1a4b0f6f7942519_amd64", "8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:599bb3b2d0cce5913aae5415805a721f2ab4f3597b7cda64e1c7ace211f72dac_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:6c0e00705e55f098a6927b93af39bc9e645eb989b58957eab6b0c6560c3f9952_arm64", "8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:7a0128152d1f40c8a9b908ca40518cbee671755b0749eb602bfaec51223ac4d3_amd64", "8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:9ca8dacee46cb72f5ae2936ee737875c35f3feb4e405a4fac4513038867496ae_s390x", "8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:5c9950c9bf0fa1ca260d57eac882ad6123d45b305aafe5bc6d8bef15f2ef2eb9_s390x", "8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:c413aa3194057340397bf9800d8460f5907f744e992cd2c77a5749e1afd76b79_amd64", "8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:c86a4edc82ab73512e10304f8d4bf9339992e8ce253afdb8fffe476cb192ca3a_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:ea441e824727aaaf3603d111bb8041a6062832ba99f341eba6af46f206e14f21_arm64", "8Base-GitOps-1.9:openshift-gitops-1/gitops-operator-bundle@sha256:2201eec03ba3e0b01a5e2352d9a158c8d4e10063b699c1239c7a9eedc717dfa8_amd64", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:5c4fbf250c9af004dbc57b71a208635798f7c95e0a099d7560c0efd95d007c0e_s390x", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:8704816375bd42dc5d9dc442694e511cb7307fce42090c5a335a320951f65f92_arm64", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:e1ac5234661969b0d0ec93b1d029a9b9d3e7f6f9d89ecf0334db98f1a2b251f2_amd64", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:ef894220b2c60a8077e434cd2561dbab365814139c71317c0be6585a30856da8_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:71106ba3b6d72314a7a0d49a2c74dd4fdb30f126f995f6d1254d28a868a16149_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:97b6649067c47e120f8b38bec0c34904d941d408d12fda8350a09650fbb229a2_amd64", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:b57adda5e21a2a4a7bd301d27a301c5f8faf9bbfefcaf33a4b25be7508f243f8_s390x", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:fcd40768542ab495c16147d412a36759ee55a9bec58a90224f27e89ca3772178_arm64", "8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:0b24e4ddc8a54dcfcf72312cc63b372307eece7bf06031f2d03b5dcbe208f16b_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:3bf8384e62a5540ea4bcd8d86170647ea6c5a84f090d56ca38037a41d5494c6c_amd64", "8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:7fcc5fb4733d4d733b47fc24dd92f902ce9f54ee5bbc42ce6e2376b9a8eb7e81_s390x", "8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:86877c978adc1f22d87199fd23ea6f5fa05412badad3b3d3cbc74ba63a9a8721_arm64", "8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:67b6c9b9ae88c126653b774276ae66ced91ff84cb7809c3b2af57b00f5ae32e4_s390x", "8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:7c63f56044f12403ac6aab8e7813409415e62858258bd2164982a391afd45deb_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:e6375ddb6b79f665f7c76a785d1e66dbc77d6cf72799d8f64cc71a1881c699b2_arm64", "8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:f55e668c4fd9beb02af82d79e107aa39d4e849a3ecdf20eedaa8bb81bea8062b_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L", "version": "3.1" }, "products": [ "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:03d223c3928b2284d2ab6870652a8a34bb56e05f52388f0f90174da05f670535_arm64", "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:2730303d0766822aebbec417ffbfb71abf072026a42a2c358c28227c7c7fa3ba_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:29921e02d3d3620ac789825260158e85b501faebfec67276308e4440f2c40ccc_s390x", "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:f0054516df984bda47e005a2aaa5e7256c3039429aa5aa37c1a4b0f6f7942519_amd64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "ArgoCD: secrets can be leak through kubectl.kubernetes.io/last-applied-configuration" }, { "cve": "CVE-2023-40584", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-08-30T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:5c2dda1779ea4cb1d038dfc66d8479dfe950ac431fb4b34491b49aaa9e932727_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:7048e08a52ebcbf6ee3e2c70c6b12b92a044899e976a98ccf398931c01a48333_amd64", "8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:747f8e0c69886810a16418f88d4b6796f50566ac02680b4f3d9136c03b38b41f_s390x", "8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:d29dcb4565dfa3750254ac943059452c7f9e8f6c6ff7ca1ea19ac8e51bd10b1b_arm64", "8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:599bb3b2d0cce5913aae5415805a721f2ab4f3597b7cda64e1c7ace211f72dac_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:6c0e00705e55f098a6927b93af39bc9e645eb989b58957eab6b0c6560c3f9952_arm64", "8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:7a0128152d1f40c8a9b908ca40518cbee671755b0749eb602bfaec51223ac4d3_amd64", "8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:9ca8dacee46cb72f5ae2936ee737875c35f3feb4e405a4fac4513038867496ae_s390x", "8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:5c9950c9bf0fa1ca260d57eac882ad6123d45b305aafe5bc6d8bef15f2ef2eb9_s390x", "8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:c413aa3194057340397bf9800d8460f5907f744e992cd2c77a5749e1afd76b79_amd64", "8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:c86a4edc82ab73512e10304f8d4bf9339992e8ce253afdb8fffe476cb192ca3a_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:ea441e824727aaaf3603d111bb8041a6062832ba99f341eba6af46f206e14f21_arm64", "8Base-GitOps-1.9:openshift-gitops-1/gitops-operator-bundle@sha256:2201eec03ba3e0b01a5e2352d9a158c8d4e10063b699c1239c7a9eedc717dfa8_amd64", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:5c4fbf250c9af004dbc57b71a208635798f7c95e0a099d7560c0efd95d007c0e_s390x", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:8704816375bd42dc5d9dc442694e511cb7307fce42090c5a335a320951f65f92_arm64", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:e1ac5234661969b0d0ec93b1d029a9b9d3e7f6f9d89ecf0334db98f1a2b251f2_amd64", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:ef894220b2c60a8077e434cd2561dbab365814139c71317c0be6585a30856da8_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:71106ba3b6d72314a7a0d49a2c74dd4fdb30f126f995f6d1254d28a868a16149_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:97b6649067c47e120f8b38bec0c34904d941d408d12fda8350a09650fbb229a2_amd64", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:b57adda5e21a2a4a7bd301d27a301c5f8faf9bbfefcaf33a4b25be7508f243f8_s390x", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:fcd40768542ab495c16147d412a36759ee55a9bec58a90224f27e89ca3772178_arm64", "8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:0b24e4ddc8a54dcfcf72312cc63b372307eece7bf06031f2d03b5dcbe208f16b_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:3bf8384e62a5540ea4bcd8d86170647ea6c5a84f090d56ca38037a41d5494c6c_amd64", "8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:7fcc5fb4733d4d733b47fc24dd92f902ce9f54ee5bbc42ce6e2376b9a8eb7e81_s390x", "8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:86877c978adc1f22d87199fd23ea6f5fa05412badad3b3d3cbc74ba63a9a8721_arm64", "8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:67b6c9b9ae88c126653b774276ae66ced91ff84cb7809c3b2af57b00f5ae32e4_s390x", "8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:7c63f56044f12403ac6aab8e7813409415e62858258bd2164982a391afd45deb_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:e6375ddb6b79f665f7c76a785d1e66dbc77d6cf72799d8f64cc71a1881c699b2_arm64", "8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:f55e668c4fd9beb02af82d79e107aa39d4e849a3ecdf20eedaa8bb81bea8062b_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2236530" } ], "notes": [ { "category": "description", "text": "A flaw was found in ArgoCD, where it failed to properly validate the user-controlled tar.gz file uploaded to the repo-server component. As a result, a maliciously crafted tar.gz file sent by a low-privileged user may result in resource starvation and further denial of service of the ArgoCD server. Additionally, the lack of permissions checking for the inner files in the tar.gz file may lead to an attacker creating files that cannot be further deleted from the server.", "title": "Vulnerability description" }, { "category": "summary", "text": "ArgoCD: Denial of Service to Argo CD repo-server", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:03d223c3928b2284d2ab6870652a8a34bb56e05f52388f0f90174da05f670535_arm64", "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:2730303d0766822aebbec417ffbfb71abf072026a42a2c358c28227c7c7fa3ba_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:29921e02d3d3620ac789825260158e85b501faebfec67276308e4440f2c40ccc_s390x", "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:f0054516df984bda47e005a2aaa5e7256c3039429aa5aa37c1a4b0f6f7942519_amd64" ], "known_not_affected": [ "8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:5c2dda1779ea4cb1d038dfc66d8479dfe950ac431fb4b34491b49aaa9e932727_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:7048e08a52ebcbf6ee3e2c70c6b12b92a044899e976a98ccf398931c01a48333_amd64", "8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:747f8e0c69886810a16418f88d4b6796f50566ac02680b4f3d9136c03b38b41f_s390x", "8Base-GitOps-1.9:openshift-gitops-1/argo-rollouts-rhel8@sha256:d29dcb4565dfa3750254ac943059452c7f9e8f6c6ff7ca1ea19ac8e51bd10b1b_arm64", "8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:599bb3b2d0cce5913aae5415805a721f2ab4f3597b7cda64e1c7ace211f72dac_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:6c0e00705e55f098a6927b93af39bc9e645eb989b58957eab6b0c6560c3f9952_arm64", "8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:7a0128152d1f40c8a9b908ca40518cbee671755b0749eb602bfaec51223ac4d3_amd64", "8Base-GitOps-1.9:openshift-gitops-1/console-plugin-rhel8@sha256:9ca8dacee46cb72f5ae2936ee737875c35f3feb4e405a4fac4513038867496ae_s390x", "8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:5c9950c9bf0fa1ca260d57eac882ad6123d45b305aafe5bc6d8bef15f2ef2eb9_s390x", "8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:c413aa3194057340397bf9800d8460f5907f744e992cd2c77a5749e1afd76b79_amd64", "8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:c86a4edc82ab73512e10304f8d4bf9339992e8ce253afdb8fffe476cb192ca3a_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/dex-rhel8@sha256:ea441e824727aaaf3603d111bb8041a6062832ba99f341eba6af46f206e14f21_arm64", "8Base-GitOps-1.9:openshift-gitops-1/gitops-operator-bundle@sha256:2201eec03ba3e0b01a5e2352d9a158c8d4e10063b699c1239c7a9eedc717dfa8_amd64", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:5c4fbf250c9af004dbc57b71a208635798f7c95e0a099d7560c0efd95d007c0e_s390x", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:8704816375bd42dc5d9dc442694e511cb7307fce42090c5a335a320951f65f92_arm64", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:e1ac5234661969b0d0ec93b1d029a9b9d3e7f6f9d89ecf0334db98f1a2b251f2_amd64", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8-operator@sha256:ef894220b2c60a8077e434cd2561dbab365814139c71317c0be6585a30856da8_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:71106ba3b6d72314a7a0d49a2c74dd4fdb30f126f995f6d1254d28a868a16149_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:97b6649067c47e120f8b38bec0c34904d941d408d12fda8350a09650fbb229a2_amd64", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:b57adda5e21a2a4a7bd301d27a301c5f8faf9bbfefcaf33a4b25be7508f243f8_s390x", "8Base-GitOps-1.9:openshift-gitops-1/gitops-rhel8@sha256:fcd40768542ab495c16147d412a36759ee55a9bec58a90224f27e89ca3772178_arm64", "8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:0b24e4ddc8a54dcfcf72312cc63b372307eece7bf06031f2d03b5dcbe208f16b_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:3bf8384e62a5540ea4bcd8d86170647ea6c5a84f090d56ca38037a41d5494c6c_amd64", "8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:7fcc5fb4733d4d733b47fc24dd92f902ce9f54ee5bbc42ce6e2376b9a8eb7e81_s390x", "8Base-GitOps-1.9:openshift-gitops-1/kam-delivery-rhel8@sha256:86877c978adc1f22d87199fd23ea6f5fa05412badad3b3d3cbc74ba63a9a8721_arm64", "8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:67b6c9b9ae88c126653b774276ae66ced91ff84cb7809c3b2af57b00f5ae32e4_s390x", "8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:7c63f56044f12403ac6aab8e7813409415e62858258bd2164982a391afd45deb_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:e6375ddb6b79f665f7c76a785d1e66dbc77d6cf72799d8f64cc71a1881c699b2_arm64", "8Base-GitOps-1.9:openshift-gitops-1/must-gather-rhel8@sha256:f55e668c4fd9beb02af82d79e107aa39d4e849a3ecdf20eedaa8bb81bea8062b_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-40584" }, { "category": "external", "summary": "RHBZ#2236530", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236530" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-40584", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40584" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40584", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40584" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-g687-f2gx-6wm8", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-g687-f2gx-6wm8" } ], "release_date": "2023-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-09-08T13:00:32+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:03d223c3928b2284d2ab6870652a8a34bb56e05f52388f0f90174da05f670535_arm64", "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:2730303d0766822aebbec417ffbfb71abf072026a42a2c358c28227c7c7fa3ba_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:29921e02d3d3620ac789825260158e85b501faebfec67276308e4440f2c40ccc_s390x", "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:f0054516df984bda47e005a2aaa5e7256c3039429aa5aa37c1a4b0f6f7942519_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5029" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:03d223c3928b2284d2ab6870652a8a34bb56e05f52388f0f90174da05f670535_arm64", "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:2730303d0766822aebbec417ffbfb71abf072026a42a2c358c28227c7c7fa3ba_ppc64le", "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:29921e02d3d3620ac789825260158e85b501faebfec67276308e4440f2c40ccc_s390x", "8Base-GitOps-1.9:openshift-gitops-1/argocd-rhel8@sha256:f0054516df984bda47e005a2aaa5e7256c3039429aa5aa37c1a4b0f6f7942519_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ArgoCD: Denial of Service to Argo CD repo-server" } ] }
rhsa-2023_5030
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat OpenShift GitOps 1.8.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Security Fix(es):\n\n* ArgoCD: Secrets can be leaked through kubectl.kubernetes.io/last-applied-configuration (CVE-2023-40029)\n\n* ArgoCD: Denial of Service to Argo CD repo-server (CVE-2023-40584)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:5030", "url": "https://access.redhat.com/errata/RHSA-2023:5030" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "2233203", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233203" }, { "category": "external", "summary": "2236530", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236530" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5030.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift GitOps security update", "tracking": { "current_release_date": "2024-11-06T03:38:43+00:00", "generator": { "date": "2024-11-06T03:38:43+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2023:5030", "initial_release_date": "2023-09-08T13:09:59+00:00", "revision_history": [ { "date": "2023-09-08T13:09:59+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-09-08T13:09:59+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T03:38:43+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift GitOps 1.8", "product": { "name": "Red Hat OpenShift GitOps 1.8", "product_id": "8Base-GitOps-1.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_gitops:1.8::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift GitOps" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-1/argocd-rhel8@sha256:ff138ee0ffbb68106573f14aadba1a55051653fc90a212145138e1d20ae7b475_amd64", "product": { "name": "openshift-gitops-1/argocd-rhel8@sha256:ff138ee0ffbb68106573f14aadba1a55051653fc90a212145138e1d20ae7b475_amd64", "product_id": "openshift-gitops-1/argocd-rhel8@sha256:ff138ee0ffbb68106573f14aadba1a55051653fc90a212145138e1d20ae7b475_amd64", "product_identification_helper": { "purl": "pkg:oci/argocd-rhel8@sha256:ff138ee0ffbb68106573f14aadba1a55051653fc90a212145138e1d20ae7b475?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.8.5-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/console-plugin-rhel8@sha256:ea3b7681c3c48e27c0339c415847d40ddee15e52377a67d95d43accc3ae163e0_amd64", "product": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:ea3b7681c3c48e27c0339c415847d40ddee15e52377a67d95d43accc3ae163e0_amd64", "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:ea3b7681c3c48e27c0339c415847d40ddee15e52377a67d95d43accc3ae163e0_amd64", "product_identification_helper": { "purl": "pkg:oci/console-plugin-rhel8@sha256:ea3b7681c3c48e27c0339c415847d40ddee15e52377a67d95d43accc3ae163e0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.8.5-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8@sha256:907b7fd50d0c09bb3ca154a3ea9f5af42c3726716d151a88b6f641895f07ffd3_amd64", "product": { "name": "openshift-gitops-1/gitops-rhel8@sha256:907b7fd50d0c09bb3ca154a3ea9f5af42c3726716d151a88b6f641895f07ffd3_amd64", "product_id": "openshift-gitops-1/gitops-rhel8@sha256:907b7fd50d0c09bb3ca154a3ea9f5af42c3726716d151a88b6f641895f07ffd3_amd64", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8@sha256:907b7fd50d0c09bb3ca154a3ea9f5af42c3726716d151a88b6f641895f07ffd3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.8.5-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/dex-rhel8@sha256:30dbb6630719c9afe0662335cc94e9d7efaf25c055b63b803146c55904fd047b_amd64", "product": { "name": "openshift-gitops-1/dex-rhel8@sha256:30dbb6630719c9afe0662335cc94e9d7efaf25c055b63b803146c55904fd047b_amd64", "product_id": "openshift-gitops-1/dex-rhel8@sha256:30dbb6630719c9afe0662335cc94e9d7efaf25c055b63b803146c55904fd047b_amd64", "product_identification_helper": { "purl": "pkg:oci/dex-rhel8@sha256:30dbb6630719c9afe0662335cc94e9d7efaf25c055b63b803146c55904fd047b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.8.5-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:f14fcdaea3727a86b7c3ee91acab72d0fd4540482b2bc42f4c350f544ee9d871_amd64", "product": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:f14fcdaea3727a86b7c3ee91acab72d0fd4540482b2bc42f4c350f544ee9d871_amd64", "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:f14fcdaea3727a86b7c3ee91acab72d0fd4540482b2bc42f4c350f544ee9d871_amd64", "product_identification_helper": { "purl": "pkg:oci/kam-delivery-rhel8@sha256:f14fcdaea3727a86b7c3ee91acab72d0fd4540482b2bc42f4c350f544ee9d871?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.8.5-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-operator-bundle@sha256:70db58fd5b998a759f31a92fc84caf71f4a59e70563b1539970feabd23f65d5d_amd64", "product": { "name": "openshift-gitops-1/gitops-operator-bundle@sha256:70db58fd5b998a759f31a92fc84caf71f4a59e70563b1539970feabd23f65d5d_amd64", "product_id": "openshift-gitops-1/gitops-operator-bundle@sha256:70db58fd5b998a759f31a92fc84caf71f4a59e70563b1539970feabd23f65d5d_amd64", "product_identification_helper": { "purl": "pkg:oci/gitops-operator-bundle@sha256:70db58fd5b998a759f31a92fc84caf71f4a59e70563b1539970feabd23f65d5d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-operator-bundle\u0026tag=v1.8.5-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:e1adc977c267cdeb7f68cab8c21d5b119e6ac031157b52c873f65c4a70e9e01e_amd64", "product": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:e1adc977c267cdeb7f68cab8c21d5b119e6ac031157b52c873f65c4a70e9e01e_amd64", "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:e1adc977c267cdeb7f68cab8c21d5b119e6ac031157b52c873f65c4a70e9e01e_amd64", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8-operator@sha256:e1adc977c267cdeb7f68cab8c21d5b119e6ac031157b52c873f65c4a70e9e01e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.8.5-1" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-1/argocd-rhel8@sha256:f53c95450e275391d992b092748441e99f2162a48861e03d11fcc5b31f21a08b_s390x", "product": { "name": "openshift-gitops-1/argocd-rhel8@sha256:f53c95450e275391d992b092748441e99f2162a48861e03d11fcc5b31f21a08b_s390x", "product_id": "openshift-gitops-1/argocd-rhel8@sha256:f53c95450e275391d992b092748441e99f2162a48861e03d11fcc5b31f21a08b_s390x", "product_identification_helper": { "purl": "pkg:oci/argocd-rhel8@sha256:f53c95450e275391d992b092748441e99f2162a48861e03d11fcc5b31f21a08b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.8.5-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/console-plugin-rhel8@sha256:67c40e4fe95e2a1329b075102ef5b9a28b1f6c99d68e31f63d8bacd90e0b6224_s390x", "product": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:67c40e4fe95e2a1329b075102ef5b9a28b1f6c99d68e31f63d8bacd90e0b6224_s390x", "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:67c40e4fe95e2a1329b075102ef5b9a28b1f6c99d68e31f63d8bacd90e0b6224_s390x", "product_identification_helper": { "purl": "pkg:oci/console-plugin-rhel8@sha256:67c40e4fe95e2a1329b075102ef5b9a28b1f6c99d68e31f63d8bacd90e0b6224?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.8.5-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8@sha256:5380b02cad0c40565dcbd90688b07b20c2e13304922d478e15ae359da1ded46d_s390x", "product": { "name": "openshift-gitops-1/gitops-rhel8@sha256:5380b02cad0c40565dcbd90688b07b20c2e13304922d478e15ae359da1ded46d_s390x", "product_id": "openshift-gitops-1/gitops-rhel8@sha256:5380b02cad0c40565dcbd90688b07b20c2e13304922d478e15ae359da1ded46d_s390x", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8@sha256:5380b02cad0c40565dcbd90688b07b20c2e13304922d478e15ae359da1ded46d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.8.5-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/dex-rhel8@sha256:f992523610a69e94b1db531dc10bcc003aa8e4b84913a0e8d7a520eada0de07c_s390x", "product": { "name": "openshift-gitops-1/dex-rhel8@sha256:f992523610a69e94b1db531dc10bcc003aa8e4b84913a0e8d7a520eada0de07c_s390x", "product_id": "openshift-gitops-1/dex-rhel8@sha256:f992523610a69e94b1db531dc10bcc003aa8e4b84913a0e8d7a520eada0de07c_s390x", "product_identification_helper": { "purl": "pkg:oci/dex-rhel8@sha256:f992523610a69e94b1db531dc10bcc003aa8e4b84913a0e8d7a520eada0de07c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.8.5-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:320fce29ab84b25b4cedbb10ccd481dcfdec9d182d0dd44096f3cbdda3ee5f6a_s390x", "product": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:320fce29ab84b25b4cedbb10ccd481dcfdec9d182d0dd44096f3cbdda3ee5f6a_s390x", "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:320fce29ab84b25b4cedbb10ccd481dcfdec9d182d0dd44096f3cbdda3ee5f6a_s390x", "product_identification_helper": { "purl": "pkg:oci/kam-delivery-rhel8@sha256:320fce29ab84b25b4cedbb10ccd481dcfdec9d182d0dd44096f3cbdda3ee5f6a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.8.5-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:c6ecd15ad1e8a8bc99e484c3be6d0a91951b42180c83d0f447428795234f35a4_s390x", "product": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:c6ecd15ad1e8a8bc99e484c3be6d0a91951b42180c83d0f447428795234f35a4_s390x", "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:c6ecd15ad1e8a8bc99e484c3be6d0a91951b42180c83d0f447428795234f35a4_s390x", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8-operator@sha256:c6ecd15ad1e8a8bc99e484c3be6d0a91951b42180c83d0f447428795234f35a4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.8.5-1" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-1/argocd-rhel8@sha256:49f4c4c33b27dd44cb380b61ba269d21e93aa306e7a4dd3174f8e7028ae8fb16_arm64", "product": { "name": "openshift-gitops-1/argocd-rhel8@sha256:49f4c4c33b27dd44cb380b61ba269d21e93aa306e7a4dd3174f8e7028ae8fb16_arm64", "product_id": "openshift-gitops-1/argocd-rhel8@sha256:49f4c4c33b27dd44cb380b61ba269d21e93aa306e7a4dd3174f8e7028ae8fb16_arm64", "product_identification_helper": { "purl": "pkg:oci/argocd-rhel8@sha256:49f4c4c33b27dd44cb380b61ba269d21e93aa306e7a4dd3174f8e7028ae8fb16?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.8.5-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/console-plugin-rhel8@sha256:c99e14d74329e326a4c078fac6a0299e0eb873c55da156f87c8f038975882392_arm64", "product": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:c99e14d74329e326a4c078fac6a0299e0eb873c55da156f87c8f038975882392_arm64", "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:c99e14d74329e326a4c078fac6a0299e0eb873c55da156f87c8f038975882392_arm64", "product_identification_helper": { "purl": "pkg:oci/console-plugin-rhel8@sha256:c99e14d74329e326a4c078fac6a0299e0eb873c55da156f87c8f038975882392?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.8.5-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8@sha256:08e888b49efe41284285d7824a3115ef9f1b3ebe540b956ede7b5b0df438e369_arm64", "product": { "name": "openshift-gitops-1/gitops-rhel8@sha256:08e888b49efe41284285d7824a3115ef9f1b3ebe540b956ede7b5b0df438e369_arm64", "product_id": "openshift-gitops-1/gitops-rhel8@sha256:08e888b49efe41284285d7824a3115ef9f1b3ebe540b956ede7b5b0df438e369_arm64", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8@sha256:08e888b49efe41284285d7824a3115ef9f1b3ebe540b956ede7b5b0df438e369?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.8.5-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/dex-rhel8@sha256:eaa02afd0eba3fce426b5f8a20ae660a38b091e5df1c17f09a23513a923a3734_arm64", "product": { "name": "openshift-gitops-1/dex-rhel8@sha256:eaa02afd0eba3fce426b5f8a20ae660a38b091e5df1c17f09a23513a923a3734_arm64", "product_id": "openshift-gitops-1/dex-rhel8@sha256:eaa02afd0eba3fce426b5f8a20ae660a38b091e5df1c17f09a23513a923a3734_arm64", "product_identification_helper": { "purl": "pkg:oci/dex-rhel8@sha256:eaa02afd0eba3fce426b5f8a20ae660a38b091e5df1c17f09a23513a923a3734?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.8.5-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:333457e34ea2a27a9eaa56477f7b775ec1e1cdbc89d2fe8f2d0d74a690ee3ef8_arm64", "product": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:333457e34ea2a27a9eaa56477f7b775ec1e1cdbc89d2fe8f2d0d74a690ee3ef8_arm64", "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:333457e34ea2a27a9eaa56477f7b775ec1e1cdbc89d2fe8f2d0d74a690ee3ef8_arm64", "product_identification_helper": { "purl": "pkg:oci/kam-delivery-rhel8@sha256:333457e34ea2a27a9eaa56477f7b775ec1e1cdbc89d2fe8f2d0d74a690ee3ef8?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.8.5-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:d6bc56e3bbc646fc90953e9ce85f4465fc6df0ed97da244d0e2913bc0e4517e1_arm64", "product": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:d6bc56e3bbc646fc90953e9ce85f4465fc6df0ed97da244d0e2913bc0e4517e1_arm64", "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:d6bc56e3bbc646fc90953e9ce85f4465fc6df0ed97da244d0e2913bc0e4517e1_arm64", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8-operator@sha256:d6bc56e3bbc646fc90953e9ce85f4465fc6df0ed97da244d0e2913bc0e4517e1?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.8.5-1" } } } ], "category": "architecture", "name": "arm64" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-1/argocd-rhel8@sha256:605466994766917f7f57f6e3b493d5506067214687852dd115ef29252eb82ed8_ppc64le", "product": { "name": "openshift-gitops-1/argocd-rhel8@sha256:605466994766917f7f57f6e3b493d5506067214687852dd115ef29252eb82ed8_ppc64le", "product_id": "openshift-gitops-1/argocd-rhel8@sha256:605466994766917f7f57f6e3b493d5506067214687852dd115ef29252eb82ed8_ppc64le", "product_identification_helper": { "purl": "pkg:oci/argocd-rhel8@sha256:605466994766917f7f57f6e3b493d5506067214687852dd115ef29252eb82ed8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.8.5-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/console-plugin-rhel8@sha256:b1a750ea8c58f936297900f9d21645bb4ce955cce669ec7eccfe0bac1a473aee_ppc64le", "product": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:b1a750ea8c58f936297900f9d21645bb4ce955cce669ec7eccfe0bac1a473aee_ppc64le", "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:b1a750ea8c58f936297900f9d21645bb4ce955cce669ec7eccfe0bac1a473aee_ppc64le", "product_identification_helper": { "purl": "pkg:oci/console-plugin-rhel8@sha256:b1a750ea8c58f936297900f9d21645bb4ce955cce669ec7eccfe0bac1a473aee?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.8.5-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8@sha256:17f0f5d82384c88ed4650b6713a72d7c048effa48e01baf85d7d9e20695fa02c_ppc64le", "product": { "name": "openshift-gitops-1/gitops-rhel8@sha256:17f0f5d82384c88ed4650b6713a72d7c048effa48e01baf85d7d9e20695fa02c_ppc64le", "product_id": "openshift-gitops-1/gitops-rhel8@sha256:17f0f5d82384c88ed4650b6713a72d7c048effa48e01baf85d7d9e20695fa02c_ppc64le", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8@sha256:17f0f5d82384c88ed4650b6713a72d7c048effa48e01baf85d7d9e20695fa02c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.8.5-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/dex-rhel8@sha256:9f1a8964b0e48346118b7bf82b79bd9d1202d416076eb447b365cc68959ed0bb_ppc64le", "product": { "name": "openshift-gitops-1/dex-rhel8@sha256:9f1a8964b0e48346118b7bf82b79bd9d1202d416076eb447b365cc68959ed0bb_ppc64le", "product_id": "openshift-gitops-1/dex-rhel8@sha256:9f1a8964b0e48346118b7bf82b79bd9d1202d416076eb447b365cc68959ed0bb_ppc64le", "product_identification_helper": { "purl": "pkg:oci/dex-rhel8@sha256:9f1a8964b0e48346118b7bf82b79bd9d1202d416076eb447b365cc68959ed0bb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.8.5-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:5fe68cd77f99e7a40773177ec2b2482d0fbc3b58e126327fe65f8fcc37f5c3b4_ppc64le", "product": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:5fe68cd77f99e7a40773177ec2b2482d0fbc3b58e126327fe65f8fcc37f5c3b4_ppc64le", "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:5fe68cd77f99e7a40773177ec2b2482d0fbc3b58e126327fe65f8fcc37f5c3b4_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kam-delivery-rhel8@sha256:5fe68cd77f99e7a40773177ec2b2482d0fbc3b58e126327fe65f8fcc37f5c3b4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.8.5-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:67ea71348244066577717989936a6ac90af99b3d1b9bebf1c51630fe6dfe59c5_ppc64le", "product": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:67ea71348244066577717989936a6ac90af99b3d1b9bebf1c51630fe6dfe59c5_ppc64le", "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:67ea71348244066577717989936a6ac90af99b3d1b9bebf1c51630fe6dfe59c5_ppc64le", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8-operator@sha256:67ea71348244066577717989936a6ac90af99b3d1b9bebf1c51630fe6dfe59c5?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.8.5-1" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argocd-rhel8@sha256:49f4c4c33b27dd44cb380b61ba269d21e93aa306e7a4dd3174f8e7028ae8fb16_arm64 as a component of Red Hat OpenShift GitOps 1.8", "product_id": "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:49f4c4c33b27dd44cb380b61ba269d21e93aa306e7a4dd3174f8e7028ae8fb16_arm64" }, "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:49f4c4c33b27dd44cb380b61ba269d21e93aa306e7a4dd3174f8e7028ae8fb16_arm64", "relates_to_product_reference": "8Base-GitOps-1.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argocd-rhel8@sha256:605466994766917f7f57f6e3b493d5506067214687852dd115ef29252eb82ed8_ppc64le as a component of Red Hat OpenShift GitOps 1.8", "product_id": "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:605466994766917f7f57f6e3b493d5506067214687852dd115ef29252eb82ed8_ppc64le" }, "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:605466994766917f7f57f6e3b493d5506067214687852dd115ef29252eb82ed8_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argocd-rhel8@sha256:f53c95450e275391d992b092748441e99f2162a48861e03d11fcc5b31f21a08b_s390x as a component of Red Hat OpenShift GitOps 1.8", "product_id": "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:f53c95450e275391d992b092748441e99f2162a48861e03d11fcc5b31f21a08b_s390x" }, "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:f53c95450e275391d992b092748441e99f2162a48861e03d11fcc5b31f21a08b_s390x", "relates_to_product_reference": "8Base-GitOps-1.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argocd-rhel8@sha256:ff138ee0ffbb68106573f14aadba1a55051653fc90a212145138e1d20ae7b475_amd64 as a component of Red Hat OpenShift GitOps 1.8", "product_id": "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:ff138ee0ffbb68106573f14aadba1a55051653fc90a212145138e1d20ae7b475_amd64" }, "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:ff138ee0ffbb68106573f14aadba1a55051653fc90a212145138e1d20ae7b475_amd64", "relates_to_product_reference": "8Base-GitOps-1.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:67c40e4fe95e2a1329b075102ef5b9a28b1f6c99d68e31f63d8bacd90e0b6224_s390x as a component of Red Hat OpenShift GitOps 1.8", "product_id": "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:67c40e4fe95e2a1329b075102ef5b9a28b1f6c99d68e31f63d8bacd90e0b6224_s390x" }, "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:67c40e4fe95e2a1329b075102ef5b9a28b1f6c99d68e31f63d8bacd90e0b6224_s390x", "relates_to_product_reference": "8Base-GitOps-1.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:b1a750ea8c58f936297900f9d21645bb4ce955cce669ec7eccfe0bac1a473aee_ppc64le as a component of Red Hat OpenShift GitOps 1.8", "product_id": "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:b1a750ea8c58f936297900f9d21645bb4ce955cce669ec7eccfe0bac1a473aee_ppc64le" }, "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:b1a750ea8c58f936297900f9d21645bb4ce955cce669ec7eccfe0bac1a473aee_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:c99e14d74329e326a4c078fac6a0299e0eb873c55da156f87c8f038975882392_arm64 as a component of Red Hat OpenShift GitOps 1.8", "product_id": "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:c99e14d74329e326a4c078fac6a0299e0eb873c55da156f87c8f038975882392_arm64" }, "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:c99e14d74329e326a4c078fac6a0299e0eb873c55da156f87c8f038975882392_arm64", "relates_to_product_reference": "8Base-GitOps-1.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:ea3b7681c3c48e27c0339c415847d40ddee15e52377a67d95d43accc3ae163e0_amd64 as a component of Red Hat OpenShift GitOps 1.8", "product_id": "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:ea3b7681c3c48e27c0339c415847d40ddee15e52377a67d95d43accc3ae163e0_amd64" }, "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:ea3b7681c3c48e27c0339c415847d40ddee15e52377a67d95d43accc3ae163e0_amd64", "relates_to_product_reference": "8Base-GitOps-1.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/dex-rhel8@sha256:30dbb6630719c9afe0662335cc94e9d7efaf25c055b63b803146c55904fd047b_amd64 as a component of Red Hat OpenShift GitOps 1.8", "product_id": "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:30dbb6630719c9afe0662335cc94e9d7efaf25c055b63b803146c55904fd047b_amd64" }, "product_reference": "openshift-gitops-1/dex-rhel8@sha256:30dbb6630719c9afe0662335cc94e9d7efaf25c055b63b803146c55904fd047b_amd64", "relates_to_product_reference": "8Base-GitOps-1.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/dex-rhel8@sha256:9f1a8964b0e48346118b7bf82b79bd9d1202d416076eb447b365cc68959ed0bb_ppc64le as a component of Red Hat OpenShift GitOps 1.8", "product_id": "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:9f1a8964b0e48346118b7bf82b79bd9d1202d416076eb447b365cc68959ed0bb_ppc64le" }, "product_reference": "openshift-gitops-1/dex-rhel8@sha256:9f1a8964b0e48346118b7bf82b79bd9d1202d416076eb447b365cc68959ed0bb_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/dex-rhel8@sha256:eaa02afd0eba3fce426b5f8a20ae660a38b091e5df1c17f09a23513a923a3734_arm64 as a component of Red Hat OpenShift GitOps 1.8", "product_id": "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:eaa02afd0eba3fce426b5f8a20ae660a38b091e5df1c17f09a23513a923a3734_arm64" }, "product_reference": "openshift-gitops-1/dex-rhel8@sha256:eaa02afd0eba3fce426b5f8a20ae660a38b091e5df1c17f09a23513a923a3734_arm64", "relates_to_product_reference": "8Base-GitOps-1.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/dex-rhel8@sha256:f992523610a69e94b1db531dc10bcc003aa8e4b84913a0e8d7a520eada0de07c_s390x as a component of Red Hat OpenShift GitOps 1.8", "product_id": "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:f992523610a69e94b1db531dc10bcc003aa8e4b84913a0e8d7a520eada0de07c_s390x" }, "product_reference": "openshift-gitops-1/dex-rhel8@sha256:f992523610a69e94b1db531dc10bcc003aa8e4b84913a0e8d7a520eada0de07c_s390x", "relates_to_product_reference": "8Base-GitOps-1.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-operator-bundle@sha256:70db58fd5b998a759f31a92fc84caf71f4a59e70563b1539970feabd23f65d5d_amd64 as a component of Red Hat OpenShift GitOps 1.8", "product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-operator-bundle@sha256:70db58fd5b998a759f31a92fc84caf71f4a59e70563b1539970feabd23f65d5d_amd64" }, "product_reference": "openshift-gitops-1/gitops-operator-bundle@sha256:70db58fd5b998a759f31a92fc84caf71f4a59e70563b1539970feabd23f65d5d_amd64", "relates_to_product_reference": "8Base-GitOps-1.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:67ea71348244066577717989936a6ac90af99b3d1b9bebf1c51630fe6dfe59c5_ppc64le as a component of Red Hat OpenShift GitOps 1.8", "product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:67ea71348244066577717989936a6ac90af99b3d1b9bebf1c51630fe6dfe59c5_ppc64le" }, "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:67ea71348244066577717989936a6ac90af99b3d1b9bebf1c51630fe6dfe59c5_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:c6ecd15ad1e8a8bc99e484c3be6d0a91951b42180c83d0f447428795234f35a4_s390x as a component of Red Hat OpenShift GitOps 1.8", "product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:c6ecd15ad1e8a8bc99e484c3be6d0a91951b42180c83d0f447428795234f35a4_s390x" }, "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:c6ecd15ad1e8a8bc99e484c3be6d0a91951b42180c83d0f447428795234f35a4_s390x", "relates_to_product_reference": "8Base-GitOps-1.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:d6bc56e3bbc646fc90953e9ce85f4465fc6df0ed97da244d0e2913bc0e4517e1_arm64 as a component of Red Hat OpenShift GitOps 1.8", "product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:d6bc56e3bbc646fc90953e9ce85f4465fc6df0ed97da244d0e2913bc0e4517e1_arm64" }, "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:d6bc56e3bbc646fc90953e9ce85f4465fc6df0ed97da244d0e2913bc0e4517e1_arm64", "relates_to_product_reference": "8Base-GitOps-1.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:e1adc977c267cdeb7f68cab8c21d5b119e6ac031157b52c873f65c4a70e9e01e_amd64 as a component of Red Hat OpenShift GitOps 1.8", "product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:e1adc977c267cdeb7f68cab8c21d5b119e6ac031157b52c873f65c4a70e9e01e_amd64" }, "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:e1adc977c267cdeb7f68cab8c21d5b119e6ac031157b52c873f65c4a70e9e01e_amd64", "relates_to_product_reference": "8Base-GitOps-1.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8@sha256:08e888b49efe41284285d7824a3115ef9f1b3ebe540b956ede7b5b0df438e369_arm64 as a component of Red Hat OpenShift GitOps 1.8", "product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:08e888b49efe41284285d7824a3115ef9f1b3ebe540b956ede7b5b0df438e369_arm64" }, "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:08e888b49efe41284285d7824a3115ef9f1b3ebe540b956ede7b5b0df438e369_arm64", "relates_to_product_reference": "8Base-GitOps-1.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8@sha256:17f0f5d82384c88ed4650b6713a72d7c048effa48e01baf85d7d9e20695fa02c_ppc64le as a component of Red Hat OpenShift GitOps 1.8", "product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:17f0f5d82384c88ed4650b6713a72d7c048effa48e01baf85d7d9e20695fa02c_ppc64le" }, "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:17f0f5d82384c88ed4650b6713a72d7c048effa48e01baf85d7d9e20695fa02c_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8@sha256:5380b02cad0c40565dcbd90688b07b20c2e13304922d478e15ae359da1ded46d_s390x as a component of Red Hat OpenShift GitOps 1.8", "product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:5380b02cad0c40565dcbd90688b07b20c2e13304922d478e15ae359da1ded46d_s390x" }, "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:5380b02cad0c40565dcbd90688b07b20c2e13304922d478e15ae359da1ded46d_s390x", "relates_to_product_reference": "8Base-GitOps-1.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8@sha256:907b7fd50d0c09bb3ca154a3ea9f5af42c3726716d151a88b6f641895f07ffd3_amd64 as a component of Red Hat OpenShift GitOps 1.8", "product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:907b7fd50d0c09bb3ca154a3ea9f5af42c3726716d151a88b6f641895f07ffd3_amd64" }, "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:907b7fd50d0c09bb3ca154a3ea9f5af42c3726716d151a88b6f641895f07ffd3_amd64", "relates_to_product_reference": "8Base-GitOps-1.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:320fce29ab84b25b4cedbb10ccd481dcfdec9d182d0dd44096f3cbdda3ee5f6a_s390x as a component of Red Hat OpenShift GitOps 1.8", "product_id": "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:320fce29ab84b25b4cedbb10ccd481dcfdec9d182d0dd44096f3cbdda3ee5f6a_s390x" }, "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:320fce29ab84b25b4cedbb10ccd481dcfdec9d182d0dd44096f3cbdda3ee5f6a_s390x", "relates_to_product_reference": "8Base-GitOps-1.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:333457e34ea2a27a9eaa56477f7b775ec1e1cdbc89d2fe8f2d0d74a690ee3ef8_arm64 as a component of Red Hat OpenShift GitOps 1.8", "product_id": "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:333457e34ea2a27a9eaa56477f7b775ec1e1cdbc89d2fe8f2d0d74a690ee3ef8_arm64" }, "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:333457e34ea2a27a9eaa56477f7b775ec1e1cdbc89d2fe8f2d0d74a690ee3ef8_arm64", "relates_to_product_reference": "8Base-GitOps-1.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:5fe68cd77f99e7a40773177ec2b2482d0fbc3b58e126327fe65f8fcc37f5c3b4_ppc64le as a component of Red Hat OpenShift GitOps 1.8", "product_id": "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:5fe68cd77f99e7a40773177ec2b2482d0fbc3b58e126327fe65f8fcc37f5c3b4_ppc64le" }, "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:5fe68cd77f99e7a40773177ec2b2482d0fbc3b58e126327fe65f8fcc37f5c3b4_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:f14fcdaea3727a86b7c3ee91acab72d0fd4540482b2bc42f4c350f544ee9d871_amd64 as a component of Red Hat OpenShift GitOps 1.8", "product_id": "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:f14fcdaea3727a86b7c3ee91acab72d0fd4540482b2bc42f4c350f544ee9d871_amd64" }, "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:f14fcdaea3727a86b7c3ee91acab72d0fd4540482b2bc42f4c350f544ee9d871_amd64", "relates_to_product_reference": "8Base-GitOps-1.8" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-40029", "discovery_date": "2023-08-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:67c40e4fe95e2a1329b075102ef5b9a28b1f6c99d68e31f63d8bacd90e0b6224_s390x", "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:b1a750ea8c58f936297900f9d21645bb4ce955cce669ec7eccfe0bac1a473aee_ppc64le", "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:c99e14d74329e326a4c078fac6a0299e0eb873c55da156f87c8f038975882392_arm64", "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:ea3b7681c3c48e27c0339c415847d40ddee15e52377a67d95d43accc3ae163e0_amd64", "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:30dbb6630719c9afe0662335cc94e9d7efaf25c055b63b803146c55904fd047b_amd64", "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:9f1a8964b0e48346118b7bf82b79bd9d1202d416076eb447b365cc68959ed0bb_ppc64le", "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:eaa02afd0eba3fce426b5f8a20ae660a38b091e5df1c17f09a23513a923a3734_arm64", "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:f992523610a69e94b1db531dc10bcc003aa8e4b84913a0e8d7a520eada0de07c_s390x", "8Base-GitOps-1.8:openshift-gitops-1/gitops-operator-bundle@sha256:70db58fd5b998a759f31a92fc84caf71f4a59e70563b1539970feabd23f65d5d_amd64", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:67ea71348244066577717989936a6ac90af99b3d1b9bebf1c51630fe6dfe59c5_ppc64le", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:c6ecd15ad1e8a8bc99e484c3be6d0a91951b42180c83d0f447428795234f35a4_s390x", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:d6bc56e3bbc646fc90953e9ce85f4465fc6df0ed97da244d0e2913bc0e4517e1_arm64", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:e1adc977c267cdeb7f68cab8c21d5b119e6ac031157b52c873f65c4a70e9e01e_amd64", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:08e888b49efe41284285d7824a3115ef9f1b3ebe540b956ede7b5b0df438e369_arm64", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:17f0f5d82384c88ed4650b6713a72d7c048effa48e01baf85d7d9e20695fa02c_ppc64le", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:5380b02cad0c40565dcbd90688b07b20c2e13304922d478e15ae359da1ded46d_s390x", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:907b7fd50d0c09bb3ca154a3ea9f5af42c3726716d151a88b6f641895f07ffd3_amd64", "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:320fce29ab84b25b4cedbb10ccd481dcfdec9d182d0dd44096f3cbdda3ee5f6a_s390x", "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:333457e34ea2a27a9eaa56477f7b775ec1e1cdbc89d2fe8f2d0d74a690ee3ef8_arm64", "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:5fe68cd77f99e7a40773177ec2b2482d0fbc3b58e126327fe65f8fcc37f5c3b4_ppc64le", "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:f14fcdaea3727a86b7c3ee91acab72d0fd4540482b2bc42f4c350f544ee9d871_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2233203" } ], "notes": [ { "category": "description", "text": "A flaw was found in the ArgoCD package, used by Red Hat GitOps, that allows cluster secrets to be managed declaratively using the `kubectl apply` functionality, resulting in the full secret body being stored in `kubectl.kubernetes.io/last-applied-configuration` annotation. Since ArgoCD has included the ability to manage cluster labels and annotations via its API, an attacker can retrieve sensitive authentication information by leveraging this capability, imposing a high impact on data confidentiality and integrity for the targeted ArgoCD cluster. To perform a successful attack, the malicious actor should have `clusters, get` RBAC access granted to its user.", "title": "Vulnerability description" }, { "category": "summary", "text": "ArgoCD: secrets can be leak through kubectl.kubernetes.io/last-applied-configuration", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:49f4c4c33b27dd44cb380b61ba269d21e93aa306e7a4dd3174f8e7028ae8fb16_arm64", "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:605466994766917f7f57f6e3b493d5506067214687852dd115ef29252eb82ed8_ppc64le", "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:f53c95450e275391d992b092748441e99f2162a48861e03d11fcc5b31f21a08b_s390x", "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:ff138ee0ffbb68106573f14aadba1a55051653fc90a212145138e1d20ae7b475_amd64" ], "known_not_affected": [ "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:67c40e4fe95e2a1329b075102ef5b9a28b1f6c99d68e31f63d8bacd90e0b6224_s390x", "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:b1a750ea8c58f936297900f9d21645bb4ce955cce669ec7eccfe0bac1a473aee_ppc64le", "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:c99e14d74329e326a4c078fac6a0299e0eb873c55da156f87c8f038975882392_arm64", "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:ea3b7681c3c48e27c0339c415847d40ddee15e52377a67d95d43accc3ae163e0_amd64", "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:30dbb6630719c9afe0662335cc94e9d7efaf25c055b63b803146c55904fd047b_amd64", "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:9f1a8964b0e48346118b7bf82b79bd9d1202d416076eb447b365cc68959ed0bb_ppc64le", "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:eaa02afd0eba3fce426b5f8a20ae660a38b091e5df1c17f09a23513a923a3734_arm64", "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:f992523610a69e94b1db531dc10bcc003aa8e4b84913a0e8d7a520eada0de07c_s390x", "8Base-GitOps-1.8:openshift-gitops-1/gitops-operator-bundle@sha256:70db58fd5b998a759f31a92fc84caf71f4a59e70563b1539970feabd23f65d5d_amd64", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:67ea71348244066577717989936a6ac90af99b3d1b9bebf1c51630fe6dfe59c5_ppc64le", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:c6ecd15ad1e8a8bc99e484c3be6d0a91951b42180c83d0f447428795234f35a4_s390x", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:d6bc56e3bbc646fc90953e9ce85f4465fc6df0ed97da244d0e2913bc0e4517e1_arm64", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:e1adc977c267cdeb7f68cab8c21d5b119e6ac031157b52c873f65c4a70e9e01e_amd64", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:08e888b49efe41284285d7824a3115ef9f1b3ebe540b956ede7b5b0df438e369_arm64", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:17f0f5d82384c88ed4650b6713a72d7c048effa48e01baf85d7d9e20695fa02c_ppc64le", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:5380b02cad0c40565dcbd90688b07b20c2e13304922d478e15ae359da1ded46d_s390x", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:907b7fd50d0c09bb3ca154a3ea9f5af42c3726716d151a88b6f641895f07ffd3_amd64", "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:320fce29ab84b25b4cedbb10ccd481dcfdec9d182d0dd44096f3cbdda3ee5f6a_s390x", "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:333457e34ea2a27a9eaa56477f7b775ec1e1cdbc89d2fe8f2d0d74a690ee3ef8_arm64", "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:5fe68cd77f99e7a40773177ec2b2482d0fbc3b58e126327fe65f8fcc37f5c3b4_ppc64le", "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:f14fcdaea3727a86b7c3ee91acab72d0fd4540482b2bc42f4c350f544ee9d871_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-40029" }, { "category": "external", "summary": "RHBZ#2233203", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233203" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-40029", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40029" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40029", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40029" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-fwr2-64vr-xv9m", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-fwr2-64vr-xv9m" } ], "release_date": "2023-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-09-08T13:09:59+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:49f4c4c33b27dd44cb380b61ba269d21e93aa306e7a4dd3174f8e7028ae8fb16_arm64", "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:605466994766917f7f57f6e3b493d5506067214687852dd115ef29252eb82ed8_ppc64le", "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:f53c95450e275391d992b092748441e99f2162a48861e03d11fcc5b31f21a08b_s390x", "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:ff138ee0ffbb68106573f14aadba1a55051653fc90a212145138e1d20ae7b475_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5030" }, { "category": "workaround", "details": "Update/deploy the cluster secret with the`server-side-apply` flag, which does not use or rely on the `kubectl.kubernetes.io/last-applied-configuration` \u003chttp://kubectl.kubernetes.io/last-applied-configuration\u003e annotation.\n\nNote: Annotation for existing secrets will require manual removal.", "product_ids": [ "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:49f4c4c33b27dd44cb380b61ba269d21e93aa306e7a4dd3174f8e7028ae8fb16_arm64", "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:605466994766917f7f57f6e3b493d5506067214687852dd115ef29252eb82ed8_ppc64le", "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:f53c95450e275391d992b092748441e99f2162a48861e03d11fcc5b31f21a08b_s390x", "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:ff138ee0ffbb68106573f14aadba1a55051653fc90a212145138e1d20ae7b475_amd64", "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:67c40e4fe95e2a1329b075102ef5b9a28b1f6c99d68e31f63d8bacd90e0b6224_s390x", "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:b1a750ea8c58f936297900f9d21645bb4ce955cce669ec7eccfe0bac1a473aee_ppc64le", "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:c99e14d74329e326a4c078fac6a0299e0eb873c55da156f87c8f038975882392_arm64", "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:ea3b7681c3c48e27c0339c415847d40ddee15e52377a67d95d43accc3ae163e0_amd64", "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:30dbb6630719c9afe0662335cc94e9d7efaf25c055b63b803146c55904fd047b_amd64", "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:9f1a8964b0e48346118b7bf82b79bd9d1202d416076eb447b365cc68959ed0bb_ppc64le", "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:eaa02afd0eba3fce426b5f8a20ae660a38b091e5df1c17f09a23513a923a3734_arm64", "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:f992523610a69e94b1db531dc10bcc003aa8e4b84913a0e8d7a520eada0de07c_s390x", "8Base-GitOps-1.8:openshift-gitops-1/gitops-operator-bundle@sha256:70db58fd5b998a759f31a92fc84caf71f4a59e70563b1539970feabd23f65d5d_amd64", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:67ea71348244066577717989936a6ac90af99b3d1b9bebf1c51630fe6dfe59c5_ppc64le", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:c6ecd15ad1e8a8bc99e484c3be6d0a91951b42180c83d0f447428795234f35a4_s390x", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:d6bc56e3bbc646fc90953e9ce85f4465fc6df0ed97da244d0e2913bc0e4517e1_arm64", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:e1adc977c267cdeb7f68cab8c21d5b119e6ac031157b52c873f65c4a70e9e01e_amd64", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:08e888b49efe41284285d7824a3115ef9f1b3ebe540b956ede7b5b0df438e369_arm64", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:17f0f5d82384c88ed4650b6713a72d7c048effa48e01baf85d7d9e20695fa02c_ppc64le", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:5380b02cad0c40565dcbd90688b07b20c2e13304922d478e15ae359da1ded46d_s390x", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:907b7fd50d0c09bb3ca154a3ea9f5af42c3726716d151a88b6f641895f07ffd3_amd64", "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:320fce29ab84b25b4cedbb10ccd481dcfdec9d182d0dd44096f3cbdda3ee5f6a_s390x", "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:333457e34ea2a27a9eaa56477f7b775ec1e1cdbc89d2fe8f2d0d74a690ee3ef8_arm64", "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:5fe68cd77f99e7a40773177ec2b2482d0fbc3b58e126327fe65f8fcc37f5c3b4_ppc64le", "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:f14fcdaea3727a86b7c3ee91acab72d0fd4540482b2bc42f4c350f544ee9d871_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L", "version": "3.1" }, "products": [ "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:49f4c4c33b27dd44cb380b61ba269d21e93aa306e7a4dd3174f8e7028ae8fb16_arm64", "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:605466994766917f7f57f6e3b493d5506067214687852dd115ef29252eb82ed8_ppc64le", "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:f53c95450e275391d992b092748441e99f2162a48861e03d11fcc5b31f21a08b_s390x", "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:ff138ee0ffbb68106573f14aadba1a55051653fc90a212145138e1d20ae7b475_amd64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "ArgoCD: secrets can be leak through kubectl.kubernetes.io/last-applied-configuration" }, { "cve": "CVE-2023-40584", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-08-30T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:67c40e4fe95e2a1329b075102ef5b9a28b1f6c99d68e31f63d8bacd90e0b6224_s390x", "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:b1a750ea8c58f936297900f9d21645bb4ce955cce669ec7eccfe0bac1a473aee_ppc64le", "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:c99e14d74329e326a4c078fac6a0299e0eb873c55da156f87c8f038975882392_arm64", "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:ea3b7681c3c48e27c0339c415847d40ddee15e52377a67d95d43accc3ae163e0_amd64", "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:30dbb6630719c9afe0662335cc94e9d7efaf25c055b63b803146c55904fd047b_amd64", "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:9f1a8964b0e48346118b7bf82b79bd9d1202d416076eb447b365cc68959ed0bb_ppc64le", "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:eaa02afd0eba3fce426b5f8a20ae660a38b091e5df1c17f09a23513a923a3734_arm64", "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:f992523610a69e94b1db531dc10bcc003aa8e4b84913a0e8d7a520eada0de07c_s390x", "8Base-GitOps-1.8:openshift-gitops-1/gitops-operator-bundle@sha256:70db58fd5b998a759f31a92fc84caf71f4a59e70563b1539970feabd23f65d5d_amd64", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:67ea71348244066577717989936a6ac90af99b3d1b9bebf1c51630fe6dfe59c5_ppc64le", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:c6ecd15ad1e8a8bc99e484c3be6d0a91951b42180c83d0f447428795234f35a4_s390x", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:d6bc56e3bbc646fc90953e9ce85f4465fc6df0ed97da244d0e2913bc0e4517e1_arm64", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:e1adc977c267cdeb7f68cab8c21d5b119e6ac031157b52c873f65c4a70e9e01e_amd64", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:08e888b49efe41284285d7824a3115ef9f1b3ebe540b956ede7b5b0df438e369_arm64", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:17f0f5d82384c88ed4650b6713a72d7c048effa48e01baf85d7d9e20695fa02c_ppc64le", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:5380b02cad0c40565dcbd90688b07b20c2e13304922d478e15ae359da1ded46d_s390x", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:907b7fd50d0c09bb3ca154a3ea9f5af42c3726716d151a88b6f641895f07ffd3_amd64", "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:320fce29ab84b25b4cedbb10ccd481dcfdec9d182d0dd44096f3cbdda3ee5f6a_s390x", "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:333457e34ea2a27a9eaa56477f7b775ec1e1cdbc89d2fe8f2d0d74a690ee3ef8_arm64", "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:5fe68cd77f99e7a40773177ec2b2482d0fbc3b58e126327fe65f8fcc37f5c3b4_ppc64le", "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:f14fcdaea3727a86b7c3ee91acab72d0fd4540482b2bc42f4c350f544ee9d871_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2236530" } ], "notes": [ { "category": "description", "text": "A flaw was found in ArgoCD, where it failed to properly validate the user-controlled tar.gz file uploaded to the repo-server component. As a result, a maliciously crafted tar.gz file sent by a low-privileged user may result in resource starvation and further denial of service of the ArgoCD server. Additionally, the lack of permissions checking for the inner files in the tar.gz file may lead to an attacker creating files that cannot be further deleted from the server.", "title": "Vulnerability description" }, { "category": "summary", "text": "ArgoCD: Denial of Service to Argo CD repo-server", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:49f4c4c33b27dd44cb380b61ba269d21e93aa306e7a4dd3174f8e7028ae8fb16_arm64", "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:605466994766917f7f57f6e3b493d5506067214687852dd115ef29252eb82ed8_ppc64le", "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:f53c95450e275391d992b092748441e99f2162a48861e03d11fcc5b31f21a08b_s390x", "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:ff138ee0ffbb68106573f14aadba1a55051653fc90a212145138e1d20ae7b475_amd64" ], "known_not_affected": [ "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:67c40e4fe95e2a1329b075102ef5b9a28b1f6c99d68e31f63d8bacd90e0b6224_s390x", "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:b1a750ea8c58f936297900f9d21645bb4ce955cce669ec7eccfe0bac1a473aee_ppc64le", "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:c99e14d74329e326a4c078fac6a0299e0eb873c55da156f87c8f038975882392_arm64", "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:ea3b7681c3c48e27c0339c415847d40ddee15e52377a67d95d43accc3ae163e0_amd64", "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:30dbb6630719c9afe0662335cc94e9d7efaf25c055b63b803146c55904fd047b_amd64", "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:9f1a8964b0e48346118b7bf82b79bd9d1202d416076eb447b365cc68959ed0bb_ppc64le", "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:eaa02afd0eba3fce426b5f8a20ae660a38b091e5df1c17f09a23513a923a3734_arm64", "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:f992523610a69e94b1db531dc10bcc003aa8e4b84913a0e8d7a520eada0de07c_s390x", "8Base-GitOps-1.8:openshift-gitops-1/gitops-operator-bundle@sha256:70db58fd5b998a759f31a92fc84caf71f4a59e70563b1539970feabd23f65d5d_amd64", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:67ea71348244066577717989936a6ac90af99b3d1b9bebf1c51630fe6dfe59c5_ppc64le", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:c6ecd15ad1e8a8bc99e484c3be6d0a91951b42180c83d0f447428795234f35a4_s390x", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:d6bc56e3bbc646fc90953e9ce85f4465fc6df0ed97da244d0e2913bc0e4517e1_arm64", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:e1adc977c267cdeb7f68cab8c21d5b119e6ac031157b52c873f65c4a70e9e01e_amd64", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:08e888b49efe41284285d7824a3115ef9f1b3ebe540b956ede7b5b0df438e369_arm64", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:17f0f5d82384c88ed4650b6713a72d7c048effa48e01baf85d7d9e20695fa02c_ppc64le", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:5380b02cad0c40565dcbd90688b07b20c2e13304922d478e15ae359da1ded46d_s390x", "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:907b7fd50d0c09bb3ca154a3ea9f5af42c3726716d151a88b6f641895f07ffd3_amd64", "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:320fce29ab84b25b4cedbb10ccd481dcfdec9d182d0dd44096f3cbdda3ee5f6a_s390x", "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:333457e34ea2a27a9eaa56477f7b775ec1e1cdbc89d2fe8f2d0d74a690ee3ef8_arm64", "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:5fe68cd77f99e7a40773177ec2b2482d0fbc3b58e126327fe65f8fcc37f5c3b4_ppc64le", "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:f14fcdaea3727a86b7c3ee91acab72d0fd4540482b2bc42f4c350f544ee9d871_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-40584" }, { "category": "external", "summary": "RHBZ#2236530", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236530" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-40584", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40584" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40584", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40584" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-g687-f2gx-6wm8", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-g687-f2gx-6wm8" } ], "release_date": "2023-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-09-08T13:09:59+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:49f4c4c33b27dd44cb380b61ba269d21e93aa306e7a4dd3174f8e7028ae8fb16_arm64", "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:605466994766917f7f57f6e3b493d5506067214687852dd115ef29252eb82ed8_ppc64le", "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:f53c95450e275391d992b092748441e99f2162a48861e03d11fcc5b31f21a08b_s390x", "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:ff138ee0ffbb68106573f14aadba1a55051653fc90a212145138e1d20ae7b475_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5030" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:49f4c4c33b27dd44cb380b61ba269d21e93aa306e7a4dd3174f8e7028ae8fb16_arm64", "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:605466994766917f7f57f6e3b493d5506067214687852dd115ef29252eb82ed8_ppc64le", "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:f53c95450e275391d992b092748441e99f2162a48861e03d11fcc5b31f21a08b_s390x", "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:ff138ee0ffbb68106573f14aadba1a55051653fc90a212145138e1d20ae7b475_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ArgoCD: Denial of Service to Argo CD repo-server" } ] }
gsd-2023-40584
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2023-40584", "id": "GSD-2023-40584" }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2023-40584" ], "details": "Argo CD is a declarative continuous deployment for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, the said component extracts a user-controlled tar.gz file without validating the size of its inner files. As a result, a malicious, low-privileged user can send a malicious tar.gz file that exploits this vulnerability to the repo-server, thereby harming the system\u0027s functionality and availability. Additionally, the repo-server is susceptible to another vulnerability due to the fact that it does not check the extracted file permissions before attempting to delete them. Consequently, an attacker can craft a malicious tar.gz archive in a way that prevents the deletion of its inner files when the manifest generation process is completed. A patch for this vulnerability has been released in versions 2.6.15, 2.7.14, and 2.8.3. Users are advised to upgrade. The only way to completely resolve the issue is to upgrade, however users unable to upgrade should configure RBAC (Role-Based Access Control) and provide access for configuring applications only to a limited number of administrators. These administrators should utilize trusted and verified Helm charts.", "id": "GSD-2023-40584", "modified": "2023-12-13T01:20:43.958236Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2023-40584", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "argo-cd", "version": { "version_data": [ { "version_affected": "=", "version_value": "\u003e= 2.4.0, \u003c 2.6.15" }, { "version_affected": "=", "version_value": "\u003e= 2.7.0, \u003c 2.7.14" }, { "version_affected": "=", "version_value": "\u003e= 2.8.0, \u003c 2.8.3" } ] } } ] }, "vendor_name": "argoproj" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Argo CD is a declarative continuous deployment for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, the said component extracts a user-controlled tar.gz file without validating the size of its inner files. As a result, a malicious, low-privileged user can send a malicious tar.gz file that exploits this vulnerability to the repo-server, thereby harming the system\u0027s functionality and availability. Additionally, the repo-server is susceptible to another vulnerability due to the fact that it does not check the extracted file permissions before attempting to delete them. Consequently, an attacker can craft a malicious tar.gz archive in a way that prevents the deletion of its inner files when the manifest generation process is completed. A patch for this vulnerability has been released in versions 2.6.15, 2.7.14, and 2.8.3. Users are advised to upgrade. The only way to completely resolve the issue is to upgrade, however users unable to upgrade should configure RBAC (Role-Based Access Control) and provide access for configuring applications only to a limited number of administrators. These administrators should utilize trusted and verified Helm charts." } ] }, "impact": { "cvss": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-400", "lang": "eng", "value": "CWE-400: Uncontrolled Resource Consumption" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-g687-f2gx-6wm8", "refsource": "MISC", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-g687-f2gx-6wm8" }, { "name": "https://github.com/argoproj/argo-cd/commit/b8f92c4ff226346624f43de3f25d81dac6386674", "refsource": "MISC", "url": "https://github.com/argoproj/argo-cd/commit/b8f92c4ff226346624f43de3f25d81dac6386674" } ] }, "source": { "advisory": "GHSA-g687-f2gx-6wm8", "discovery": "UNKNOWN" } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:linuxfoundation:argo_continuous_delivery:*:*:*:*:*:kubernetes:*:*", "cpe_name": [], "versionEndExcluding": "2.8.3", "versionStartIncluding": "2.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:linuxfoundation:argo_continuous_delivery:*:*:*:*:*:kubernetes:*:*", "cpe_name": [], "versionEndExcluding": "2.7.14", "versionStartIncluding": "2.7.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:linuxfoundation:argo_continuous_delivery:*:*:*:*:*:kubernetes:*:*", "cpe_name": [], "versionEndExcluding": "2.6.15", "versionStartIncluding": "2.4.0", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2023-40584" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Argo CD is a declarative continuous deployment for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, the said component extracts a user-controlled tar.gz file without validating the size of its inner files. As a result, a malicious, low-privileged user can send a malicious tar.gz file that exploits this vulnerability to the repo-server, thereby harming the system\u0027s functionality and availability. Additionally, the repo-server is susceptible to another vulnerability due to the fact that it does not check the extracted file permissions before attempting to delete them. Consequently, an attacker can craft a malicious tar.gz archive in a way that prevents the deletion of its inner files when the manifest generation process is completed. A patch for this vulnerability has been released in versions 2.6.15, 2.7.14, and 2.8.3. Users are advised to upgrade. The only way to completely resolve the issue is to upgrade, however users unable to upgrade should configure RBAC (Role-Based Access Control) and provide access for configuring applications only to a limited number of administrators. These administrators should utilize trusted and verified Helm charts." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-400" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/argoproj/argo-cd/commit/b8f92c4ff226346624f43de3f25d81dac6386674", "refsource": "MISC", "tags": [ "Patch" ], "url": "https://github.com/argoproj/argo-cd/commit/b8f92c4ff226346624f43de3f25d81dac6386674" }, { "name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-g687-f2gx-6wm8", "refsource": "MISC", "tags": [ "Vendor Advisory" ], "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-g687-f2gx-6wm8" } ] } }, "impact": { "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6 } }, "lastModifiedDate": "2023-09-13T14:47Z", "publishedDate": "2023-09-07T23:15Z" } } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.