Action not permitted
Modal body text goes here.
cve-2023-50726
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-50726", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-14T15:56:02.495015Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:18:02.620Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T22:16:47.265Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-g623-jcgg-mhmm", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-g623-jcgg-mhmm" }, { "name": "https://github.com/argoproj/argo-cd/commit/3b8f673f06c2d228e01cbc830e5cb57cef008978", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/argoproj/argo-cd/commit/3b8f673f06c2d228e01cbc830e5cb57cef008978" }, { "name": "https://argo-cd.readthedocs.io/en/latest/operator-manual/rbac", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://argo-cd.readthedocs.io/en/latest/operator-manual/rbac" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "argo-cd", "vendor": "argoproj", "versions": [ { "status": "affected", "version": "\u003e= 1.2.0-rc1, \u003c 2.8.12" }, { "status": "affected", "version": "\u003e= 2.9.0, \u003c 2.9.8" }, { "status": "affected", "version": "\u003e= 2.10.0, \u003c 2.10.3" } ] } ], "descriptions": [ { "lang": "en", "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. \"Local sync\" is an Argo CD feature that allows developers to temporarily override an Application\u0027s manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it allows the user to bypass any merge protections in git. An improper validation bug allows users who have `create` privileges but not `override` privileges to sync local manifests on app creation. All other restrictions, including AppProject restrictions are still enforced. The only restriction which is not enforced is that the manifests come from some approved git/Helm/OCI source. The bug was introduced in 1.2.0-rc1 when the local manifest sync feature was added. The bug has been patched in Argo CD versions 2.10.3, 2.9.8, and 2.8.12. Users are advised to upgrade. Users unable to upgrade may mitigate the risk of branch protection bypass by removing `applications, create` RBAC access. The only way to eliminate the issue without removing RBAC access is to upgrade to a patched version." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "CWE-269: Improper Privilege Management", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-13T20:50:52.245Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-g623-jcgg-mhmm", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-g623-jcgg-mhmm" }, { "name": "https://github.com/argoproj/argo-cd/commit/3b8f673f06c2d228e01cbc830e5cb57cef008978", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/argoproj/argo-cd/commit/3b8f673f06c2d228e01cbc830e5cb57cef008978" }, { "name": "https://argo-cd.readthedocs.io/en/latest/operator-manual/rbac", "tags": [ "x_refsource_MISC" ], "url": "https://argo-cd.readthedocs.io/en/latest/operator-manual/rbac" } ], "source": { "advisory": "GHSA-g623-jcgg-mhmm", "discovery": "UNKNOWN" }, "title": "Users with `create` but not `override` privileges can perform local sync in argo-cd" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-50726", "datePublished": "2024-03-13T20:50:52.245Z", "dateReserved": "2023-12-11T17:53:36.031Z", "dateUpdated": "2024-08-02T22:16:47.265Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-50726\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-03-13T21:15:54.797\",\"lastModified\":\"2024-03-14T12:52:21.763\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. \\\"Local sync\\\" is an Argo CD feature that allows developers to temporarily override an Application\u0027s manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it allows the user to bypass any merge protections in git. An improper validation bug allows users who have `create` privileges but not `override` privileges to sync local manifests on app creation. All other restrictions, including AppProject restrictions are still enforced. The only restriction which is not enforced is that the manifests come from some approved git/Helm/OCI source. The bug was introduced in 1.2.0-rc1 when the local manifest sync feature was added. The bug has been patched in Argo CD versions 2.10.3, 2.9.8, and 2.8.12. Users are advised to upgrade. Users unable to upgrade may mitigate the risk of branch protection bypass by removing `applications, create` RBAC access. The only way to eliminate the issue without removing RBAC access is to upgrade to a patched version.\"},{\"lang\":\"es\",\"value\":\"Argo CD es una herramienta declarativa de entrega continua de GitOps para Kubernetes. La \\\"sincronizaci\u00f3n local\\\" es una caracter\u00edstica de Argo CD que permite a los desarrolladores anular temporalmente los manifiestos de una aplicaci\u00f3n con manifiestos definidos localmente. El uso de la funci\u00f3n generalmente debe limitarse a usuarios de alta confianza, ya que permite al usuario evitar cualquier protecci\u00f3n de combinaci\u00f3n en git. Un error de validaci\u00f3n inadecuado permite a los usuarios que tienen privilegios de \\\"crear\\\" pero no privilegios de \\\"anular\\\" sincronizar manifiestos locales al crear la aplicaci\u00f3n. Todas las dem\u00e1s restricciones, incluidas las de AppProject, a\u00fan se aplican. La \u00fanica restricci\u00f3n que no se aplica es que los manifiestos provengan de alguna fuente aprobada de git/Helm/OCI. El error se introdujo en 1.2.0-rc1 cuando se agreg\u00f3 la funci\u00f3n de sincronizaci\u00f3n del manifiesto local. El error se ha solucionado en las versiones 2.10.3, 2.9.8 y 2.8.12 de Argo CD. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar pueden mitigar el riesgo de eludir la protecci\u00f3n de sucursal eliminando el acceso RBAC \\\"aplicaciones, creaci\u00f3n\\\". La \u00fanica forma de eliminar el problema sin eliminar el acceso a RBAC es actualizar a una versi\u00f3n parcheada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\",\"baseScore\":6.4,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":3.1,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"references\":[{\"url\":\"https://argo-cd.readthedocs.io/en/latest/operator-manual/rbac\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/argoproj/argo-cd/commit/3b8f673f06c2d228e01cbc830e5cb57cef008978\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/argoproj/argo-cd/security/advisories/GHSA-g623-jcgg-mhmm\",\"source\":\"security-advisories@github.com\"}]}}" } }
rhsa-2024_1752
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat OpenShift GitOps v1.12.1 for Argo CD CLI and MicroShift GitOps. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Errata Advisory for Red Hat OpenShift GitOps v1.12.1- Argo CD CLI and MicroShift GitOps.\n\nSecurity Fix(es):\n\n* argo-cd: Denial of Service Due to Unsafe Array Modification in Multi-threaded Environment (CVE-2024-21661)\n\n* argo-cd: Users with `create` but not `override` privileges can perform local\nsync (CVE-2023-50726)\n\n* argo-cd: Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss (CVE-2024-21652)\n\n* argo-cd: uncontrolled resource consumption vulnerability (CVE-2024-29893)\n\n* argo-cd: Bypassing Rate Limit and Brute Force Protection Using Cache Overflow (CVE-2024-21662)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:1752", "url": "https://access.redhat.com/errata/RHSA-2024:1752" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://docs.openshift.com/gitops/latest/understanding_openshift_gitops/about-redhat-openshift-gitops.html", "url": "https://docs.openshift.com/gitops/latest/understanding_openshift_gitops/about-redhat-openshift-gitops.html" }, { "category": "external", "summary": "2269479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269479" }, { "category": "external", "summary": "2270170", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270170" }, { "category": "external", "summary": "2270173", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270173" }, { "category": "external", "summary": "2270182", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270182" }, { "category": "external", "summary": "2272211", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272211" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1752.json" } ], "title": "Red Hat Security Advisory: GitOps 1.12.1- Argo CD CLI and MicroShift GitOps security update", "tracking": { "current_release_date": "2024-11-24T15:00:25+00:00", "generator": { "date": "2024-11-24T15:00:25+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2024:1752", "initial_release_date": "2024-04-10T12:21:14+00:00", "revision_history": [ { "date": "2024-04-10T12:21:14+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-04-10T12:21:14+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-24T15:00:25+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift GitOps 1.12", "product": { "name": "Red Hat OpenShift GitOps 1.12", "product_id": "8Base-GitOps-1.12", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_gitops:1.12::el8" } } }, { "category": "product_name", "name": "Red Hat OpenShift GitOps 1.12", "product": { "name": "Red Hat OpenShift GitOps 1.12", "product_id": "9Base-GitOps-1.12", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_gitops:1.12::el9" } } } ], "category": "product_family", "name": "Red Hat OpenShift GitOps" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-argocd-cli-0:1.12.1-5.el8.src", "product": { "name": "openshift-gitops-argocd-cli-0:1.12.1-5.el8.src", "product_id": "openshift-gitops-argocd-cli-0:1.12.1-5.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-gitops-argocd-cli@1.12.1-5.el8?arch=src" } } }, { "category": "product_version", "name": "openshift-gitops-argocd-cli-0:1.12.1-4.el9.src", "product": { "name": "openshift-gitops-argocd-cli-0:1.12.1-4.el9.src", "product_id": "openshift-gitops-argocd-cli-0:1.12.1-4.el9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-gitops-argocd-cli@1.12.1-4.el9?arch=src" } } }, { "category": "product_version", "name": "microshift-gitops-0:1.12.1-4.el9.src", "product": { "name": "microshift-gitops-0:1.12.1-4.el9.src", "product_id": "microshift-gitops-0:1.12.1-4.el9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/microshift-gitops@1.12.1-4.el9?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-argocd-cli-0:1.12.1-5.el8.x86_64", "product": { "name": "openshift-gitops-argocd-cli-0:1.12.1-5.el8.x86_64", "product_id": "openshift-gitops-argocd-cli-0:1.12.1-5.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-gitops-argocd-cli@1.12.1-5.el8?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-gitops-argocd-cli-redistributable-0:1.12.1-5.el8.x86_64", "product": { "name": "openshift-gitops-argocd-cli-redistributable-0:1.12.1-5.el8.x86_64", "product_id": "openshift-gitops-argocd-cli-redistributable-0:1.12.1-5.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-gitops-argocd-cli-redistributable@1.12.1-5.el8?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-gitops-argocd-cli-0:1.12.1-4.el9.x86_64", "product": { "name": "openshift-gitops-argocd-cli-0:1.12.1-4.el9.x86_64", "product_id": "openshift-gitops-argocd-cli-0:1.12.1-4.el9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-gitops-argocd-cli@1.12.1-4.el9?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-gitops-argocd-cli-redistributable-0:1.12.1-4.el9.x86_64", "product": { "name": "openshift-gitops-argocd-cli-redistributable-0:1.12.1-4.el9.x86_64", "product_id": "openshift-gitops-argocd-cli-redistributable-0:1.12.1-4.el9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-gitops-argocd-cli-redistributable@1.12.1-4.el9?arch=x86_64" } } }, { "category": "product_version", "name": "microshift-gitops-0:1.12.1-4.el9.x86_64", "product": { "name": "microshift-gitops-0:1.12.1-4.el9.x86_64", "product_id": "microshift-gitops-0:1.12.1-4.el9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/microshift-gitops@1.12.1-4.el9?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-argocd-cli-0:1.12.1-5.el8.aarch64", "product": { "name": "openshift-gitops-argocd-cli-0:1.12.1-5.el8.aarch64", "product_id": "openshift-gitops-argocd-cli-0:1.12.1-5.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-gitops-argocd-cli@1.12.1-5.el8?arch=aarch64" } } }, { "category": "product_version", "name": "openshift-gitops-argocd-cli-0:1.12.1-4.el9.aarch64", "product": { "name": "openshift-gitops-argocd-cli-0:1.12.1-4.el9.aarch64", "product_id": "openshift-gitops-argocd-cli-0:1.12.1-4.el9.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-gitops-argocd-cli@1.12.1-4.el9?arch=aarch64" } } }, { "category": "product_version", "name": "microshift-gitops-0:1.12.1-4.el9.aarch64", "product": { "name": "microshift-gitops-0:1.12.1-4.el9.aarch64", "product_id": "microshift-gitops-0:1.12.1-4.el9.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/microshift-gitops@1.12.1-4.el9?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-argocd-cli-0:1.12.1-5.el8.ppc64le", "product": { "name": "openshift-gitops-argocd-cli-0:1.12.1-5.el8.ppc64le", "product_id": "openshift-gitops-argocd-cli-0:1.12.1-5.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-gitops-argocd-cli@1.12.1-5.el8?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-argocd-cli-0:1.12.1-5.el8.s390x", "product": { "name": "openshift-gitops-argocd-cli-0:1.12.1-5.el8.s390x", "product_id": "openshift-gitops-argocd-cli-0:1.12.1-5.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-gitops-argocd-cli@1.12.1-5.el8?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "microshift-gitops-release-info-0:1.12.1-4.el9.noarch", "product": { "name": "microshift-gitops-release-info-0:1.12.1-4.el9.noarch", "product_id": "microshift-gitops-release-info-0:1.12.1-4.el9.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/microshift-gitops-release-info@1.12.1-4.el9?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-argocd-cli-0:1.12.1-5.el8.aarch64 as a component of Red Hat OpenShift GitOps 1.12", "product_id": "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.aarch64" }, "product_reference": "openshift-gitops-argocd-cli-0:1.12.1-5.el8.aarch64", "relates_to_product_reference": "8Base-GitOps-1.12" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-argocd-cli-0:1.12.1-5.el8.ppc64le as a component of Red Hat OpenShift GitOps 1.12", "product_id": "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.ppc64le" }, "product_reference": "openshift-gitops-argocd-cli-0:1.12.1-5.el8.ppc64le", "relates_to_product_reference": "8Base-GitOps-1.12" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-argocd-cli-0:1.12.1-5.el8.s390x as a component of Red Hat OpenShift GitOps 1.12", "product_id": "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.s390x" }, "product_reference": "openshift-gitops-argocd-cli-0:1.12.1-5.el8.s390x", "relates_to_product_reference": "8Base-GitOps-1.12" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-argocd-cli-0:1.12.1-5.el8.src as a component of Red Hat OpenShift GitOps 1.12", "product_id": "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.src" }, "product_reference": "openshift-gitops-argocd-cli-0:1.12.1-5.el8.src", "relates_to_product_reference": "8Base-GitOps-1.12" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-argocd-cli-0:1.12.1-5.el8.x86_64 as a component of Red Hat OpenShift GitOps 1.12", "product_id": "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.x86_64" }, "product_reference": "openshift-gitops-argocd-cli-0:1.12.1-5.el8.x86_64", "relates_to_product_reference": "8Base-GitOps-1.12" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-argocd-cli-redistributable-0:1.12.1-5.el8.x86_64 as a component of Red Hat OpenShift GitOps 1.12", "product_id": "8Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-5.el8.x86_64" }, "product_reference": "openshift-gitops-argocd-cli-redistributable-0:1.12.1-5.el8.x86_64", "relates_to_product_reference": "8Base-GitOps-1.12" }, { "category": "default_component_of", "full_product_name": { "name": "microshift-gitops-0:1.12.1-4.el9.aarch64 as a component of Red Hat OpenShift GitOps 1.12", "product_id": "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.aarch64" }, "product_reference": "microshift-gitops-0:1.12.1-4.el9.aarch64", "relates_to_product_reference": "9Base-GitOps-1.12" }, { "category": "default_component_of", "full_product_name": { "name": "microshift-gitops-0:1.12.1-4.el9.src as a component of Red Hat OpenShift GitOps 1.12", "product_id": "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.src" }, "product_reference": "microshift-gitops-0:1.12.1-4.el9.src", "relates_to_product_reference": "9Base-GitOps-1.12" }, { "category": "default_component_of", "full_product_name": { "name": "microshift-gitops-0:1.12.1-4.el9.x86_64 as a component of Red Hat OpenShift GitOps 1.12", "product_id": "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.x86_64" }, "product_reference": "microshift-gitops-0:1.12.1-4.el9.x86_64", "relates_to_product_reference": "9Base-GitOps-1.12" }, { "category": "default_component_of", "full_product_name": { "name": "microshift-gitops-release-info-0:1.12.1-4.el9.noarch as a component of Red Hat OpenShift GitOps 1.12", "product_id": "9Base-GitOps-1.12:microshift-gitops-release-info-0:1.12.1-4.el9.noarch" }, "product_reference": "microshift-gitops-release-info-0:1.12.1-4.el9.noarch", "relates_to_product_reference": "9Base-GitOps-1.12" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-argocd-cli-0:1.12.1-4.el9.aarch64 as a component of Red Hat OpenShift GitOps 1.12", "product_id": "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.aarch64" }, "product_reference": "openshift-gitops-argocd-cli-0:1.12.1-4.el9.aarch64", "relates_to_product_reference": "9Base-GitOps-1.12" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-argocd-cli-0:1.12.1-4.el9.src as a component of Red Hat OpenShift GitOps 1.12", "product_id": "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.src" }, "product_reference": "openshift-gitops-argocd-cli-0:1.12.1-4.el9.src", "relates_to_product_reference": "9Base-GitOps-1.12" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-argocd-cli-0:1.12.1-4.el9.x86_64 as a component of Red Hat OpenShift GitOps 1.12", "product_id": "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.x86_64" }, "product_reference": "openshift-gitops-argocd-cli-0:1.12.1-4.el9.x86_64", "relates_to_product_reference": "9Base-GitOps-1.12" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-argocd-cli-redistributable-0:1.12.1-4.el9.x86_64 as a component of Red Hat OpenShift GitOps 1.12", "product_id": "9Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-4.el9.x86_64" }, "product_reference": "openshift-gitops-argocd-cli-redistributable-0:1.12.1-4.el9.x86_64", "relates_to_product_reference": "9Base-GitOps-1.12" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-50726", "cwe": { "id": "CWE-269", "name": "Improper Privilege Management" }, "discovery_date": "2024-03-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2269479" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Argo CD package. An improper validation bug allows users to sync local manifests on app creation, who have create privileges but not override privileges. All other restrictions, including AppProject restrictions, are still enforced. The only restriction that is not enforced is that the manifests come from some approved git/Helm/OCI source.", "title": "Vulnerability description" }, { "category": "summary", "text": "CD: Users with `create` but not `override` privileges can perform local sync", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.aarch64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.ppc64le", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.s390x", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.src", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.x86_64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-5.el8.x86_64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:microshift-gitops-release-info-0:1.12.1-4.el9.noarch", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-4.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-50726" }, { "category": "external", "summary": "RHBZ#2269479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269479" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-50726", "url": "https://www.cve.org/CVERecord?id=CVE-2023-50726" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-50726", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50726" }, { "category": "external", "summary": "https://argo-cd.readthedocs.io/en/latest/operator-manual/rbac", "url": "https://argo-cd.readthedocs.io/en/latest/operator-manual/rbac" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/commit/3b8f673f06c2d228e01cbc830e5cb57cef008978", "url": "https://github.com/argoproj/argo-cd/commit/3b8f673f06c2d228e01cbc830e5cb57cef008978" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-g623-jcgg-mhmm", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-g623-jcgg-mhmm" } ], "release_date": "2024-03-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-10T12:21:14+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.aarch64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.ppc64le", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.s390x", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.src", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.x86_64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-5.el8.x86_64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:microshift-gitops-release-info-0:1.12.1-4.el9.noarch", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-4.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1752" }, { "category": "workaround", "details": "To mitigate the risk of branch protection bypass, remove applications and create RBAC access.", "product_ids": [ "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.aarch64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.ppc64le", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.s390x", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.src", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.x86_64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-5.el8.x86_64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:microshift-gitops-release-info-0:1.12.1-4.el9.noarch", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-4.el9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", "version": "3.1" }, "products": [ "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.aarch64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.ppc64le", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.s390x", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.src", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.x86_64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-5.el8.x86_64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:microshift-gitops-release-info-0:1.12.1-4.el9.noarch", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-4.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "CD: Users with `create` but not `override` privileges can perform local sync" }, { "cve": "CVE-2024-21652", "cwe": { "id": "CWE-307", "name": "Improper Restriction of Excessive Authentication Attempts" }, "discovery_date": "2024-03-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2270170" } ], "notes": [ { "category": "description", "text": "A bypass of brute force protection flaw was found in Argo CD. Since login attempts are stored only in memory, every time the server restarts, that number is lost and unlimited login attempts can be made. It is possible to bypass brute force protections by chaining this issue with a denial of service issue, such as CVE-2024-21661.", "title": "Vulnerability description" }, { "category": "summary", "text": "argo-cd: Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.aarch64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.ppc64le", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.s390x", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.src", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.x86_64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-5.el8.x86_64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:microshift-gitops-release-info-0:1.12.1-4.el9.noarch", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-4.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-21652" }, { "category": "external", "summary": "RHBZ#2270170", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270170" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21652", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21652" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21652", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21652" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-x32m-mvfj-52xv", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-x32m-mvfj-52xv" } ], "release_date": "2024-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-10T12:21:14+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.aarch64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.ppc64le", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.s390x", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.src", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.x86_64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-5.el8.x86_64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:microshift-gitops-release-info-0:1.12.1-4.el9.noarch", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-4.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1752" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.aarch64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.ppc64le", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.s390x", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.src", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.x86_64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-5.el8.x86_64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:microshift-gitops-release-info-0:1.12.1-4.el9.noarch", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-4.el9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.aarch64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.ppc64le", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.s390x", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.src", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.x86_64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-5.el8.x86_64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:microshift-gitops-release-info-0:1.12.1-4.el9.noarch", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-4.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "argo-cd: Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss" }, { "cve": "CVE-2024-21661", "cwe": { "id": "CWE-567", "name": "Unsynchronized Access to Shared Data in a Multithreaded Context" }, "discovery_date": "2024-03-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2270173" } ], "notes": [ { "category": "description", "text": "A flaw was found in Argo CD that may result in a remote denial of service. The expireOldFailedAttempts function modifies an array while it is being iterated over. This issue may cause an application crash when executed in a multi-threaded environment if two threads interact with the same array simultaneously.", "title": "Vulnerability description" }, { "category": "summary", "text": "argo-cd: Denial of Service Due to Unsafe Array Modification in Multi-threaded Environment", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.aarch64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.ppc64le", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.s390x", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.src", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.x86_64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-5.el8.x86_64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:microshift-gitops-release-info-0:1.12.1-4.el9.noarch", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-4.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-21661" }, { "category": "external", "summary": "RHBZ#2270173", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270173" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21661", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21661" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21661", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21661" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-6v85-wr92-q4p7", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-6v85-wr92-q4p7" } ], "release_date": "2024-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-10T12:21:14+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.aarch64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.ppc64le", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.s390x", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.src", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.x86_64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-5.el8.x86_64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:microshift-gitops-release-info-0:1.12.1-4.el9.noarch", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-4.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1752" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.aarch64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.ppc64le", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.s390x", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.src", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.x86_64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-5.el8.x86_64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:microshift-gitops-release-info-0:1.12.1-4.el9.noarch", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-4.el9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.aarch64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.ppc64le", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.s390x", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.src", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.x86_64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-5.el8.x86_64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:microshift-gitops-release-info-0:1.12.1-4.el9.noarch", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-4.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "argo-cd: Denial of Service Due to Unsafe Array Modification in Multi-threaded Environment" }, { "cve": "CVE-2024-21662", "cwe": { "id": "CWE-307", "name": "Improper Restriction of Excessive Authentication Attempts" }, "discovery_date": "2024-03-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2270182" } ], "notes": [ { "category": "description", "text": "A flaw was found in Argo CD, where the rate limit for login attempts may be bypassed due to an incomplete fix for CVE-2020-8827. The cache-based mechanism is limited to a `defaultMaxCacheSize` of 1000 entries. An attacker can overflow this cache by sending excessive login attempts for different users, thereby pushing out the admin account\u0027s failed attempts and effectively resetting the rate limit for that account. This enables attackers to perform brute force attacks at an accelerated rate, especially targeting the default admin account.", "title": "Vulnerability description" }, { "category": "summary", "text": "argo-cd: Bypassing Rate Limit and Brute Force Protection Using Cache Overflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.aarch64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.ppc64le", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.s390x", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.src", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.x86_64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-5.el8.x86_64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:microshift-gitops-release-info-0:1.12.1-4.el9.noarch", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-4.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-21662" }, { "category": "external", "summary": "RHBZ#2270182", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270182" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21662", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21662" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21662", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21662" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/commit/17b0df1168a4c535f6f37e95f25ed7cd81e1fa4d", "url": "https://github.com/argoproj/argo-cd/commit/17b0df1168a4c535f6f37e95f25ed7cd81e1fa4d" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/commit/6e181d72b31522f886a2afa029d5b26d7912ec7b", "url": "https://github.com/argoproj/argo-cd/commit/6e181d72b31522f886a2afa029d5b26d7912ec7b" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/commit/cebb6538f7944c87ca2fecb5d17f8baacc431456", "url": "https://github.com/argoproj/argo-cd/commit/cebb6538f7944c87ca2fecb5d17f8baacc431456" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2vgg-9h6w-m454", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2vgg-9h6w-m454" } ], "release_date": "2024-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-10T12:21:14+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.aarch64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.ppc64le", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.s390x", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.src", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.x86_64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-5.el8.x86_64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:microshift-gitops-release-info-0:1.12.1-4.el9.noarch", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-4.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1752" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.aarch64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.ppc64le", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.s390x", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.src", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.x86_64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-5.el8.x86_64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:microshift-gitops-release-info-0:1.12.1-4.el9.noarch", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-4.el9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.aarch64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.ppc64le", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.s390x", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.src", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.x86_64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-5.el8.x86_64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:microshift-gitops-release-info-0:1.12.1-4.el9.noarch", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-4.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "argo-cd: Bypassing Rate Limit and Brute Force Protection Using Cache Overflow" }, { "cve": "CVE-2024-29893", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-03-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2272211" } ], "notes": [ { "category": "description", "text": "The ArgoCD repo-server component is vulnerable to a denial of service attack, where it is possible to crash the repo server component through an out-of-memory error by pointing it to a malicious Helm registry. The loadRepoIndex() function in the ArgoCD\u0027s helm package does not limit the size or time while fetching the data. It fetches and creates a byte slice from the retrieved data in one go. If the registry is implemented to push data continuously, the repo server will keep allocating memory until it runs out.", "title": "Vulnerability description" }, { "category": "summary", "text": "argo-cd: uncontrolled memory allocation vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.aarch64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.ppc64le", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.s390x", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.src", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.x86_64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-5.el8.x86_64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:microshift-gitops-release-info-0:1.12.1-4.el9.noarch", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-4.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-29893" }, { "category": "external", "summary": "RHBZ#2272211", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272211" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29893", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29893" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29893", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29893" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/commit/14f681e3ee7c38731943b98f92277e88a3db109d", "url": "https://github.com/argoproj/argo-cd/commit/14f681e3ee7c38731943b98f92277e88a3db109d" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/commit/36b8a12a38f8d92d55bffc81deed44389bf6eb59", "url": "https://github.com/argoproj/argo-cd/commit/36b8a12a38f8d92d55bffc81deed44389bf6eb59" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/commit/3e5a878f6e30d935fa149723ea2a2e93748fcddd", "url": "https://github.com/argoproj/argo-cd/commit/3e5a878f6e30d935fa149723ea2a2e93748fcddd" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-jhwx-mhww-rgc3", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-jhwx-mhww-rgc3" } ], "release_date": "2024-03-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-10T12:21:14+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.aarch64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.ppc64le", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.s390x", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.src", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.x86_64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-5.el8.x86_64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:microshift-gitops-release-info-0:1.12.1-4.el9.noarch", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-4.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1752" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.aarch64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.ppc64le", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.s390x", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.src", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-5.el8.x86_64", "8Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-5.el8.x86_64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:microshift-gitops-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:microshift-gitops-release-info-0:1.12.1-4.el9.noarch", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.aarch64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.src", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-0:1.12.1-4.el9.x86_64", "9Base-GitOps-1.12:openshift-gitops-argocd-cli-redistributable-0:1.12.1-4.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "argo-cd: uncontrolled memory allocation vulnerability" } ] }
rhsa-2024_1700
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat OpenShift GitOps v1.10.4. Red Hat\nProduct Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Errata Advisory for Red Hat OpenShift GitOps v1.10.4.\n\nSecurity Fix(es):\n\n* argo-cd: Denial of Service Due to Unsafe Array Modification in Multi-threaded Environment (CVE-2024-21661)\n\n* argo-cd: Users with `create` but not `override` privileges can perform local sync (CVE-2023-50726)\n\n* argo-cd: Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss (CVE-2024-21652)\n\n* argo-cd: uncontrolled resource consumption vulnerability (CVE-2024-29893)\n\n* argo-cd: Bypassing Rate Limit and Brute Force Protection Using Cache Overflow(CVE-2024-21662)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:1700", "url": "https://access.redhat.com/errata/RHSA-2024:1700" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://docs.openshift.com/gitops/1.10/release_notes/gitops-release-notes.html", "url": "https://docs.openshift.com/gitops/1.10/release_notes/gitops-release-notes.html" }, { "category": "external", "summary": "https://docs.openshift.com/gitops/1.10/understanding_openshift_gitops/about-redhat-openshift-gitops.html", "url": "https://docs.openshift.com/gitops/1.10/understanding_openshift_gitops/about-redhat-openshift-gitops.html" }, { "category": "external", "summary": "2269479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269479" }, { "category": "external", "summary": "2270170", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270170" }, { "category": "external", "summary": "2270173", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270173" }, { "category": "external", "summary": "2270182", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270182" }, { "category": "external", "summary": "2272211", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272211" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1700.json" } ], "title": "Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.10.4 security update", "tracking": { "current_release_date": "2024-11-24T15:00:03+00:00", "generator": { "date": "2024-11-24T15:00:03+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2024:1700", "initial_release_date": "2024-04-08T16:37:03+00:00", "revision_history": [ { "date": "2024-04-08T16:37:03+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-04-08T16:37:03+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-24T15:00:03+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift GitOps 1.10", "product": { "name": "Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_gitops:1.10::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift GitOps" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-1/argocd-rhel8@sha256:d1fd491fde2306ac80e048721fdf71cf6f3c07cb622f8c2baf89361490cb48eb_ppc64le", "product": { "name": "openshift-gitops-1/argocd-rhel8@sha256:d1fd491fde2306ac80e048721fdf71cf6f3c07cb622f8c2baf89361490cb48eb_ppc64le", "product_id": "openshift-gitops-1/argocd-rhel8@sha256:d1fd491fde2306ac80e048721fdf71cf6f3c07cb622f8c2baf89361490cb48eb_ppc64le", "product_identification_helper": { "purl": "pkg:oci/argocd-rhel8@sha256:d1fd491fde2306ac80e048721fdf71cf6f3c07cb622f8c2baf89361490cb48eb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.10.4-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:46cc90ff5d8e3be71bca64d8e9828eed5192a1f5977e56cd30532525f3b6a7e3_ppc64le", "product": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:46cc90ff5d8e3be71bca64d8e9828eed5192a1f5977e56cd30532525f3b6a7e3_ppc64le", "product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:46cc90ff5d8e3be71bca64d8e9828eed5192a1f5977e56cd30532525f3b6a7e3_ppc64le", "product_identification_helper": { "purl": "pkg:oci/argo-rollouts-rhel8@sha256:46cc90ff5d8e3be71bca64d8e9828eed5192a1f5977e56cd30532525f3b6a7e3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.10.4-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/console-plugin-rhel8@sha256:18bbb5cd8c229f1d42ef2226d3cb790e1174929bdd6c00be150345872873e881_ppc64le", "product": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:18bbb5cd8c229f1d42ef2226d3cb790e1174929bdd6c00be150345872873e881_ppc64le", "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:18bbb5cd8c229f1d42ef2226d3cb790e1174929bdd6c00be150345872873e881_ppc64le", "product_identification_helper": { "purl": "pkg:oci/console-plugin-rhel8@sha256:18bbb5cd8c229f1d42ef2226d3cb790e1174929bdd6c00be150345872873e881?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.10.4-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8@sha256:3a023dd599791a30efb76f1877ec37302fc00f07370c1dfd0b44c7024deb0af8_ppc64le", "product": { "name": "openshift-gitops-1/gitops-rhel8@sha256:3a023dd599791a30efb76f1877ec37302fc00f07370c1dfd0b44c7024deb0af8_ppc64le", "product_id": "openshift-gitops-1/gitops-rhel8@sha256:3a023dd599791a30efb76f1877ec37302fc00f07370c1dfd0b44c7024deb0af8_ppc64le", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8@sha256:3a023dd599791a30efb76f1877ec37302fc00f07370c1dfd0b44c7024deb0af8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.10.4-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/dex-rhel8@sha256:15170b76ccc5bc579cd83b42203c06c8acc9c21650354b3f2242bb9dfe0991a1_ppc64le", "product": { "name": "openshift-gitops-1/dex-rhel8@sha256:15170b76ccc5bc579cd83b42203c06c8acc9c21650354b3f2242bb9dfe0991a1_ppc64le", "product_id": "openshift-gitops-1/dex-rhel8@sha256:15170b76ccc5bc579cd83b42203c06c8acc9c21650354b3f2242bb9dfe0991a1_ppc64le", "product_identification_helper": { "purl": "pkg:oci/dex-rhel8@sha256:15170b76ccc5bc579cd83b42203c06c8acc9c21650354b3f2242bb9dfe0991a1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.10.4-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:5842940f4651c37f2914d606272598b42f9668b189d8dfd69607a8c9ce69ed59_ppc64le", "product": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:5842940f4651c37f2914d606272598b42f9668b189d8dfd69607a8c9ce69ed59_ppc64le", "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:5842940f4651c37f2914d606272598b42f9668b189d8dfd69607a8c9ce69ed59_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kam-delivery-rhel8@sha256:5842940f4651c37f2914d606272598b42f9668b189d8dfd69607a8c9ce69ed59?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.10.4-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/must-gather-rhel8@sha256:5d394094da851d055c2c44788cc5114e456e1d6f4be01170b20d8f30b5e781e1_ppc64le", "product": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:5d394094da851d055c2c44788cc5114e456e1d6f4be01170b20d8f30b5e781e1_ppc64le", "product_id": "openshift-gitops-1/must-gather-rhel8@sha256:5d394094da851d055c2c44788cc5114e456e1d6f4be01170b20d8f30b5e781e1_ppc64le", "product_identification_helper": { "purl": "pkg:oci/must-gather-rhel8@sha256:5d394094da851d055c2c44788cc5114e456e1d6f4be01170b20d8f30b5e781e1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.10.4-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:08b0db82840cec96793eae5997fa38798cfedd5f97ae98087b48c67c48f8a10b_ppc64le", "product": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:08b0db82840cec96793eae5997fa38798cfedd5f97ae98087b48c67c48f8a10b_ppc64le", "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:08b0db82840cec96793eae5997fa38798cfedd5f97ae98087b48c67c48f8a10b_ppc64le", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8-operator@sha256:08b0db82840cec96793eae5997fa38798cfedd5f97ae98087b48c67c48f8a10b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.10.4-1" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-1/argocd-rhel8@sha256:065bf5f9e34cc22a1fbb6414c595910528bfc1742128a71880fd26118cab9c65_arm64", "product": { "name": "openshift-gitops-1/argocd-rhel8@sha256:065bf5f9e34cc22a1fbb6414c595910528bfc1742128a71880fd26118cab9c65_arm64", "product_id": "openshift-gitops-1/argocd-rhel8@sha256:065bf5f9e34cc22a1fbb6414c595910528bfc1742128a71880fd26118cab9c65_arm64", "product_identification_helper": { "purl": "pkg:oci/argocd-rhel8@sha256:065bf5f9e34cc22a1fbb6414c595910528bfc1742128a71880fd26118cab9c65?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.10.4-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:54d08845092953eb90563447db6061d0db9b414ae20b2fe88d725d9d0bf9e3e8_arm64", "product": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:54d08845092953eb90563447db6061d0db9b414ae20b2fe88d725d9d0bf9e3e8_arm64", "product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:54d08845092953eb90563447db6061d0db9b414ae20b2fe88d725d9d0bf9e3e8_arm64", "product_identification_helper": { "purl": "pkg:oci/argo-rollouts-rhel8@sha256:54d08845092953eb90563447db6061d0db9b414ae20b2fe88d725d9d0bf9e3e8?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.10.4-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/console-plugin-rhel8@sha256:11ba1b269f55ffe9fde39d911f6ac8d2efc58523b02642178cc4dc05b0530775_arm64", "product": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:11ba1b269f55ffe9fde39d911f6ac8d2efc58523b02642178cc4dc05b0530775_arm64", "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:11ba1b269f55ffe9fde39d911f6ac8d2efc58523b02642178cc4dc05b0530775_arm64", "product_identification_helper": { "purl": "pkg:oci/console-plugin-rhel8@sha256:11ba1b269f55ffe9fde39d911f6ac8d2efc58523b02642178cc4dc05b0530775?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.10.4-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8@sha256:2e9b3f4392115dde520fcd4850cbc5ec144b3eff1d979cb0a6b246a601621e33_arm64", "product": { "name": "openshift-gitops-1/gitops-rhel8@sha256:2e9b3f4392115dde520fcd4850cbc5ec144b3eff1d979cb0a6b246a601621e33_arm64", "product_id": "openshift-gitops-1/gitops-rhel8@sha256:2e9b3f4392115dde520fcd4850cbc5ec144b3eff1d979cb0a6b246a601621e33_arm64", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8@sha256:2e9b3f4392115dde520fcd4850cbc5ec144b3eff1d979cb0a6b246a601621e33?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.10.4-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/dex-rhel8@sha256:d692fbb1df809ecf83ed074c9b29cd3882590f88dcf8a4baa94553dd48749468_arm64", "product": { "name": "openshift-gitops-1/dex-rhel8@sha256:d692fbb1df809ecf83ed074c9b29cd3882590f88dcf8a4baa94553dd48749468_arm64", "product_id": "openshift-gitops-1/dex-rhel8@sha256:d692fbb1df809ecf83ed074c9b29cd3882590f88dcf8a4baa94553dd48749468_arm64", "product_identification_helper": { "purl": "pkg:oci/dex-rhel8@sha256:d692fbb1df809ecf83ed074c9b29cd3882590f88dcf8a4baa94553dd48749468?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.10.4-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:3fab5ec91594d33ef9f06c310dc374b5c36a5e976a28f6c99e4c0e6418d9e499_arm64", "product": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:3fab5ec91594d33ef9f06c310dc374b5c36a5e976a28f6c99e4c0e6418d9e499_arm64", "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:3fab5ec91594d33ef9f06c310dc374b5c36a5e976a28f6c99e4c0e6418d9e499_arm64", "product_identification_helper": { "purl": "pkg:oci/kam-delivery-rhel8@sha256:3fab5ec91594d33ef9f06c310dc374b5c36a5e976a28f6c99e4c0e6418d9e499?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.10.4-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/must-gather-rhel8@sha256:94db2da6653de641ec792944bd27e7e8bc0faa6a1621a9d3f3c2fdbf1e42478c_arm64", "product": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:94db2da6653de641ec792944bd27e7e8bc0faa6a1621a9d3f3c2fdbf1e42478c_arm64", "product_id": "openshift-gitops-1/must-gather-rhel8@sha256:94db2da6653de641ec792944bd27e7e8bc0faa6a1621a9d3f3c2fdbf1e42478c_arm64", "product_identification_helper": { "purl": "pkg:oci/must-gather-rhel8@sha256:94db2da6653de641ec792944bd27e7e8bc0faa6a1621a9d3f3c2fdbf1e42478c?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.10.4-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:cd2c0d4339fc02879008d31cffeb4af8f5153af59f075416b1dad7cf341d0444_arm64", "product": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:cd2c0d4339fc02879008d31cffeb4af8f5153af59f075416b1dad7cf341d0444_arm64", "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:cd2c0d4339fc02879008d31cffeb4af8f5153af59f075416b1dad7cf341d0444_arm64", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8-operator@sha256:cd2c0d4339fc02879008d31cffeb4af8f5153af59f075416b1dad7cf341d0444?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.10.4-1" } } } ], "category": "architecture", "name": "arm64" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-1/argocd-rhel8@sha256:5699abd15b15bab2581fb5068a4492d24ecf6e82825b9538f63145f2c8f6356a_amd64", "product": { "name": "openshift-gitops-1/argocd-rhel8@sha256:5699abd15b15bab2581fb5068a4492d24ecf6e82825b9538f63145f2c8f6356a_amd64", "product_id": "openshift-gitops-1/argocd-rhel8@sha256:5699abd15b15bab2581fb5068a4492d24ecf6e82825b9538f63145f2c8f6356a_amd64", "product_identification_helper": { "purl": "pkg:oci/argocd-rhel8@sha256:5699abd15b15bab2581fb5068a4492d24ecf6e82825b9538f63145f2c8f6356a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.10.4-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:6a57219d4878ddb4678b2fc2312e728e6656ab11f976798de055855a280c3f32_amd64", "product": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:6a57219d4878ddb4678b2fc2312e728e6656ab11f976798de055855a280c3f32_amd64", "product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:6a57219d4878ddb4678b2fc2312e728e6656ab11f976798de055855a280c3f32_amd64", "product_identification_helper": { "purl": "pkg:oci/argo-rollouts-rhel8@sha256:6a57219d4878ddb4678b2fc2312e728e6656ab11f976798de055855a280c3f32?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.10.4-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/console-plugin-rhel8@sha256:527f500b8a50923d4ffc1b3b41718f1fec79b72896f3988fbf7fdc2b2fe9396b_amd64", "product": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:527f500b8a50923d4ffc1b3b41718f1fec79b72896f3988fbf7fdc2b2fe9396b_amd64", "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:527f500b8a50923d4ffc1b3b41718f1fec79b72896f3988fbf7fdc2b2fe9396b_amd64", "product_identification_helper": { "purl": "pkg:oci/console-plugin-rhel8@sha256:527f500b8a50923d4ffc1b3b41718f1fec79b72896f3988fbf7fdc2b2fe9396b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.10.4-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8@sha256:b2bab868a601143131434349afbe77f3d31023c1f8d48419c8846e2013c44b26_amd64", "product": { "name": "openshift-gitops-1/gitops-rhel8@sha256:b2bab868a601143131434349afbe77f3d31023c1f8d48419c8846e2013c44b26_amd64", "product_id": "openshift-gitops-1/gitops-rhel8@sha256:b2bab868a601143131434349afbe77f3d31023c1f8d48419c8846e2013c44b26_amd64", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8@sha256:b2bab868a601143131434349afbe77f3d31023c1f8d48419c8846e2013c44b26?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.10.4-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/dex-rhel8@sha256:5fa29842159465bffc0318152991562659b9925d904219d341fa1a7ae499b4c4_amd64", "product": { "name": "openshift-gitops-1/dex-rhel8@sha256:5fa29842159465bffc0318152991562659b9925d904219d341fa1a7ae499b4c4_amd64", "product_id": "openshift-gitops-1/dex-rhel8@sha256:5fa29842159465bffc0318152991562659b9925d904219d341fa1a7ae499b4c4_amd64", "product_identification_helper": { "purl": "pkg:oci/dex-rhel8@sha256:5fa29842159465bffc0318152991562659b9925d904219d341fa1a7ae499b4c4?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.10.4-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:edf33e8a2678cfe91b942c0e8e096a0cc1ce2d0e329540c30a45f84a33c8f318_amd64", "product": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:edf33e8a2678cfe91b942c0e8e096a0cc1ce2d0e329540c30a45f84a33c8f318_amd64", "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:edf33e8a2678cfe91b942c0e8e096a0cc1ce2d0e329540c30a45f84a33c8f318_amd64", "product_identification_helper": { "purl": "pkg:oci/kam-delivery-rhel8@sha256:edf33e8a2678cfe91b942c0e8e096a0cc1ce2d0e329540c30a45f84a33c8f318?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.10.4-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/must-gather-rhel8@sha256:f023473103d2a54daad783d4f479f79f8a2d7db78a5bab1781c19b9e250cf4db_amd64", "product": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:f023473103d2a54daad783d4f479f79f8a2d7db78a5bab1781c19b9e250cf4db_amd64", "product_id": "openshift-gitops-1/must-gather-rhel8@sha256:f023473103d2a54daad783d4f479f79f8a2d7db78a5bab1781c19b9e250cf4db_amd64", "product_identification_helper": { "purl": "pkg:oci/must-gather-rhel8@sha256:f023473103d2a54daad783d4f479f79f8a2d7db78a5bab1781c19b9e250cf4db?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.10.4-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-operator-bundle@sha256:caae910cb099a74d24e3eab649231240bbb2064c8dcb059efeec5cd25b78602e_amd64", "product": { "name": "openshift-gitops-1/gitops-operator-bundle@sha256:caae910cb099a74d24e3eab649231240bbb2064c8dcb059efeec5cd25b78602e_amd64", "product_id": "openshift-gitops-1/gitops-operator-bundle@sha256:caae910cb099a74d24e3eab649231240bbb2064c8dcb059efeec5cd25b78602e_amd64", "product_identification_helper": { "purl": "pkg:oci/gitops-operator-bundle@sha256:caae910cb099a74d24e3eab649231240bbb2064c8dcb059efeec5cd25b78602e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-operator-bundle\u0026tag=v1.10.4-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:809dfe55f788fed0e4359416b0342d079030235a30148c6c1a5b301e1eae236c_amd64", "product": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:809dfe55f788fed0e4359416b0342d079030235a30148c6c1a5b301e1eae236c_amd64", "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:809dfe55f788fed0e4359416b0342d079030235a30148c6c1a5b301e1eae236c_amd64", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8-operator@sha256:809dfe55f788fed0e4359416b0342d079030235a30148c6c1a5b301e1eae236c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.10.4-1" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-1/argocd-rhel8@sha256:e8a2bd1bc3c635e274263a2c2dfbec269ad3457ff724acf4d3955795c03fd342_s390x", "product": { "name": "openshift-gitops-1/argocd-rhel8@sha256:e8a2bd1bc3c635e274263a2c2dfbec269ad3457ff724acf4d3955795c03fd342_s390x", "product_id": "openshift-gitops-1/argocd-rhel8@sha256:e8a2bd1bc3c635e274263a2c2dfbec269ad3457ff724acf4d3955795c03fd342_s390x", "product_identification_helper": { "purl": "pkg:oci/argocd-rhel8@sha256:e8a2bd1bc3c635e274263a2c2dfbec269ad3457ff724acf4d3955795c03fd342?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.10.4-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:8fb5db95ab144d9615f54de90784eddff20866f0737a0c8e518c9a0cd0d563c4_s390x", "product": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:8fb5db95ab144d9615f54de90784eddff20866f0737a0c8e518c9a0cd0d563c4_s390x", "product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:8fb5db95ab144d9615f54de90784eddff20866f0737a0c8e518c9a0cd0d563c4_s390x", "product_identification_helper": { "purl": "pkg:oci/argo-rollouts-rhel8@sha256:8fb5db95ab144d9615f54de90784eddff20866f0737a0c8e518c9a0cd0d563c4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.10.4-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/console-plugin-rhel8@sha256:d3ac1434e9ed67672412e8bc34c86d6cdd923df03cd53fd7db276f4a217e977e_s390x", "product": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:d3ac1434e9ed67672412e8bc34c86d6cdd923df03cd53fd7db276f4a217e977e_s390x", "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:d3ac1434e9ed67672412e8bc34c86d6cdd923df03cd53fd7db276f4a217e977e_s390x", "product_identification_helper": { "purl": "pkg:oci/console-plugin-rhel8@sha256:d3ac1434e9ed67672412e8bc34c86d6cdd923df03cd53fd7db276f4a217e977e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.10.4-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8@sha256:301fdc294a4d8fd99b76554117d063a3533007649c3883838fbebe84bcd80df8_s390x", "product": { "name": "openshift-gitops-1/gitops-rhel8@sha256:301fdc294a4d8fd99b76554117d063a3533007649c3883838fbebe84bcd80df8_s390x", "product_id": "openshift-gitops-1/gitops-rhel8@sha256:301fdc294a4d8fd99b76554117d063a3533007649c3883838fbebe84bcd80df8_s390x", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8@sha256:301fdc294a4d8fd99b76554117d063a3533007649c3883838fbebe84bcd80df8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.10.4-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/dex-rhel8@sha256:229bcd4a16087125c39dafe272a6f11de4a10992a5e40f86dd70e9e0c559454d_s390x", "product": { "name": "openshift-gitops-1/dex-rhel8@sha256:229bcd4a16087125c39dafe272a6f11de4a10992a5e40f86dd70e9e0c559454d_s390x", "product_id": "openshift-gitops-1/dex-rhel8@sha256:229bcd4a16087125c39dafe272a6f11de4a10992a5e40f86dd70e9e0c559454d_s390x", "product_identification_helper": { "purl": "pkg:oci/dex-rhel8@sha256:229bcd4a16087125c39dafe272a6f11de4a10992a5e40f86dd70e9e0c559454d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.10.4-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:2a8b7da525a1095cc82e8be9cae1799694227c05c98f86ef5795d5e140556603_s390x", "product": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:2a8b7da525a1095cc82e8be9cae1799694227c05c98f86ef5795d5e140556603_s390x", "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:2a8b7da525a1095cc82e8be9cae1799694227c05c98f86ef5795d5e140556603_s390x", "product_identification_helper": { "purl": "pkg:oci/kam-delivery-rhel8@sha256:2a8b7da525a1095cc82e8be9cae1799694227c05c98f86ef5795d5e140556603?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.10.4-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/must-gather-rhel8@sha256:76d564acd106a6a1a7bd7522a7e63d9f77e5e4d9b4a823744328a6e19e9cc06a_s390x", "product": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:76d564acd106a6a1a7bd7522a7e63d9f77e5e4d9b4a823744328a6e19e9cc06a_s390x", "product_id": "openshift-gitops-1/must-gather-rhel8@sha256:76d564acd106a6a1a7bd7522a7e63d9f77e5e4d9b4a823744328a6e19e9cc06a_s390x", "product_identification_helper": { "purl": "pkg:oci/must-gather-rhel8@sha256:76d564acd106a6a1a7bd7522a7e63d9f77e5e4d9b4a823744328a6e19e9cc06a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.10.4-1" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:d71e522331b9f623f2f3d7d7d44203d757494e71fa7a7de714651345638e3ad5_s390x", "product": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:d71e522331b9f623f2f3d7d7d44203d757494e71fa7a7de714651345638e3ad5_s390x", "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:d71e522331b9f623f2f3d7d7d44203d757494e71fa7a7de714651345638e3ad5_s390x", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8-operator@sha256:d71e522331b9f623f2f3d7d7d44203d757494e71fa7a7de714651345638e3ad5?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.10.4-1" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:46cc90ff5d8e3be71bca64d8e9828eed5192a1f5977e56cd30532525f3b6a7e3_ppc64le as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:46cc90ff5d8e3be71bca64d8e9828eed5192a1f5977e56cd30532525f3b6a7e3_ppc64le" }, "product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:46cc90ff5d8e3be71bca64d8e9828eed5192a1f5977e56cd30532525f3b6a7e3_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:54d08845092953eb90563447db6061d0db9b414ae20b2fe88d725d9d0bf9e3e8_arm64 as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:54d08845092953eb90563447db6061d0db9b414ae20b2fe88d725d9d0bf9e3e8_arm64" }, "product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:54d08845092953eb90563447db6061d0db9b414ae20b2fe88d725d9d0bf9e3e8_arm64", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:6a57219d4878ddb4678b2fc2312e728e6656ab11f976798de055855a280c3f32_amd64 as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:6a57219d4878ddb4678b2fc2312e728e6656ab11f976798de055855a280c3f32_amd64" }, "product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:6a57219d4878ddb4678b2fc2312e728e6656ab11f976798de055855a280c3f32_amd64", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:8fb5db95ab144d9615f54de90784eddff20866f0737a0c8e518c9a0cd0d563c4_s390x as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:8fb5db95ab144d9615f54de90784eddff20866f0737a0c8e518c9a0cd0d563c4_s390x" }, "product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:8fb5db95ab144d9615f54de90784eddff20866f0737a0c8e518c9a0cd0d563c4_s390x", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argocd-rhel8@sha256:065bf5f9e34cc22a1fbb6414c595910528bfc1742128a71880fd26118cab9c65_arm64 as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:065bf5f9e34cc22a1fbb6414c595910528bfc1742128a71880fd26118cab9c65_arm64" }, "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:065bf5f9e34cc22a1fbb6414c595910528bfc1742128a71880fd26118cab9c65_arm64", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argocd-rhel8@sha256:5699abd15b15bab2581fb5068a4492d24ecf6e82825b9538f63145f2c8f6356a_amd64 as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:5699abd15b15bab2581fb5068a4492d24ecf6e82825b9538f63145f2c8f6356a_amd64" }, "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:5699abd15b15bab2581fb5068a4492d24ecf6e82825b9538f63145f2c8f6356a_amd64", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argocd-rhel8@sha256:d1fd491fde2306ac80e048721fdf71cf6f3c07cb622f8c2baf89361490cb48eb_ppc64le as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:d1fd491fde2306ac80e048721fdf71cf6f3c07cb622f8c2baf89361490cb48eb_ppc64le" }, "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:d1fd491fde2306ac80e048721fdf71cf6f3c07cb622f8c2baf89361490cb48eb_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argocd-rhel8@sha256:e8a2bd1bc3c635e274263a2c2dfbec269ad3457ff724acf4d3955795c03fd342_s390x as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:e8a2bd1bc3c635e274263a2c2dfbec269ad3457ff724acf4d3955795c03fd342_s390x" }, "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:e8a2bd1bc3c635e274263a2c2dfbec269ad3457ff724acf4d3955795c03fd342_s390x", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:11ba1b269f55ffe9fde39d911f6ac8d2efc58523b02642178cc4dc05b0530775_arm64 as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:11ba1b269f55ffe9fde39d911f6ac8d2efc58523b02642178cc4dc05b0530775_arm64" }, "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:11ba1b269f55ffe9fde39d911f6ac8d2efc58523b02642178cc4dc05b0530775_arm64", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:18bbb5cd8c229f1d42ef2226d3cb790e1174929bdd6c00be150345872873e881_ppc64le as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:18bbb5cd8c229f1d42ef2226d3cb790e1174929bdd6c00be150345872873e881_ppc64le" }, "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:18bbb5cd8c229f1d42ef2226d3cb790e1174929bdd6c00be150345872873e881_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:527f500b8a50923d4ffc1b3b41718f1fec79b72896f3988fbf7fdc2b2fe9396b_amd64 as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:527f500b8a50923d4ffc1b3b41718f1fec79b72896f3988fbf7fdc2b2fe9396b_amd64" }, "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:527f500b8a50923d4ffc1b3b41718f1fec79b72896f3988fbf7fdc2b2fe9396b_amd64", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:d3ac1434e9ed67672412e8bc34c86d6cdd923df03cd53fd7db276f4a217e977e_s390x as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:d3ac1434e9ed67672412e8bc34c86d6cdd923df03cd53fd7db276f4a217e977e_s390x" }, "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:d3ac1434e9ed67672412e8bc34c86d6cdd923df03cd53fd7db276f4a217e977e_s390x", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/dex-rhel8@sha256:15170b76ccc5bc579cd83b42203c06c8acc9c21650354b3f2242bb9dfe0991a1_ppc64le as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:15170b76ccc5bc579cd83b42203c06c8acc9c21650354b3f2242bb9dfe0991a1_ppc64le" }, "product_reference": "openshift-gitops-1/dex-rhel8@sha256:15170b76ccc5bc579cd83b42203c06c8acc9c21650354b3f2242bb9dfe0991a1_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/dex-rhel8@sha256:229bcd4a16087125c39dafe272a6f11de4a10992a5e40f86dd70e9e0c559454d_s390x as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:229bcd4a16087125c39dafe272a6f11de4a10992a5e40f86dd70e9e0c559454d_s390x" }, "product_reference": "openshift-gitops-1/dex-rhel8@sha256:229bcd4a16087125c39dafe272a6f11de4a10992a5e40f86dd70e9e0c559454d_s390x", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/dex-rhel8@sha256:5fa29842159465bffc0318152991562659b9925d904219d341fa1a7ae499b4c4_amd64 as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:5fa29842159465bffc0318152991562659b9925d904219d341fa1a7ae499b4c4_amd64" }, "product_reference": "openshift-gitops-1/dex-rhel8@sha256:5fa29842159465bffc0318152991562659b9925d904219d341fa1a7ae499b4c4_amd64", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/dex-rhel8@sha256:d692fbb1df809ecf83ed074c9b29cd3882590f88dcf8a4baa94553dd48749468_arm64 as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:d692fbb1df809ecf83ed074c9b29cd3882590f88dcf8a4baa94553dd48749468_arm64" }, "product_reference": "openshift-gitops-1/dex-rhel8@sha256:d692fbb1df809ecf83ed074c9b29cd3882590f88dcf8a4baa94553dd48749468_arm64", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-operator-bundle@sha256:caae910cb099a74d24e3eab649231240bbb2064c8dcb059efeec5cd25b78602e_amd64 as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/gitops-operator-bundle@sha256:caae910cb099a74d24e3eab649231240bbb2064c8dcb059efeec5cd25b78602e_amd64" }, "product_reference": "openshift-gitops-1/gitops-operator-bundle@sha256:caae910cb099a74d24e3eab649231240bbb2064c8dcb059efeec5cd25b78602e_amd64", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:08b0db82840cec96793eae5997fa38798cfedd5f97ae98087b48c67c48f8a10b_ppc64le as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:08b0db82840cec96793eae5997fa38798cfedd5f97ae98087b48c67c48f8a10b_ppc64le" }, "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:08b0db82840cec96793eae5997fa38798cfedd5f97ae98087b48c67c48f8a10b_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:809dfe55f788fed0e4359416b0342d079030235a30148c6c1a5b301e1eae236c_amd64 as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:809dfe55f788fed0e4359416b0342d079030235a30148c6c1a5b301e1eae236c_amd64" }, "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:809dfe55f788fed0e4359416b0342d079030235a30148c6c1a5b301e1eae236c_amd64", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:cd2c0d4339fc02879008d31cffeb4af8f5153af59f075416b1dad7cf341d0444_arm64 as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:cd2c0d4339fc02879008d31cffeb4af8f5153af59f075416b1dad7cf341d0444_arm64" }, "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:cd2c0d4339fc02879008d31cffeb4af8f5153af59f075416b1dad7cf341d0444_arm64", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:d71e522331b9f623f2f3d7d7d44203d757494e71fa7a7de714651345638e3ad5_s390x as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:d71e522331b9f623f2f3d7d7d44203d757494e71fa7a7de714651345638e3ad5_s390x" }, "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:d71e522331b9f623f2f3d7d7d44203d757494e71fa7a7de714651345638e3ad5_s390x", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8@sha256:2e9b3f4392115dde520fcd4850cbc5ec144b3eff1d979cb0a6b246a601621e33_arm64 as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:2e9b3f4392115dde520fcd4850cbc5ec144b3eff1d979cb0a6b246a601621e33_arm64" }, "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:2e9b3f4392115dde520fcd4850cbc5ec144b3eff1d979cb0a6b246a601621e33_arm64", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8@sha256:301fdc294a4d8fd99b76554117d063a3533007649c3883838fbebe84bcd80df8_s390x as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:301fdc294a4d8fd99b76554117d063a3533007649c3883838fbebe84bcd80df8_s390x" }, "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:301fdc294a4d8fd99b76554117d063a3533007649c3883838fbebe84bcd80df8_s390x", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8@sha256:3a023dd599791a30efb76f1877ec37302fc00f07370c1dfd0b44c7024deb0af8_ppc64le as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:3a023dd599791a30efb76f1877ec37302fc00f07370c1dfd0b44c7024deb0af8_ppc64le" }, "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:3a023dd599791a30efb76f1877ec37302fc00f07370c1dfd0b44c7024deb0af8_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8@sha256:b2bab868a601143131434349afbe77f3d31023c1f8d48419c8846e2013c44b26_amd64 as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:b2bab868a601143131434349afbe77f3d31023c1f8d48419c8846e2013c44b26_amd64" }, "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:b2bab868a601143131434349afbe77f3d31023c1f8d48419c8846e2013c44b26_amd64", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:2a8b7da525a1095cc82e8be9cae1799694227c05c98f86ef5795d5e140556603_s390x as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:2a8b7da525a1095cc82e8be9cae1799694227c05c98f86ef5795d5e140556603_s390x" }, "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:2a8b7da525a1095cc82e8be9cae1799694227c05c98f86ef5795d5e140556603_s390x", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:3fab5ec91594d33ef9f06c310dc374b5c36a5e976a28f6c99e4c0e6418d9e499_arm64 as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:3fab5ec91594d33ef9f06c310dc374b5c36a5e976a28f6c99e4c0e6418d9e499_arm64" }, "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:3fab5ec91594d33ef9f06c310dc374b5c36a5e976a28f6c99e4c0e6418d9e499_arm64", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:5842940f4651c37f2914d606272598b42f9668b189d8dfd69607a8c9ce69ed59_ppc64le as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:5842940f4651c37f2914d606272598b42f9668b189d8dfd69607a8c9ce69ed59_ppc64le" }, "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:5842940f4651c37f2914d606272598b42f9668b189d8dfd69607a8c9ce69ed59_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:edf33e8a2678cfe91b942c0e8e096a0cc1ce2d0e329540c30a45f84a33c8f318_amd64 as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:edf33e8a2678cfe91b942c0e8e096a0cc1ce2d0e329540c30a45f84a33c8f318_amd64" }, "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:edf33e8a2678cfe91b942c0e8e096a0cc1ce2d0e329540c30a45f84a33c8f318_amd64", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:5d394094da851d055c2c44788cc5114e456e1d6f4be01170b20d8f30b5e781e1_ppc64le as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:5d394094da851d055c2c44788cc5114e456e1d6f4be01170b20d8f30b5e781e1_ppc64le" }, "product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:5d394094da851d055c2c44788cc5114e456e1d6f4be01170b20d8f30b5e781e1_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:76d564acd106a6a1a7bd7522a7e63d9f77e5e4d9b4a823744328a6e19e9cc06a_s390x as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:76d564acd106a6a1a7bd7522a7e63d9f77e5e4d9b4a823744328a6e19e9cc06a_s390x" }, "product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:76d564acd106a6a1a7bd7522a7e63d9f77e5e4d9b4a823744328a6e19e9cc06a_s390x", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:94db2da6653de641ec792944bd27e7e8bc0faa6a1621a9d3f3c2fdbf1e42478c_arm64 as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:94db2da6653de641ec792944bd27e7e8bc0faa6a1621a9d3f3c2fdbf1e42478c_arm64" }, "product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:94db2da6653de641ec792944bd27e7e8bc0faa6a1621a9d3f3c2fdbf1e42478c_arm64", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:f023473103d2a54daad783d4f479f79f8a2d7db78a5bab1781c19b9e250cf4db_amd64 as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:f023473103d2a54daad783d4f479f79f8a2d7db78a5bab1781c19b9e250cf4db_amd64" }, "product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:f023473103d2a54daad783d4f479f79f8a2d7db78a5bab1781c19b9e250cf4db_amd64", "relates_to_product_reference": "8Base-GitOps-1.10" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-50726", "cwe": { "id": "CWE-269", "name": "Improper Privilege Management" }, "discovery_date": "2024-03-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2269479" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Argo CD package. An improper validation bug allows users to sync local manifests on app creation, who have create privileges but not override privileges. All other restrictions, including AppProject restrictions, are still enforced. The only restriction that is not enforced is that the manifests come from some approved git/Helm/OCI source.", "title": "Vulnerability description" }, { "category": "summary", "text": "CD: Users with `create` but not `override` privileges can perform local sync", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:46cc90ff5d8e3be71bca64d8e9828eed5192a1f5977e56cd30532525f3b6a7e3_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:54d08845092953eb90563447db6061d0db9b414ae20b2fe88d725d9d0bf9e3e8_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:6a57219d4878ddb4678b2fc2312e728e6656ab11f976798de055855a280c3f32_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:8fb5db95ab144d9615f54de90784eddff20866f0737a0c8e518c9a0cd0d563c4_s390x", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:065bf5f9e34cc22a1fbb6414c595910528bfc1742128a71880fd26118cab9c65_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:5699abd15b15bab2581fb5068a4492d24ecf6e82825b9538f63145f2c8f6356a_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:d1fd491fde2306ac80e048721fdf71cf6f3c07cb622f8c2baf89361490cb48eb_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:e8a2bd1bc3c635e274263a2c2dfbec269ad3457ff724acf4d3955795c03fd342_s390x", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:11ba1b269f55ffe9fde39d911f6ac8d2efc58523b02642178cc4dc05b0530775_arm64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:18bbb5cd8c229f1d42ef2226d3cb790e1174929bdd6c00be150345872873e881_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:527f500b8a50923d4ffc1b3b41718f1fec79b72896f3988fbf7fdc2b2fe9396b_amd64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:d3ac1434e9ed67672412e8bc34c86d6cdd923df03cd53fd7db276f4a217e977e_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:15170b76ccc5bc579cd83b42203c06c8acc9c21650354b3f2242bb9dfe0991a1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:229bcd4a16087125c39dafe272a6f11de4a10992a5e40f86dd70e9e0c559454d_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:5fa29842159465bffc0318152991562659b9925d904219d341fa1a7ae499b4c4_amd64", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:d692fbb1df809ecf83ed074c9b29cd3882590f88dcf8a4baa94553dd48749468_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-operator-bundle@sha256:caae910cb099a74d24e3eab649231240bbb2064c8dcb059efeec5cd25b78602e_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:08b0db82840cec96793eae5997fa38798cfedd5f97ae98087b48c67c48f8a10b_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:809dfe55f788fed0e4359416b0342d079030235a30148c6c1a5b301e1eae236c_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:cd2c0d4339fc02879008d31cffeb4af8f5153af59f075416b1dad7cf341d0444_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:d71e522331b9f623f2f3d7d7d44203d757494e71fa7a7de714651345638e3ad5_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:2e9b3f4392115dde520fcd4850cbc5ec144b3eff1d979cb0a6b246a601621e33_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:301fdc294a4d8fd99b76554117d063a3533007649c3883838fbebe84bcd80df8_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:3a023dd599791a30efb76f1877ec37302fc00f07370c1dfd0b44c7024deb0af8_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:b2bab868a601143131434349afbe77f3d31023c1f8d48419c8846e2013c44b26_amd64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:2a8b7da525a1095cc82e8be9cae1799694227c05c98f86ef5795d5e140556603_s390x", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:3fab5ec91594d33ef9f06c310dc374b5c36a5e976a28f6c99e4c0e6418d9e499_arm64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:5842940f4651c37f2914d606272598b42f9668b189d8dfd69607a8c9ce69ed59_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:edf33e8a2678cfe91b942c0e8e096a0cc1ce2d0e329540c30a45f84a33c8f318_amd64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:5d394094da851d055c2c44788cc5114e456e1d6f4be01170b20d8f30b5e781e1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:76d564acd106a6a1a7bd7522a7e63d9f77e5e4d9b4a823744328a6e19e9cc06a_s390x", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:94db2da6653de641ec792944bd27e7e8bc0faa6a1621a9d3f3c2fdbf1e42478c_arm64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:f023473103d2a54daad783d4f479f79f8a2d7db78a5bab1781c19b9e250cf4db_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-50726" }, { "category": "external", "summary": "RHBZ#2269479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269479" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-50726", "url": "https://www.cve.org/CVERecord?id=CVE-2023-50726" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-50726", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50726" }, { "category": "external", "summary": "https://argo-cd.readthedocs.io/en/latest/operator-manual/rbac", "url": "https://argo-cd.readthedocs.io/en/latest/operator-manual/rbac" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/commit/3b8f673f06c2d228e01cbc830e5cb57cef008978", "url": "https://github.com/argoproj/argo-cd/commit/3b8f673f06c2d228e01cbc830e5cb57cef008978" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-g623-jcgg-mhmm", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-g623-jcgg-mhmm" } ], "release_date": "2024-03-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-08T16:37:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:46cc90ff5d8e3be71bca64d8e9828eed5192a1f5977e56cd30532525f3b6a7e3_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:54d08845092953eb90563447db6061d0db9b414ae20b2fe88d725d9d0bf9e3e8_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:6a57219d4878ddb4678b2fc2312e728e6656ab11f976798de055855a280c3f32_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:8fb5db95ab144d9615f54de90784eddff20866f0737a0c8e518c9a0cd0d563c4_s390x", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:065bf5f9e34cc22a1fbb6414c595910528bfc1742128a71880fd26118cab9c65_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:5699abd15b15bab2581fb5068a4492d24ecf6e82825b9538f63145f2c8f6356a_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:d1fd491fde2306ac80e048721fdf71cf6f3c07cb622f8c2baf89361490cb48eb_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:e8a2bd1bc3c635e274263a2c2dfbec269ad3457ff724acf4d3955795c03fd342_s390x", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:11ba1b269f55ffe9fde39d911f6ac8d2efc58523b02642178cc4dc05b0530775_arm64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:18bbb5cd8c229f1d42ef2226d3cb790e1174929bdd6c00be150345872873e881_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:527f500b8a50923d4ffc1b3b41718f1fec79b72896f3988fbf7fdc2b2fe9396b_amd64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:d3ac1434e9ed67672412e8bc34c86d6cdd923df03cd53fd7db276f4a217e977e_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:15170b76ccc5bc579cd83b42203c06c8acc9c21650354b3f2242bb9dfe0991a1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:229bcd4a16087125c39dafe272a6f11de4a10992a5e40f86dd70e9e0c559454d_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:5fa29842159465bffc0318152991562659b9925d904219d341fa1a7ae499b4c4_amd64", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:d692fbb1df809ecf83ed074c9b29cd3882590f88dcf8a4baa94553dd48749468_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-operator-bundle@sha256:caae910cb099a74d24e3eab649231240bbb2064c8dcb059efeec5cd25b78602e_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:08b0db82840cec96793eae5997fa38798cfedd5f97ae98087b48c67c48f8a10b_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:809dfe55f788fed0e4359416b0342d079030235a30148c6c1a5b301e1eae236c_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:cd2c0d4339fc02879008d31cffeb4af8f5153af59f075416b1dad7cf341d0444_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:d71e522331b9f623f2f3d7d7d44203d757494e71fa7a7de714651345638e3ad5_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:2e9b3f4392115dde520fcd4850cbc5ec144b3eff1d979cb0a6b246a601621e33_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:301fdc294a4d8fd99b76554117d063a3533007649c3883838fbebe84bcd80df8_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:3a023dd599791a30efb76f1877ec37302fc00f07370c1dfd0b44c7024deb0af8_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:b2bab868a601143131434349afbe77f3d31023c1f8d48419c8846e2013c44b26_amd64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:2a8b7da525a1095cc82e8be9cae1799694227c05c98f86ef5795d5e140556603_s390x", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:3fab5ec91594d33ef9f06c310dc374b5c36a5e976a28f6c99e4c0e6418d9e499_arm64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:5842940f4651c37f2914d606272598b42f9668b189d8dfd69607a8c9ce69ed59_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:edf33e8a2678cfe91b942c0e8e096a0cc1ce2d0e329540c30a45f84a33c8f318_amd64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:5d394094da851d055c2c44788cc5114e456e1d6f4be01170b20d8f30b5e781e1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:76d564acd106a6a1a7bd7522a7e63d9f77e5e4d9b4a823744328a6e19e9cc06a_s390x", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:94db2da6653de641ec792944bd27e7e8bc0faa6a1621a9d3f3c2fdbf1e42478c_arm64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:f023473103d2a54daad783d4f479f79f8a2d7db78a5bab1781c19b9e250cf4db_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1700" }, { "category": "workaround", "details": "To mitigate the risk of branch protection bypass, remove applications and create RBAC access.", "product_ids": [ "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:46cc90ff5d8e3be71bca64d8e9828eed5192a1f5977e56cd30532525f3b6a7e3_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:54d08845092953eb90563447db6061d0db9b414ae20b2fe88d725d9d0bf9e3e8_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:6a57219d4878ddb4678b2fc2312e728e6656ab11f976798de055855a280c3f32_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:8fb5db95ab144d9615f54de90784eddff20866f0737a0c8e518c9a0cd0d563c4_s390x", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:065bf5f9e34cc22a1fbb6414c595910528bfc1742128a71880fd26118cab9c65_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:5699abd15b15bab2581fb5068a4492d24ecf6e82825b9538f63145f2c8f6356a_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:d1fd491fde2306ac80e048721fdf71cf6f3c07cb622f8c2baf89361490cb48eb_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:e8a2bd1bc3c635e274263a2c2dfbec269ad3457ff724acf4d3955795c03fd342_s390x", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:11ba1b269f55ffe9fde39d911f6ac8d2efc58523b02642178cc4dc05b0530775_arm64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:18bbb5cd8c229f1d42ef2226d3cb790e1174929bdd6c00be150345872873e881_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:527f500b8a50923d4ffc1b3b41718f1fec79b72896f3988fbf7fdc2b2fe9396b_amd64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:d3ac1434e9ed67672412e8bc34c86d6cdd923df03cd53fd7db276f4a217e977e_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:15170b76ccc5bc579cd83b42203c06c8acc9c21650354b3f2242bb9dfe0991a1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:229bcd4a16087125c39dafe272a6f11de4a10992a5e40f86dd70e9e0c559454d_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:5fa29842159465bffc0318152991562659b9925d904219d341fa1a7ae499b4c4_amd64", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:d692fbb1df809ecf83ed074c9b29cd3882590f88dcf8a4baa94553dd48749468_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-operator-bundle@sha256:caae910cb099a74d24e3eab649231240bbb2064c8dcb059efeec5cd25b78602e_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:08b0db82840cec96793eae5997fa38798cfedd5f97ae98087b48c67c48f8a10b_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:809dfe55f788fed0e4359416b0342d079030235a30148c6c1a5b301e1eae236c_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:cd2c0d4339fc02879008d31cffeb4af8f5153af59f075416b1dad7cf341d0444_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:d71e522331b9f623f2f3d7d7d44203d757494e71fa7a7de714651345638e3ad5_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:2e9b3f4392115dde520fcd4850cbc5ec144b3eff1d979cb0a6b246a601621e33_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:301fdc294a4d8fd99b76554117d063a3533007649c3883838fbebe84bcd80df8_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:3a023dd599791a30efb76f1877ec37302fc00f07370c1dfd0b44c7024deb0af8_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:b2bab868a601143131434349afbe77f3d31023c1f8d48419c8846e2013c44b26_amd64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:2a8b7da525a1095cc82e8be9cae1799694227c05c98f86ef5795d5e140556603_s390x", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:3fab5ec91594d33ef9f06c310dc374b5c36a5e976a28f6c99e4c0e6418d9e499_arm64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:5842940f4651c37f2914d606272598b42f9668b189d8dfd69607a8c9ce69ed59_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:edf33e8a2678cfe91b942c0e8e096a0cc1ce2d0e329540c30a45f84a33c8f318_amd64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:5d394094da851d055c2c44788cc5114e456e1d6f4be01170b20d8f30b5e781e1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:76d564acd106a6a1a7bd7522a7e63d9f77e5e4d9b4a823744328a6e19e9cc06a_s390x", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:94db2da6653de641ec792944bd27e7e8bc0faa6a1621a9d3f3c2fdbf1e42478c_arm64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:f023473103d2a54daad783d4f479f79f8a2d7db78a5bab1781c19b9e250cf4db_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", "version": "3.1" }, "products": [ "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:46cc90ff5d8e3be71bca64d8e9828eed5192a1f5977e56cd30532525f3b6a7e3_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:54d08845092953eb90563447db6061d0db9b414ae20b2fe88d725d9d0bf9e3e8_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:6a57219d4878ddb4678b2fc2312e728e6656ab11f976798de055855a280c3f32_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:8fb5db95ab144d9615f54de90784eddff20866f0737a0c8e518c9a0cd0d563c4_s390x", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:065bf5f9e34cc22a1fbb6414c595910528bfc1742128a71880fd26118cab9c65_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:5699abd15b15bab2581fb5068a4492d24ecf6e82825b9538f63145f2c8f6356a_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:d1fd491fde2306ac80e048721fdf71cf6f3c07cb622f8c2baf89361490cb48eb_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:e8a2bd1bc3c635e274263a2c2dfbec269ad3457ff724acf4d3955795c03fd342_s390x", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:11ba1b269f55ffe9fde39d911f6ac8d2efc58523b02642178cc4dc05b0530775_arm64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:18bbb5cd8c229f1d42ef2226d3cb790e1174929bdd6c00be150345872873e881_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:527f500b8a50923d4ffc1b3b41718f1fec79b72896f3988fbf7fdc2b2fe9396b_amd64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:d3ac1434e9ed67672412e8bc34c86d6cdd923df03cd53fd7db276f4a217e977e_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:15170b76ccc5bc579cd83b42203c06c8acc9c21650354b3f2242bb9dfe0991a1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:229bcd4a16087125c39dafe272a6f11de4a10992a5e40f86dd70e9e0c559454d_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:5fa29842159465bffc0318152991562659b9925d904219d341fa1a7ae499b4c4_amd64", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:d692fbb1df809ecf83ed074c9b29cd3882590f88dcf8a4baa94553dd48749468_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-operator-bundle@sha256:caae910cb099a74d24e3eab649231240bbb2064c8dcb059efeec5cd25b78602e_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:08b0db82840cec96793eae5997fa38798cfedd5f97ae98087b48c67c48f8a10b_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:809dfe55f788fed0e4359416b0342d079030235a30148c6c1a5b301e1eae236c_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:cd2c0d4339fc02879008d31cffeb4af8f5153af59f075416b1dad7cf341d0444_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:d71e522331b9f623f2f3d7d7d44203d757494e71fa7a7de714651345638e3ad5_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:2e9b3f4392115dde520fcd4850cbc5ec144b3eff1d979cb0a6b246a601621e33_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:301fdc294a4d8fd99b76554117d063a3533007649c3883838fbebe84bcd80df8_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:3a023dd599791a30efb76f1877ec37302fc00f07370c1dfd0b44c7024deb0af8_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:b2bab868a601143131434349afbe77f3d31023c1f8d48419c8846e2013c44b26_amd64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:2a8b7da525a1095cc82e8be9cae1799694227c05c98f86ef5795d5e140556603_s390x", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:3fab5ec91594d33ef9f06c310dc374b5c36a5e976a28f6c99e4c0e6418d9e499_arm64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:5842940f4651c37f2914d606272598b42f9668b189d8dfd69607a8c9ce69ed59_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:edf33e8a2678cfe91b942c0e8e096a0cc1ce2d0e329540c30a45f84a33c8f318_amd64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:5d394094da851d055c2c44788cc5114e456e1d6f4be01170b20d8f30b5e781e1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:76d564acd106a6a1a7bd7522a7e63d9f77e5e4d9b4a823744328a6e19e9cc06a_s390x", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:94db2da6653de641ec792944bd27e7e8bc0faa6a1621a9d3f3c2fdbf1e42478c_arm64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:f023473103d2a54daad783d4f479f79f8a2d7db78a5bab1781c19b9e250cf4db_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "CD: Users with `create` but not `override` privileges can perform local sync" }, { "cve": "CVE-2024-21652", "cwe": { "id": "CWE-307", "name": "Improper Restriction of Excessive Authentication Attempts" }, "discovery_date": "2024-03-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2270170" } ], "notes": [ { "category": "description", "text": "A bypass of brute force protection flaw was found in Argo CD. Since login attempts are stored only in memory, every time the server restarts, that number is lost and unlimited login attempts can be made. It is possible to bypass brute force protections by chaining this issue with a denial of service issue, such as CVE-2024-21661.", "title": "Vulnerability description" }, { "category": "summary", "text": "argo-cd: Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:46cc90ff5d8e3be71bca64d8e9828eed5192a1f5977e56cd30532525f3b6a7e3_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:54d08845092953eb90563447db6061d0db9b414ae20b2fe88d725d9d0bf9e3e8_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:6a57219d4878ddb4678b2fc2312e728e6656ab11f976798de055855a280c3f32_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:8fb5db95ab144d9615f54de90784eddff20866f0737a0c8e518c9a0cd0d563c4_s390x", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:065bf5f9e34cc22a1fbb6414c595910528bfc1742128a71880fd26118cab9c65_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:5699abd15b15bab2581fb5068a4492d24ecf6e82825b9538f63145f2c8f6356a_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:d1fd491fde2306ac80e048721fdf71cf6f3c07cb622f8c2baf89361490cb48eb_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:e8a2bd1bc3c635e274263a2c2dfbec269ad3457ff724acf4d3955795c03fd342_s390x", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:11ba1b269f55ffe9fde39d911f6ac8d2efc58523b02642178cc4dc05b0530775_arm64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:18bbb5cd8c229f1d42ef2226d3cb790e1174929bdd6c00be150345872873e881_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:527f500b8a50923d4ffc1b3b41718f1fec79b72896f3988fbf7fdc2b2fe9396b_amd64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:d3ac1434e9ed67672412e8bc34c86d6cdd923df03cd53fd7db276f4a217e977e_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:15170b76ccc5bc579cd83b42203c06c8acc9c21650354b3f2242bb9dfe0991a1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:229bcd4a16087125c39dafe272a6f11de4a10992a5e40f86dd70e9e0c559454d_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:5fa29842159465bffc0318152991562659b9925d904219d341fa1a7ae499b4c4_amd64", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:d692fbb1df809ecf83ed074c9b29cd3882590f88dcf8a4baa94553dd48749468_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-operator-bundle@sha256:caae910cb099a74d24e3eab649231240bbb2064c8dcb059efeec5cd25b78602e_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:08b0db82840cec96793eae5997fa38798cfedd5f97ae98087b48c67c48f8a10b_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:809dfe55f788fed0e4359416b0342d079030235a30148c6c1a5b301e1eae236c_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:cd2c0d4339fc02879008d31cffeb4af8f5153af59f075416b1dad7cf341d0444_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:d71e522331b9f623f2f3d7d7d44203d757494e71fa7a7de714651345638e3ad5_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:2e9b3f4392115dde520fcd4850cbc5ec144b3eff1d979cb0a6b246a601621e33_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:301fdc294a4d8fd99b76554117d063a3533007649c3883838fbebe84bcd80df8_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:3a023dd599791a30efb76f1877ec37302fc00f07370c1dfd0b44c7024deb0af8_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:b2bab868a601143131434349afbe77f3d31023c1f8d48419c8846e2013c44b26_amd64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:2a8b7da525a1095cc82e8be9cae1799694227c05c98f86ef5795d5e140556603_s390x", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:3fab5ec91594d33ef9f06c310dc374b5c36a5e976a28f6c99e4c0e6418d9e499_arm64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:5842940f4651c37f2914d606272598b42f9668b189d8dfd69607a8c9ce69ed59_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:edf33e8a2678cfe91b942c0e8e096a0cc1ce2d0e329540c30a45f84a33c8f318_amd64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:5d394094da851d055c2c44788cc5114e456e1d6f4be01170b20d8f30b5e781e1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:76d564acd106a6a1a7bd7522a7e63d9f77e5e4d9b4a823744328a6e19e9cc06a_s390x", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:94db2da6653de641ec792944bd27e7e8bc0faa6a1621a9d3f3c2fdbf1e42478c_arm64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:f023473103d2a54daad783d4f479f79f8a2d7db78a5bab1781c19b9e250cf4db_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-21652" }, { "category": "external", "summary": "RHBZ#2270170", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270170" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21652", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21652" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21652", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21652" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-x32m-mvfj-52xv", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-x32m-mvfj-52xv" } ], "release_date": "2024-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-08T16:37:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:46cc90ff5d8e3be71bca64d8e9828eed5192a1f5977e56cd30532525f3b6a7e3_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:54d08845092953eb90563447db6061d0db9b414ae20b2fe88d725d9d0bf9e3e8_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:6a57219d4878ddb4678b2fc2312e728e6656ab11f976798de055855a280c3f32_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:8fb5db95ab144d9615f54de90784eddff20866f0737a0c8e518c9a0cd0d563c4_s390x", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:065bf5f9e34cc22a1fbb6414c595910528bfc1742128a71880fd26118cab9c65_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:5699abd15b15bab2581fb5068a4492d24ecf6e82825b9538f63145f2c8f6356a_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:d1fd491fde2306ac80e048721fdf71cf6f3c07cb622f8c2baf89361490cb48eb_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:e8a2bd1bc3c635e274263a2c2dfbec269ad3457ff724acf4d3955795c03fd342_s390x", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:11ba1b269f55ffe9fde39d911f6ac8d2efc58523b02642178cc4dc05b0530775_arm64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:18bbb5cd8c229f1d42ef2226d3cb790e1174929bdd6c00be150345872873e881_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:527f500b8a50923d4ffc1b3b41718f1fec79b72896f3988fbf7fdc2b2fe9396b_amd64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:d3ac1434e9ed67672412e8bc34c86d6cdd923df03cd53fd7db276f4a217e977e_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:15170b76ccc5bc579cd83b42203c06c8acc9c21650354b3f2242bb9dfe0991a1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:229bcd4a16087125c39dafe272a6f11de4a10992a5e40f86dd70e9e0c559454d_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:5fa29842159465bffc0318152991562659b9925d904219d341fa1a7ae499b4c4_amd64", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:d692fbb1df809ecf83ed074c9b29cd3882590f88dcf8a4baa94553dd48749468_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-operator-bundle@sha256:caae910cb099a74d24e3eab649231240bbb2064c8dcb059efeec5cd25b78602e_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:08b0db82840cec96793eae5997fa38798cfedd5f97ae98087b48c67c48f8a10b_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:809dfe55f788fed0e4359416b0342d079030235a30148c6c1a5b301e1eae236c_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:cd2c0d4339fc02879008d31cffeb4af8f5153af59f075416b1dad7cf341d0444_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:d71e522331b9f623f2f3d7d7d44203d757494e71fa7a7de714651345638e3ad5_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:2e9b3f4392115dde520fcd4850cbc5ec144b3eff1d979cb0a6b246a601621e33_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:301fdc294a4d8fd99b76554117d063a3533007649c3883838fbebe84bcd80df8_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:3a023dd599791a30efb76f1877ec37302fc00f07370c1dfd0b44c7024deb0af8_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:b2bab868a601143131434349afbe77f3d31023c1f8d48419c8846e2013c44b26_amd64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:2a8b7da525a1095cc82e8be9cae1799694227c05c98f86ef5795d5e140556603_s390x", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:3fab5ec91594d33ef9f06c310dc374b5c36a5e976a28f6c99e4c0e6418d9e499_arm64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:5842940f4651c37f2914d606272598b42f9668b189d8dfd69607a8c9ce69ed59_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:edf33e8a2678cfe91b942c0e8e096a0cc1ce2d0e329540c30a45f84a33c8f318_amd64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:5d394094da851d055c2c44788cc5114e456e1d6f4be01170b20d8f30b5e781e1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:76d564acd106a6a1a7bd7522a7e63d9f77e5e4d9b4a823744328a6e19e9cc06a_s390x", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:94db2da6653de641ec792944bd27e7e8bc0faa6a1621a9d3f3c2fdbf1e42478c_arm64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:f023473103d2a54daad783d4f479f79f8a2d7db78a5bab1781c19b9e250cf4db_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1700" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:46cc90ff5d8e3be71bca64d8e9828eed5192a1f5977e56cd30532525f3b6a7e3_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:54d08845092953eb90563447db6061d0db9b414ae20b2fe88d725d9d0bf9e3e8_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:6a57219d4878ddb4678b2fc2312e728e6656ab11f976798de055855a280c3f32_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:8fb5db95ab144d9615f54de90784eddff20866f0737a0c8e518c9a0cd0d563c4_s390x", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:065bf5f9e34cc22a1fbb6414c595910528bfc1742128a71880fd26118cab9c65_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:5699abd15b15bab2581fb5068a4492d24ecf6e82825b9538f63145f2c8f6356a_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:d1fd491fde2306ac80e048721fdf71cf6f3c07cb622f8c2baf89361490cb48eb_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:e8a2bd1bc3c635e274263a2c2dfbec269ad3457ff724acf4d3955795c03fd342_s390x", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:11ba1b269f55ffe9fde39d911f6ac8d2efc58523b02642178cc4dc05b0530775_arm64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:18bbb5cd8c229f1d42ef2226d3cb790e1174929bdd6c00be150345872873e881_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:527f500b8a50923d4ffc1b3b41718f1fec79b72896f3988fbf7fdc2b2fe9396b_amd64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:d3ac1434e9ed67672412e8bc34c86d6cdd923df03cd53fd7db276f4a217e977e_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:15170b76ccc5bc579cd83b42203c06c8acc9c21650354b3f2242bb9dfe0991a1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:229bcd4a16087125c39dafe272a6f11de4a10992a5e40f86dd70e9e0c559454d_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:5fa29842159465bffc0318152991562659b9925d904219d341fa1a7ae499b4c4_amd64", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:d692fbb1df809ecf83ed074c9b29cd3882590f88dcf8a4baa94553dd48749468_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-operator-bundle@sha256:caae910cb099a74d24e3eab649231240bbb2064c8dcb059efeec5cd25b78602e_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:08b0db82840cec96793eae5997fa38798cfedd5f97ae98087b48c67c48f8a10b_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:809dfe55f788fed0e4359416b0342d079030235a30148c6c1a5b301e1eae236c_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:cd2c0d4339fc02879008d31cffeb4af8f5153af59f075416b1dad7cf341d0444_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:d71e522331b9f623f2f3d7d7d44203d757494e71fa7a7de714651345638e3ad5_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:2e9b3f4392115dde520fcd4850cbc5ec144b3eff1d979cb0a6b246a601621e33_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:301fdc294a4d8fd99b76554117d063a3533007649c3883838fbebe84bcd80df8_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:3a023dd599791a30efb76f1877ec37302fc00f07370c1dfd0b44c7024deb0af8_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:b2bab868a601143131434349afbe77f3d31023c1f8d48419c8846e2013c44b26_amd64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:2a8b7da525a1095cc82e8be9cae1799694227c05c98f86ef5795d5e140556603_s390x", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:3fab5ec91594d33ef9f06c310dc374b5c36a5e976a28f6c99e4c0e6418d9e499_arm64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:5842940f4651c37f2914d606272598b42f9668b189d8dfd69607a8c9ce69ed59_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:edf33e8a2678cfe91b942c0e8e096a0cc1ce2d0e329540c30a45f84a33c8f318_amd64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:5d394094da851d055c2c44788cc5114e456e1d6f4be01170b20d8f30b5e781e1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:76d564acd106a6a1a7bd7522a7e63d9f77e5e4d9b4a823744328a6e19e9cc06a_s390x", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:94db2da6653de641ec792944bd27e7e8bc0faa6a1621a9d3f3c2fdbf1e42478c_arm64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:f023473103d2a54daad783d4f479f79f8a2d7db78a5bab1781c19b9e250cf4db_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:46cc90ff5d8e3be71bca64d8e9828eed5192a1f5977e56cd30532525f3b6a7e3_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:54d08845092953eb90563447db6061d0db9b414ae20b2fe88d725d9d0bf9e3e8_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:6a57219d4878ddb4678b2fc2312e728e6656ab11f976798de055855a280c3f32_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:8fb5db95ab144d9615f54de90784eddff20866f0737a0c8e518c9a0cd0d563c4_s390x", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:065bf5f9e34cc22a1fbb6414c595910528bfc1742128a71880fd26118cab9c65_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:5699abd15b15bab2581fb5068a4492d24ecf6e82825b9538f63145f2c8f6356a_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:d1fd491fde2306ac80e048721fdf71cf6f3c07cb622f8c2baf89361490cb48eb_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:e8a2bd1bc3c635e274263a2c2dfbec269ad3457ff724acf4d3955795c03fd342_s390x", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:11ba1b269f55ffe9fde39d911f6ac8d2efc58523b02642178cc4dc05b0530775_arm64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:18bbb5cd8c229f1d42ef2226d3cb790e1174929bdd6c00be150345872873e881_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:527f500b8a50923d4ffc1b3b41718f1fec79b72896f3988fbf7fdc2b2fe9396b_amd64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:d3ac1434e9ed67672412e8bc34c86d6cdd923df03cd53fd7db276f4a217e977e_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:15170b76ccc5bc579cd83b42203c06c8acc9c21650354b3f2242bb9dfe0991a1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:229bcd4a16087125c39dafe272a6f11de4a10992a5e40f86dd70e9e0c559454d_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:5fa29842159465bffc0318152991562659b9925d904219d341fa1a7ae499b4c4_amd64", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:d692fbb1df809ecf83ed074c9b29cd3882590f88dcf8a4baa94553dd48749468_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-operator-bundle@sha256:caae910cb099a74d24e3eab649231240bbb2064c8dcb059efeec5cd25b78602e_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:08b0db82840cec96793eae5997fa38798cfedd5f97ae98087b48c67c48f8a10b_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:809dfe55f788fed0e4359416b0342d079030235a30148c6c1a5b301e1eae236c_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:cd2c0d4339fc02879008d31cffeb4af8f5153af59f075416b1dad7cf341d0444_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:d71e522331b9f623f2f3d7d7d44203d757494e71fa7a7de714651345638e3ad5_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:2e9b3f4392115dde520fcd4850cbc5ec144b3eff1d979cb0a6b246a601621e33_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:301fdc294a4d8fd99b76554117d063a3533007649c3883838fbebe84bcd80df8_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:3a023dd599791a30efb76f1877ec37302fc00f07370c1dfd0b44c7024deb0af8_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:b2bab868a601143131434349afbe77f3d31023c1f8d48419c8846e2013c44b26_amd64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:2a8b7da525a1095cc82e8be9cae1799694227c05c98f86ef5795d5e140556603_s390x", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:3fab5ec91594d33ef9f06c310dc374b5c36a5e976a28f6c99e4c0e6418d9e499_arm64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:5842940f4651c37f2914d606272598b42f9668b189d8dfd69607a8c9ce69ed59_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:edf33e8a2678cfe91b942c0e8e096a0cc1ce2d0e329540c30a45f84a33c8f318_amd64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:5d394094da851d055c2c44788cc5114e456e1d6f4be01170b20d8f30b5e781e1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:76d564acd106a6a1a7bd7522a7e63d9f77e5e4d9b4a823744328a6e19e9cc06a_s390x", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:94db2da6653de641ec792944bd27e7e8bc0faa6a1621a9d3f3c2fdbf1e42478c_arm64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:f023473103d2a54daad783d4f479f79f8a2d7db78a5bab1781c19b9e250cf4db_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "argo-cd: Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss" }, { "cve": "CVE-2024-21661", "cwe": { "id": "CWE-567", "name": "Unsynchronized Access to Shared Data in a Multithreaded Context" }, "discovery_date": "2024-03-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2270173" } ], "notes": [ { "category": "description", "text": "A flaw was found in Argo CD that may result in a remote denial of service. The expireOldFailedAttempts function modifies an array while it is being iterated over. This issue may cause an application crash when executed in a multi-threaded environment if two threads interact with the same array simultaneously.", "title": "Vulnerability description" }, { "category": "summary", "text": "argo-cd: Denial of Service Due to Unsafe Array Modification in Multi-threaded Environment", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:46cc90ff5d8e3be71bca64d8e9828eed5192a1f5977e56cd30532525f3b6a7e3_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:54d08845092953eb90563447db6061d0db9b414ae20b2fe88d725d9d0bf9e3e8_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:6a57219d4878ddb4678b2fc2312e728e6656ab11f976798de055855a280c3f32_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:8fb5db95ab144d9615f54de90784eddff20866f0737a0c8e518c9a0cd0d563c4_s390x", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:065bf5f9e34cc22a1fbb6414c595910528bfc1742128a71880fd26118cab9c65_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:5699abd15b15bab2581fb5068a4492d24ecf6e82825b9538f63145f2c8f6356a_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:d1fd491fde2306ac80e048721fdf71cf6f3c07cb622f8c2baf89361490cb48eb_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:e8a2bd1bc3c635e274263a2c2dfbec269ad3457ff724acf4d3955795c03fd342_s390x", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:11ba1b269f55ffe9fde39d911f6ac8d2efc58523b02642178cc4dc05b0530775_arm64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:18bbb5cd8c229f1d42ef2226d3cb790e1174929bdd6c00be150345872873e881_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:527f500b8a50923d4ffc1b3b41718f1fec79b72896f3988fbf7fdc2b2fe9396b_amd64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:d3ac1434e9ed67672412e8bc34c86d6cdd923df03cd53fd7db276f4a217e977e_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:15170b76ccc5bc579cd83b42203c06c8acc9c21650354b3f2242bb9dfe0991a1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:229bcd4a16087125c39dafe272a6f11de4a10992a5e40f86dd70e9e0c559454d_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:5fa29842159465bffc0318152991562659b9925d904219d341fa1a7ae499b4c4_amd64", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:d692fbb1df809ecf83ed074c9b29cd3882590f88dcf8a4baa94553dd48749468_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-operator-bundle@sha256:caae910cb099a74d24e3eab649231240bbb2064c8dcb059efeec5cd25b78602e_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:08b0db82840cec96793eae5997fa38798cfedd5f97ae98087b48c67c48f8a10b_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:809dfe55f788fed0e4359416b0342d079030235a30148c6c1a5b301e1eae236c_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:cd2c0d4339fc02879008d31cffeb4af8f5153af59f075416b1dad7cf341d0444_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:d71e522331b9f623f2f3d7d7d44203d757494e71fa7a7de714651345638e3ad5_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:2e9b3f4392115dde520fcd4850cbc5ec144b3eff1d979cb0a6b246a601621e33_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:301fdc294a4d8fd99b76554117d063a3533007649c3883838fbebe84bcd80df8_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:3a023dd599791a30efb76f1877ec37302fc00f07370c1dfd0b44c7024deb0af8_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:b2bab868a601143131434349afbe77f3d31023c1f8d48419c8846e2013c44b26_amd64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:2a8b7da525a1095cc82e8be9cae1799694227c05c98f86ef5795d5e140556603_s390x", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:3fab5ec91594d33ef9f06c310dc374b5c36a5e976a28f6c99e4c0e6418d9e499_arm64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:5842940f4651c37f2914d606272598b42f9668b189d8dfd69607a8c9ce69ed59_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:edf33e8a2678cfe91b942c0e8e096a0cc1ce2d0e329540c30a45f84a33c8f318_amd64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:5d394094da851d055c2c44788cc5114e456e1d6f4be01170b20d8f30b5e781e1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:76d564acd106a6a1a7bd7522a7e63d9f77e5e4d9b4a823744328a6e19e9cc06a_s390x", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:94db2da6653de641ec792944bd27e7e8bc0faa6a1621a9d3f3c2fdbf1e42478c_arm64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:f023473103d2a54daad783d4f479f79f8a2d7db78a5bab1781c19b9e250cf4db_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-21661" }, { "category": "external", "summary": "RHBZ#2270173", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270173" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21661", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21661" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21661", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21661" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-6v85-wr92-q4p7", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-6v85-wr92-q4p7" } ], "release_date": "2024-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-08T16:37:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:46cc90ff5d8e3be71bca64d8e9828eed5192a1f5977e56cd30532525f3b6a7e3_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:54d08845092953eb90563447db6061d0db9b414ae20b2fe88d725d9d0bf9e3e8_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:6a57219d4878ddb4678b2fc2312e728e6656ab11f976798de055855a280c3f32_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:8fb5db95ab144d9615f54de90784eddff20866f0737a0c8e518c9a0cd0d563c4_s390x", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:065bf5f9e34cc22a1fbb6414c595910528bfc1742128a71880fd26118cab9c65_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:5699abd15b15bab2581fb5068a4492d24ecf6e82825b9538f63145f2c8f6356a_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:d1fd491fde2306ac80e048721fdf71cf6f3c07cb622f8c2baf89361490cb48eb_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:e8a2bd1bc3c635e274263a2c2dfbec269ad3457ff724acf4d3955795c03fd342_s390x", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:11ba1b269f55ffe9fde39d911f6ac8d2efc58523b02642178cc4dc05b0530775_arm64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:18bbb5cd8c229f1d42ef2226d3cb790e1174929bdd6c00be150345872873e881_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:527f500b8a50923d4ffc1b3b41718f1fec79b72896f3988fbf7fdc2b2fe9396b_amd64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:d3ac1434e9ed67672412e8bc34c86d6cdd923df03cd53fd7db276f4a217e977e_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:15170b76ccc5bc579cd83b42203c06c8acc9c21650354b3f2242bb9dfe0991a1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:229bcd4a16087125c39dafe272a6f11de4a10992a5e40f86dd70e9e0c559454d_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:5fa29842159465bffc0318152991562659b9925d904219d341fa1a7ae499b4c4_amd64", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:d692fbb1df809ecf83ed074c9b29cd3882590f88dcf8a4baa94553dd48749468_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-operator-bundle@sha256:caae910cb099a74d24e3eab649231240bbb2064c8dcb059efeec5cd25b78602e_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:08b0db82840cec96793eae5997fa38798cfedd5f97ae98087b48c67c48f8a10b_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:809dfe55f788fed0e4359416b0342d079030235a30148c6c1a5b301e1eae236c_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:cd2c0d4339fc02879008d31cffeb4af8f5153af59f075416b1dad7cf341d0444_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:d71e522331b9f623f2f3d7d7d44203d757494e71fa7a7de714651345638e3ad5_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:2e9b3f4392115dde520fcd4850cbc5ec144b3eff1d979cb0a6b246a601621e33_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:301fdc294a4d8fd99b76554117d063a3533007649c3883838fbebe84bcd80df8_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:3a023dd599791a30efb76f1877ec37302fc00f07370c1dfd0b44c7024deb0af8_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:b2bab868a601143131434349afbe77f3d31023c1f8d48419c8846e2013c44b26_amd64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:2a8b7da525a1095cc82e8be9cae1799694227c05c98f86ef5795d5e140556603_s390x", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:3fab5ec91594d33ef9f06c310dc374b5c36a5e976a28f6c99e4c0e6418d9e499_arm64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:5842940f4651c37f2914d606272598b42f9668b189d8dfd69607a8c9ce69ed59_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:edf33e8a2678cfe91b942c0e8e096a0cc1ce2d0e329540c30a45f84a33c8f318_amd64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:5d394094da851d055c2c44788cc5114e456e1d6f4be01170b20d8f30b5e781e1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:76d564acd106a6a1a7bd7522a7e63d9f77e5e4d9b4a823744328a6e19e9cc06a_s390x", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:94db2da6653de641ec792944bd27e7e8bc0faa6a1621a9d3f3c2fdbf1e42478c_arm64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:f023473103d2a54daad783d4f479f79f8a2d7db78a5bab1781c19b9e250cf4db_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1700" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:46cc90ff5d8e3be71bca64d8e9828eed5192a1f5977e56cd30532525f3b6a7e3_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:54d08845092953eb90563447db6061d0db9b414ae20b2fe88d725d9d0bf9e3e8_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:6a57219d4878ddb4678b2fc2312e728e6656ab11f976798de055855a280c3f32_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:8fb5db95ab144d9615f54de90784eddff20866f0737a0c8e518c9a0cd0d563c4_s390x", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:065bf5f9e34cc22a1fbb6414c595910528bfc1742128a71880fd26118cab9c65_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:5699abd15b15bab2581fb5068a4492d24ecf6e82825b9538f63145f2c8f6356a_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:d1fd491fde2306ac80e048721fdf71cf6f3c07cb622f8c2baf89361490cb48eb_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:e8a2bd1bc3c635e274263a2c2dfbec269ad3457ff724acf4d3955795c03fd342_s390x", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:11ba1b269f55ffe9fde39d911f6ac8d2efc58523b02642178cc4dc05b0530775_arm64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:18bbb5cd8c229f1d42ef2226d3cb790e1174929bdd6c00be150345872873e881_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:527f500b8a50923d4ffc1b3b41718f1fec79b72896f3988fbf7fdc2b2fe9396b_amd64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:d3ac1434e9ed67672412e8bc34c86d6cdd923df03cd53fd7db276f4a217e977e_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:15170b76ccc5bc579cd83b42203c06c8acc9c21650354b3f2242bb9dfe0991a1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:229bcd4a16087125c39dafe272a6f11de4a10992a5e40f86dd70e9e0c559454d_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:5fa29842159465bffc0318152991562659b9925d904219d341fa1a7ae499b4c4_amd64", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:d692fbb1df809ecf83ed074c9b29cd3882590f88dcf8a4baa94553dd48749468_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-operator-bundle@sha256:caae910cb099a74d24e3eab649231240bbb2064c8dcb059efeec5cd25b78602e_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:08b0db82840cec96793eae5997fa38798cfedd5f97ae98087b48c67c48f8a10b_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:809dfe55f788fed0e4359416b0342d079030235a30148c6c1a5b301e1eae236c_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:cd2c0d4339fc02879008d31cffeb4af8f5153af59f075416b1dad7cf341d0444_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:d71e522331b9f623f2f3d7d7d44203d757494e71fa7a7de714651345638e3ad5_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:2e9b3f4392115dde520fcd4850cbc5ec144b3eff1d979cb0a6b246a601621e33_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:301fdc294a4d8fd99b76554117d063a3533007649c3883838fbebe84bcd80df8_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:3a023dd599791a30efb76f1877ec37302fc00f07370c1dfd0b44c7024deb0af8_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:b2bab868a601143131434349afbe77f3d31023c1f8d48419c8846e2013c44b26_amd64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:2a8b7da525a1095cc82e8be9cae1799694227c05c98f86ef5795d5e140556603_s390x", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:3fab5ec91594d33ef9f06c310dc374b5c36a5e976a28f6c99e4c0e6418d9e499_arm64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:5842940f4651c37f2914d606272598b42f9668b189d8dfd69607a8c9ce69ed59_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:edf33e8a2678cfe91b942c0e8e096a0cc1ce2d0e329540c30a45f84a33c8f318_amd64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:5d394094da851d055c2c44788cc5114e456e1d6f4be01170b20d8f30b5e781e1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:76d564acd106a6a1a7bd7522a7e63d9f77e5e4d9b4a823744328a6e19e9cc06a_s390x", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:94db2da6653de641ec792944bd27e7e8bc0faa6a1621a9d3f3c2fdbf1e42478c_arm64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:f023473103d2a54daad783d4f479f79f8a2d7db78a5bab1781c19b9e250cf4db_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:46cc90ff5d8e3be71bca64d8e9828eed5192a1f5977e56cd30532525f3b6a7e3_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:54d08845092953eb90563447db6061d0db9b414ae20b2fe88d725d9d0bf9e3e8_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:6a57219d4878ddb4678b2fc2312e728e6656ab11f976798de055855a280c3f32_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:8fb5db95ab144d9615f54de90784eddff20866f0737a0c8e518c9a0cd0d563c4_s390x", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:065bf5f9e34cc22a1fbb6414c595910528bfc1742128a71880fd26118cab9c65_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:5699abd15b15bab2581fb5068a4492d24ecf6e82825b9538f63145f2c8f6356a_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:d1fd491fde2306ac80e048721fdf71cf6f3c07cb622f8c2baf89361490cb48eb_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:e8a2bd1bc3c635e274263a2c2dfbec269ad3457ff724acf4d3955795c03fd342_s390x", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:11ba1b269f55ffe9fde39d911f6ac8d2efc58523b02642178cc4dc05b0530775_arm64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:18bbb5cd8c229f1d42ef2226d3cb790e1174929bdd6c00be150345872873e881_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:527f500b8a50923d4ffc1b3b41718f1fec79b72896f3988fbf7fdc2b2fe9396b_amd64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:d3ac1434e9ed67672412e8bc34c86d6cdd923df03cd53fd7db276f4a217e977e_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:15170b76ccc5bc579cd83b42203c06c8acc9c21650354b3f2242bb9dfe0991a1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:229bcd4a16087125c39dafe272a6f11de4a10992a5e40f86dd70e9e0c559454d_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:5fa29842159465bffc0318152991562659b9925d904219d341fa1a7ae499b4c4_amd64", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:d692fbb1df809ecf83ed074c9b29cd3882590f88dcf8a4baa94553dd48749468_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-operator-bundle@sha256:caae910cb099a74d24e3eab649231240bbb2064c8dcb059efeec5cd25b78602e_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:08b0db82840cec96793eae5997fa38798cfedd5f97ae98087b48c67c48f8a10b_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:809dfe55f788fed0e4359416b0342d079030235a30148c6c1a5b301e1eae236c_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:cd2c0d4339fc02879008d31cffeb4af8f5153af59f075416b1dad7cf341d0444_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:d71e522331b9f623f2f3d7d7d44203d757494e71fa7a7de714651345638e3ad5_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:2e9b3f4392115dde520fcd4850cbc5ec144b3eff1d979cb0a6b246a601621e33_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:301fdc294a4d8fd99b76554117d063a3533007649c3883838fbebe84bcd80df8_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:3a023dd599791a30efb76f1877ec37302fc00f07370c1dfd0b44c7024deb0af8_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:b2bab868a601143131434349afbe77f3d31023c1f8d48419c8846e2013c44b26_amd64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:2a8b7da525a1095cc82e8be9cae1799694227c05c98f86ef5795d5e140556603_s390x", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:3fab5ec91594d33ef9f06c310dc374b5c36a5e976a28f6c99e4c0e6418d9e499_arm64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:5842940f4651c37f2914d606272598b42f9668b189d8dfd69607a8c9ce69ed59_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:edf33e8a2678cfe91b942c0e8e096a0cc1ce2d0e329540c30a45f84a33c8f318_amd64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:5d394094da851d055c2c44788cc5114e456e1d6f4be01170b20d8f30b5e781e1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:76d564acd106a6a1a7bd7522a7e63d9f77e5e4d9b4a823744328a6e19e9cc06a_s390x", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:94db2da6653de641ec792944bd27e7e8bc0faa6a1621a9d3f3c2fdbf1e42478c_arm64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:f023473103d2a54daad783d4f479f79f8a2d7db78a5bab1781c19b9e250cf4db_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "argo-cd: Denial of Service Due to Unsafe Array Modification in Multi-threaded Environment" }, { "cve": "CVE-2024-21662", "cwe": { "id": "CWE-307", "name": "Improper Restriction of Excessive Authentication Attempts" }, "discovery_date": "2024-03-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2270182" } ], "notes": [ { "category": "description", "text": "A flaw was found in Argo CD, where the rate limit for login attempts may be bypassed due to an incomplete fix for CVE-2020-8827. The cache-based mechanism is limited to a `defaultMaxCacheSize` of 1000 entries. An attacker can overflow this cache by sending excessive login attempts for different users, thereby pushing out the admin account\u0027s failed attempts and effectively resetting the rate limit for that account. This enables attackers to perform brute force attacks at an accelerated rate, especially targeting the default admin account.", "title": "Vulnerability description" }, { "category": "summary", "text": "argo-cd: Bypassing Rate Limit and Brute Force Protection Using Cache Overflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:46cc90ff5d8e3be71bca64d8e9828eed5192a1f5977e56cd30532525f3b6a7e3_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:54d08845092953eb90563447db6061d0db9b414ae20b2fe88d725d9d0bf9e3e8_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:6a57219d4878ddb4678b2fc2312e728e6656ab11f976798de055855a280c3f32_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:8fb5db95ab144d9615f54de90784eddff20866f0737a0c8e518c9a0cd0d563c4_s390x", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:065bf5f9e34cc22a1fbb6414c595910528bfc1742128a71880fd26118cab9c65_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:5699abd15b15bab2581fb5068a4492d24ecf6e82825b9538f63145f2c8f6356a_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:d1fd491fde2306ac80e048721fdf71cf6f3c07cb622f8c2baf89361490cb48eb_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:e8a2bd1bc3c635e274263a2c2dfbec269ad3457ff724acf4d3955795c03fd342_s390x", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:11ba1b269f55ffe9fde39d911f6ac8d2efc58523b02642178cc4dc05b0530775_arm64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:18bbb5cd8c229f1d42ef2226d3cb790e1174929bdd6c00be150345872873e881_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:527f500b8a50923d4ffc1b3b41718f1fec79b72896f3988fbf7fdc2b2fe9396b_amd64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:d3ac1434e9ed67672412e8bc34c86d6cdd923df03cd53fd7db276f4a217e977e_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:15170b76ccc5bc579cd83b42203c06c8acc9c21650354b3f2242bb9dfe0991a1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:229bcd4a16087125c39dafe272a6f11de4a10992a5e40f86dd70e9e0c559454d_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:5fa29842159465bffc0318152991562659b9925d904219d341fa1a7ae499b4c4_amd64", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:d692fbb1df809ecf83ed074c9b29cd3882590f88dcf8a4baa94553dd48749468_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-operator-bundle@sha256:caae910cb099a74d24e3eab649231240bbb2064c8dcb059efeec5cd25b78602e_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:08b0db82840cec96793eae5997fa38798cfedd5f97ae98087b48c67c48f8a10b_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:809dfe55f788fed0e4359416b0342d079030235a30148c6c1a5b301e1eae236c_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:cd2c0d4339fc02879008d31cffeb4af8f5153af59f075416b1dad7cf341d0444_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:d71e522331b9f623f2f3d7d7d44203d757494e71fa7a7de714651345638e3ad5_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:2e9b3f4392115dde520fcd4850cbc5ec144b3eff1d979cb0a6b246a601621e33_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:301fdc294a4d8fd99b76554117d063a3533007649c3883838fbebe84bcd80df8_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:3a023dd599791a30efb76f1877ec37302fc00f07370c1dfd0b44c7024deb0af8_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:b2bab868a601143131434349afbe77f3d31023c1f8d48419c8846e2013c44b26_amd64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:2a8b7da525a1095cc82e8be9cae1799694227c05c98f86ef5795d5e140556603_s390x", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:3fab5ec91594d33ef9f06c310dc374b5c36a5e976a28f6c99e4c0e6418d9e499_arm64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:5842940f4651c37f2914d606272598b42f9668b189d8dfd69607a8c9ce69ed59_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:edf33e8a2678cfe91b942c0e8e096a0cc1ce2d0e329540c30a45f84a33c8f318_amd64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:5d394094da851d055c2c44788cc5114e456e1d6f4be01170b20d8f30b5e781e1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:76d564acd106a6a1a7bd7522a7e63d9f77e5e4d9b4a823744328a6e19e9cc06a_s390x", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:94db2da6653de641ec792944bd27e7e8bc0faa6a1621a9d3f3c2fdbf1e42478c_arm64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:f023473103d2a54daad783d4f479f79f8a2d7db78a5bab1781c19b9e250cf4db_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-21662" }, { "category": "external", "summary": "RHBZ#2270182", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270182" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21662", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21662" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21662", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21662" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/commit/17b0df1168a4c535f6f37e95f25ed7cd81e1fa4d", "url": "https://github.com/argoproj/argo-cd/commit/17b0df1168a4c535f6f37e95f25ed7cd81e1fa4d" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/commit/6e181d72b31522f886a2afa029d5b26d7912ec7b", "url": "https://github.com/argoproj/argo-cd/commit/6e181d72b31522f886a2afa029d5b26d7912ec7b" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/commit/cebb6538f7944c87ca2fecb5d17f8baacc431456", "url": "https://github.com/argoproj/argo-cd/commit/cebb6538f7944c87ca2fecb5d17f8baacc431456" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2vgg-9h6w-m454", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2vgg-9h6w-m454" } ], "release_date": "2024-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-08T16:37:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:46cc90ff5d8e3be71bca64d8e9828eed5192a1f5977e56cd30532525f3b6a7e3_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:54d08845092953eb90563447db6061d0db9b414ae20b2fe88d725d9d0bf9e3e8_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:6a57219d4878ddb4678b2fc2312e728e6656ab11f976798de055855a280c3f32_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:8fb5db95ab144d9615f54de90784eddff20866f0737a0c8e518c9a0cd0d563c4_s390x", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:065bf5f9e34cc22a1fbb6414c595910528bfc1742128a71880fd26118cab9c65_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:5699abd15b15bab2581fb5068a4492d24ecf6e82825b9538f63145f2c8f6356a_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:d1fd491fde2306ac80e048721fdf71cf6f3c07cb622f8c2baf89361490cb48eb_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:e8a2bd1bc3c635e274263a2c2dfbec269ad3457ff724acf4d3955795c03fd342_s390x", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:11ba1b269f55ffe9fde39d911f6ac8d2efc58523b02642178cc4dc05b0530775_arm64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:18bbb5cd8c229f1d42ef2226d3cb790e1174929bdd6c00be150345872873e881_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:527f500b8a50923d4ffc1b3b41718f1fec79b72896f3988fbf7fdc2b2fe9396b_amd64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:d3ac1434e9ed67672412e8bc34c86d6cdd923df03cd53fd7db276f4a217e977e_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:15170b76ccc5bc579cd83b42203c06c8acc9c21650354b3f2242bb9dfe0991a1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:229bcd4a16087125c39dafe272a6f11de4a10992a5e40f86dd70e9e0c559454d_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:5fa29842159465bffc0318152991562659b9925d904219d341fa1a7ae499b4c4_amd64", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:d692fbb1df809ecf83ed074c9b29cd3882590f88dcf8a4baa94553dd48749468_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-operator-bundle@sha256:caae910cb099a74d24e3eab649231240bbb2064c8dcb059efeec5cd25b78602e_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:08b0db82840cec96793eae5997fa38798cfedd5f97ae98087b48c67c48f8a10b_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:809dfe55f788fed0e4359416b0342d079030235a30148c6c1a5b301e1eae236c_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:cd2c0d4339fc02879008d31cffeb4af8f5153af59f075416b1dad7cf341d0444_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:d71e522331b9f623f2f3d7d7d44203d757494e71fa7a7de714651345638e3ad5_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:2e9b3f4392115dde520fcd4850cbc5ec144b3eff1d979cb0a6b246a601621e33_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:301fdc294a4d8fd99b76554117d063a3533007649c3883838fbebe84bcd80df8_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:3a023dd599791a30efb76f1877ec37302fc00f07370c1dfd0b44c7024deb0af8_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:b2bab868a601143131434349afbe77f3d31023c1f8d48419c8846e2013c44b26_amd64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:2a8b7da525a1095cc82e8be9cae1799694227c05c98f86ef5795d5e140556603_s390x", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:3fab5ec91594d33ef9f06c310dc374b5c36a5e976a28f6c99e4c0e6418d9e499_arm64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:5842940f4651c37f2914d606272598b42f9668b189d8dfd69607a8c9ce69ed59_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:edf33e8a2678cfe91b942c0e8e096a0cc1ce2d0e329540c30a45f84a33c8f318_amd64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:5d394094da851d055c2c44788cc5114e456e1d6f4be01170b20d8f30b5e781e1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:76d564acd106a6a1a7bd7522a7e63d9f77e5e4d9b4a823744328a6e19e9cc06a_s390x", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:94db2da6653de641ec792944bd27e7e8bc0faa6a1621a9d3f3c2fdbf1e42478c_arm64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:f023473103d2a54daad783d4f479f79f8a2d7db78a5bab1781c19b9e250cf4db_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1700" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:46cc90ff5d8e3be71bca64d8e9828eed5192a1f5977e56cd30532525f3b6a7e3_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:54d08845092953eb90563447db6061d0db9b414ae20b2fe88d725d9d0bf9e3e8_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:6a57219d4878ddb4678b2fc2312e728e6656ab11f976798de055855a280c3f32_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:8fb5db95ab144d9615f54de90784eddff20866f0737a0c8e518c9a0cd0d563c4_s390x", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:065bf5f9e34cc22a1fbb6414c595910528bfc1742128a71880fd26118cab9c65_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:5699abd15b15bab2581fb5068a4492d24ecf6e82825b9538f63145f2c8f6356a_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:d1fd491fde2306ac80e048721fdf71cf6f3c07cb622f8c2baf89361490cb48eb_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:e8a2bd1bc3c635e274263a2c2dfbec269ad3457ff724acf4d3955795c03fd342_s390x", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:11ba1b269f55ffe9fde39d911f6ac8d2efc58523b02642178cc4dc05b0530775_arm64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:18bbb5cd8c229f1d42ef2226d3cb790e1174929bdd6c00be150345872873e881_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:527f500b8a50923d4ffc1b3b41718f1fec79b72896f3988fbf7fdc2b2fe9396b_amd64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:d3ac1434e9ed67672412e8bc34c86d6cdd923df03cd53fd7db276f4a217e977e_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:15170b76ccc5bc579cd83b42203c06c8acc9c21650354b3f2242bb9dfe0991a1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:229bcd4a16087125c39dafe272a6f11de4a10992a5e40f86dd70e9e0c559454d_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:5fa29842159465bffc0318152991562659b9925d904219d341fa1a7ae499b4c4_amd64", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:d692fbb1df809ecf83ed074c9b29cd3882590f88dcf8a4baa94553dd48749468_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-operator-bundle@sha256:caae910cb099a74d24e3eab649231240bbb2064c8dcb059efeec5cd25b78602e_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:08b0db82840cec96793eae5997fa38798cfedd5f97ae98087b48c67c48f8a10b_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:809dfe55f788fed0e4359416b0342d079030235a30148c6c1a5b301e1eae236c_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:cd2c0d4339fc02879008d31cffeb4af8f5153af59f075416b1dad7cf341d0444_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:d71e522331b9f623f2f3d7d7d44203d757494e71fa7a7de714651345638e3ad5_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:2e9b3f4392115dde520fcd4850cbc5ec144b3eff1d979cb0a6b246a601621e33_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:301fdc294a4d8fd99b76554117d063a3533007649c3883838fbebe84bcd80df8_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:3a023dd599791a30efb76f1877ec37302fc00f07370c1dfd0b44c7024deb0af8_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:b2bab868a601143131434349afbe77f3d31023c1f8d48419c8846e2013c44b26_amd64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:2a8b7da525a1095cc82e8be9cae1799694227c05c98f86ef5795d5e140556603_s390x", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:3fab5ec91594d33ef9f06c310dc374b5c36a5e976a28f6c99e4c0e6418d9e499_arm64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:5842940f4651c37f2914d606272598b42f9668b189d8dfd69607a8c9ce69ed59_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:edf33e8a2678cfe91b942c0e8e096a0cc1ce2d0e329540c30a45f84a33c8f318_amd64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:5d394094da851d055c2c44788cc5114e456e1d6f4be01170b20d8f30b5e781e1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:76d564acd106a6a1a7bd7522a7e63d9f77e5e4d9b4a823744328a6e19e9cc06a_s390x", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:94db2da6653de641ec792944bd27e7e8bc0faa6a1621a9d3f3c2fdbf1e42478c_arm64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:f023473103d2a54daad783d4f479f79f8a2d7db78a5bab1781c19b9e250cf4db_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:46cc90ff5d8e3be71bca64d8e9828eed5192a1f5977e56cd30532525f3b6a7e3_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:54d08845092953eb90563447db6061d0db9b414ae20b2fe88d725d9d0bf9e3e8_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:6a57219d4878ddb4678b2fc2312e728e6656ab11f976798de055855a280c3f32_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:8fb5db95ab144d9615f54de90784eddff20866f0737a0c8e518c9a0cd0d563c4_s390x", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:065bf5f9e34cc22a1fbb6414c595910528bfc1742128a71880fd26118cab9c65_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:5699abd15b15bab2581fb5068a4492d24ecf6e82825b9538f63145f2c8f6356a_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:d1fd491fde2306ac80e048721fdf71cf6f3c07cb622f8c2baf89361490cb48eb_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:e8a2bd1bc3c635e274263a2c2dfbec269ad3457ff724acf4d3955795c03fd342_s390x", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:11ba1b269f55ffe9fde39d911f6ac8d2efc58523b02642178cc4dc05b0530775_arm64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:18bbb5cd8c229f1d42ef2226d3cb790e1174929bdd6c00be150345872873e881_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:527f500b8a50923d4ffc1b3b41718f1fec79b72896f3988fbf7fdc2b2fe9396b_amd64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:d3ac1434e9ed67672412e8bc34c86d6cdd923df03cd53fd7db276f4a217e977e_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:15170b76ccc5bc579cd83b42203c06c8acc9c21650354b3f2242bb9dfe0991a1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:229bcd4a16087125c39dafe272a6f11de4a10992a5e40f86dd70e9e0c559454d_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:5fa29842159465bffc0318152991562659b9925d904219d341fa1a7ae499b4c4_amd64", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:d692fbb1df809ecf83ed074c9b29cd3882590f88dcf8a4baa94553dd48749468_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-operator-bundle@sha256:caae910cb099a74d24e3eab649231240bbb2064c8dcb059efeec5cd25b78602e_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:08b0db82840cec96793eae5997fa38798cfedd5f97ae98087b48c67c48f8a10b_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:809dfe55f788fed0e4359416b0342d079030235a30148c6c1a5b301e1eae236c_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:cd2c0d4339fc02879008d31cffeb4af8f5153af59f075416b1dad7cf341d0444_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:d71e522331b9f623f2f3d7d7d44203d757494e71fa7a7de714651345638e3ad5_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:2e9b3f4392115dde520fcd4850cbc5ec144b3eff1d979cb0a6b246a601621e33_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:301fdc294a4d8fd99b76554117d063a3533007649c3883838fbebe84bcd80df8_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:3a023dd599791a30efb76f1877ec37302fc00f07370c1dfd0b44c7024deb0af8_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:b2bab868a601143131434349afbe77f3d31023c1f8d48419c8846e2013c44b26_amd64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:2a8b7da525a1095cc82e8be9cae1799694227c05c98f86ef5795d5e140556603_s390x", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:3fab5ec91594d33ef9f06c310dc374b5c36a5e976a28f6c99e4c0e6418d9e499_arm64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:5842940f4651c37f2914d606272598b42f9668b189d8dfd69607a8c9ce69ed59_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:edf33e8a2678cfe91b942c0e8e096a0cc1ce2d0e329540c30a45f84a33c8f318_amd64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:5d394094da851d055c2c44788cc5114e456e1d6f4be01170b20d8f30b5e781e1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:76d564acd106a6a1a7bd7522a7e63d9f77e5e4d9b4a823744328a6e19e9cc06a_s390x", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:94db2da6653de641ec792944bd27e7e8bc0faa6a1621a9d3f3c2fdbf1e42478c_arm64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:f023473103d2a54daad783d4f479f79f8a2d7db78a5bab1781c19b9e250cf4db_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "argo-cd: Bypassing Rate Limit and Brute Force Protection Using Cache Overflow" }, { "cve": "CVE-2024-29893", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-03-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2272211" } ], "notes": [ { "category": "description", "text": "The ArgoCD repo-server component is vulnerable to a denial of service attack, where it is possible to crash the repo server component through an out-of-memory error by pointing it to a malicious Helm registry. The loadRepoIndex() function in the ArgoCD\u0027s helm package does not limit the size or time while fetching the data. It fetches and creates a byte slice from the retrieved data in one go. If the registry is implemented to push data continuously, the repo server will keep allocating memory until it runs out.", "title": "Vulnerability description" }, { "category": "summary", "text": "argo-cd: uncontrolled memory allocation vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:46cc90ff5d8e3be71bca64d8e9828eed5192a1f5977e56cd30532525f3b6a7e3_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:54d08845092953eb90563447db6061d0db9b414ae20b2fe88d725d9d0bf9e3e8_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:6a57219d4878ddb4678b2fc2312e728e6656ab11f976798de055855a280c3f32_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:8fb5db95ab144d9615f54de90784eddff20866f0737a0c8e518c9a0cd0d563c4_s390x", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:065bf5f9e34cc22a1fbb6414c595910528bfc1742128a71880fd26118cab9c65_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:5699abd15b15bab2581fb5068a4492d24ecf6e82825b9538f63145f2c8f6356a_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:d1fd491fde2306ac80e048721fdf71cf6f3c07cb622f8c2baf89361490cb48eb_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:e8a2bd1bc3c635e274263a2c2dfbec269ad3457ff724acf4d3955795c03fd342_s390x", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:11ba1b269f55ffe9fde39d911f6ac8d2efc58523b02642178cc4dc05b0530775_arm64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:18bbb5cd8c229f1d42ef2226d3cb790e1174929bdd6c00be150345872873e881_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:527f500b8a50923d4ffc1b3b41718f1fec79b72896f3988fbf7fdc2b2fe9396b_amd64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:d3ac1434e9ed67672412e8bc34c86d6cdd923df03cd53fd7db276f4a217e977e_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:15170b76ccc5bc579cd83b42203c06c8acc9c21650354b3f2242bb9dfe0991a1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:229bcd4a16087125c39dafe272a6f11de4a10992a5e40f86dd70e9e0c559454d_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:5fa29842159465bffc0318152991562659b9925d904219d341fa1a7ae499b4c4_amd64", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:d692fbb1df809ecf83ed074c9b29cd3882590f88dcf8a4baa94553dd48749468_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-operator-bundle@sha256:caae910cb099a74d24e3eab649231240bbb2064c8dcb059efeec5cd25b78602e_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:08b0db82840cec96793eae5997fa38798cfedd5f97ae98087b48c67c48f8a10b_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:809dfe55f788fed0e4359416b0342d079030235a30148c6c1a5b301e1eae236c_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:cd2c0d4339fc02879008d31cffeb4af8f5153af59f075416b1dad7cf341d0444_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:d71e522331b9f623f2f3d7d7d44203d757494e71fa7a7de714651345638e3ad5_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:2e9b3f4392115dde520fcd4850cbc5ec144b3eff1d979cb0a6b246a601621e33_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:301fdc294a4d8fd99b76554117d063a3533007649c3883838fbebe84bcd80df8_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:3a023dd599791a30efb76f1877ec37302fc00f07370c1dfd0b44c7024deb0af8_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:b2bab868a601143131434349afbe77f3d31023c1f8d48419c8846e2013c44b26_amd64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:2a8b7da525a1095cc82e8be9cae1799694227c05c98f86ef5795d5e140556603_s390x", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:3fab5ec91594d33ef9f06c310dc374b5c36a5e976a28f6c99e4c0e6418d9e499_arm64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:5842940f4651c37f2914d606272598b42f9668b189d8dfd69607a8c9ce69ed59_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:edf33e8a2678cfe91b942c0e8e096a0cc1ce2d0e329540c30a45f84a33c8f318_amd64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:5d394094da851d055c2c44788cc5114e456e1d6f4be01170b20d8f30b5e781e1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:76d564acd106a6a1a7bd7522a7e63d9f77e5e4d9b4a823744328a6e19e9cc06a_s390x", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:94db2da6653de641ec792944bd27e7e8bc0faa6a1621a9d3f3c2fdbf1e42478c_arm64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:f023473103d2a54daad783d4f479f79f8a2d7db78a5bab1781c19b9e250cf4db_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-29893" }, { "category": "external", "summary": "RHBZ#2272211", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272211" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29893", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29893" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29893", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29893" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/commit/14f681e3ee7c38731943b98f92277e88a3db109d", "url": "https://github.com/argoproj/argo-cd/commit/14f681e3ee7c38731943b98f92277e88a3db109d" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/commit/36b8a12a38f8d92d55bffc81deed44389bf6eb59", "url": "https://github.com/argoproj/argo-cd/commit/36b8a12a38f8d92d55bffc81deed44389bf6eb59" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/commit/3e5a878f6e30d935fa149723ea2a2e93748fcddd", "url": "https://github.com/argoproj/argo-cd/commit/3e5a878f6e30d935fa149723ea2a2e93748fcddd" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-jhwx-mhww-rgc3", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-jhwx-mhww-rgc3" } ], "release_date": "2024-03-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-08T16:37:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:46cc90ff5d8e3be71bca64d8e9828eed5192a1f5977e56cd30532525f3b6a7e3_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:54d08845092953eb90563447db6061d0db9b414ae20b2fe88d725d9d0bf9e3e8_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:6a57219d4878ddb4678b2fc2312e728e6656ab11f976798de055855a280c3f32_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:8fb5db95ab144d9615f54de90784eddff20866f0737a0c8e518c9a0cd0d563c4_s390x", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:065bf5f9e34cc22a1fbb6414c595910528bfc1742128a71880fd26118cab9c65_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:5699abd15b15bab2581fb5068a4492d24ecf6e82825b9538f63145f2c8f6356a_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:d1fd491fde2306ac80e048721fdf71cf6f3c07cb622f8c2baf89361490cb48eb_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:e8a2bd1bc3c635e274263a2c2dfbec269ad3457ff724acf4d3955795c03fd342_s390x", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:11ba1b269f55ffe9fde39d911f6ac8d2efc58523b02642178cc4dc05b0530775_arm64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:18bbb5cd8c229f1d42ef2226d3cb790e1174929bdd6c00be150345872873e881_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:527f500b8a50923d4ffc1b3b41718f1fec79b72896f3988fbf7fdc2b2fe9396b_amd64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:d3ac1434e9ed67672412e8bc34c86d6cdd923df03cd53fd7db276f4a217e977e_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:15170b76ccc5bc579cd83b42203c06c8acc9c21650354b3f2242bb9dfe0991a1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:229bcd4a16087125c39dafe272a6f11de4a10992a5e40f86dd70e9e0c559454d_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:5fa29842159465bffc0318152991562659b9925d904219d341fa1a7ae499b4c4_amd64", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:d692fbb1df809ecf83ed074c9b29cd3882590f88dcf8a4baa94553dd48749468_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-operator-bundle@sha256:caae910cb099a74d24e3eab649231240bbb2064c8dcb059efeec5cd25b78602e_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:08b0db82840cec96793eae5997fa38798cfedd5f97ae98087b48c67c48f8a10b_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:809dfe55f788fed0e4359416b0342d079030235a30148c6c1a5b301e1eae236c_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:cd2c0d4339fc02879008d31cffeb4af8f5153af59f075416b1dad7cf341d0444_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:d71e522331b9f623f2f3d7d7d44203d757494e71fa7a7de714651345638e3ad5_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:2e9b3f4392115dde520fcd4850cbc5ec144b3eff1d979cb0a6b246a601621e33_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:301fdc294a4d8fd99b76554117d063a3533007649c3883838fbebe84bcd80df8_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:3a023dd599791a30efb76f1877ec37302fc00f07370c1dfd0b44c7024deb0af8_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:b2bab868a601143131434349afbe77f3d31023c1f8d48419c8846e2013c44b26_amd64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:2a8b7da525a1095cc82e8be9cae1799694227c05c98f86ef5795d5e140556603_s390x", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:3fab5ec91594d33ef9f06c310dc374b5c36a5e976a28f6c99e4c0e6418d9e499_arm64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:5842940f4651c37f2914d606272598b42f9668b189d8dfd69607a8c9ce69ed59_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:edf33e8a2678cfe91b942c0e8e096a0cc1ce2d0e329540c30a45f84a33c8f318_amd64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:5d394094da851d055c2c44788cc5114e456e1d6f4be01170b20d8f30b5e781e1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:76d564acd106a6a1a7bd7522a7e63d9f77e5e4d9b4a823744328a6e19e9cc06a_s390x", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:94db2da6653de641ec792944bd27e7e8bc0faa6a1621a9d3f3c2fdbf1e42478c_arm64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:f023473103d2a54daad783d4f479f79f8a2d7db78a5bab1781c19b9e250cf4db_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1700" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:46cc90ff5d8e3be71bca64d8e9828eed5192a1f5977e56cd30532525f3b6a7e3_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:54d08845092953eb90563447db6061d0db9b414ae20b2fe88d725d9d0bf9e3e8_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:6a57219d4878ddb4678b2fc2312e728e6656ab11f976798de055855a280c3f32_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:8fb5db95ab144d9615f54de90784eddff20866f0737a0c8e518c9a0cd0d563c4_s390x", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:065bf5f9e34cc22a1fbb6414c595910528bfc1742128a71880fd26118cab9c65_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:5699abd15b15bab2581fb5068a4492d24ecf6e82825b9538f63145f2c8f6356a_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:d1fd491fde2306ac80e048721fdf71cf6f3c07cb622f8c2baf89361490cb48eb_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:e8a2bd1bc3c635e274263a2c2dfbec269ad3457ff724acf4d3955795c03fd342_s390x", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:11ba1b269f55ffe9fde39d911f6ac8d2efc58523b02642178cc4dc05b0530775_arm64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:18bbb5cd8c229f1d42ef2226d3cb790e1174929bdd6c00be150345872873e881_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:527f500b8a50923d4ffc1b3b41718f1fec79b72896f3988fbf7fdc2b2fe9396b_amd64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:d3ac1434e9ed67672412e8bc34c86d6cdd923df03cd53fd7db276f4a217e977e_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:15170b76ccc5bc579cd83b42203c06c8acc9c21650354b3f2242bb9dfe0991a1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:229bcd4a16087125c39dafe272a6f11de4a10992a5e40f86dd70e9e0c559454d_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:5fa29842159465bffc0318152991562659b9925d904219d341fa1a7ae499b4c4_amd64", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:d692fbb1df809ecf83ed074c9b29cd3882590f88dcf8a4baa94553dd48749468_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-operator-bundle@sha256:caae910cb099a74d24e3eab649231240bbb2064c8dcb059efeec5cd25b78602e_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:08b0db82840cec96793eae5997fa38798cfedd5f97ae98087b48c67c48f8a10b_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:809dfe55f788fed0e4359416b0342d079030235a30148c6c1a5b301e1eae236c_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:cd2c0d4339fc02879008d31cffeb4af8f5153af59f075416b1dad7cf341d0444_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:d71e522331b9f623f2f3d7d7d44203d757494e71fa7a7de714651345638e3ad5_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:2e9b3f4392115dde520fcd4850cbc5ec144b3eff1d979cb0a6b246a601621e33_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:301fdc294a4d8fd99b76554117d063a3533007649c3883838fbebe84bcd80df8_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:3a023dd599791a30efb76f1877ec37302fc00f07370c1dfd0b44c7024deb0af8_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:b2bab868a601143131434349afbe77f3d31023c1f8d48419c8846e2013c44b26_amd64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:2a8b7da525a1095cc82e8be9cae1799694227c05c98f86ef5795d5e140556603_s390x", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:3fab5ec91594d33ef9f06c310dc374b5c36a5e976a28f6c99e4c0e6418d9e499_arm64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:5842940f4651c37f2914d606272598b42f9668b189d8dfd69607a8c9ce69ed59_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:edf33e8a2678cfe91b942c0e8e096a0cc1ce2d0e329540c30a45f84a33c8f318_amd64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:5d394094da851d055c2c44788cc5114e456e1d6f4be01170b20d8f30b5e781e1_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:76d564acd106a6a1a7bd7522a7e63d9f77e5e4d9b4a823744328a6e19e9cc06a_s390x", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:94db2da6653de641ec792944bd27e7e8bc0faa6a1621a9d3f3c2fdbf1e42478c_arm64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:f023473103d2a54daad783d4f479f79f8a2d7db78a5bab1781c19b9e250cf4db_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "argo-cd: uncontrolled memory allocation vulnerability" } ] }
rhsa-2024_1697
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat OpenShift GitOps v1.11.3. Red Hat\nProduct Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Errata Advisory for Red Hat OpenShift GitOps v1.11.3.\n\nSecurity Fix(es):\n\n* argo-cd: Denial of Service Due to Unsafe Array Modification in Multi-threaded\nEnvironment (CVE-2024-21661)\n\n* argo-cd: Users with `create` but not `override` privileges can perform local\nsync (CVE-2023-50726)\n\n* argo-cd: Bypassing Brute Force Protection via Application Crash and In-Memory\nData Loss (CVE-2024-21652)\n\n* argo-cd: uncontrolled resource consumption vulnerability (CVE-2024-29893)\n\n* argo-cd: Bypassing Rate Limit and Brute Force Protection Using Cache Overflow\n(CVE-2024-21662)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:1697", "url": "https://access.redhat.com/errata/RHSA-2024:1697" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://docs.openshift.com/gitops/1.11/release_notes/gitops-release-notes.html", "url": "https://docs.openshift.com/gitops/1.11/release_notes/gitops-release-notes.html" }, { "category": "external", "summary": "https://docs.openshift.com/gitops/1.11/understanding_openshift_gitops/about-redhat-openshift-gitops.html", "url": "https://docs.openshift.com/gitops/1.11/understanding_openshift_gitops/about-redhat-openshift-gitops.html" }, { "category": "external", "summary": "2269479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269479" }, { "category": "external", "summary": "2270170", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270170" }, { "category": "external", "summary": "2270173", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270173" }, { "category": "external", "summary": "2270182", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270182" }, { "category": "external", "summary": "2272211", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272211" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1697.json" } ], "title": "Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.11.3 security update", "tracking": { "current_release_date": "2024-11-24T15:00:14+00:00", "generator": { "date": "2024-11-24T15:00:14+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2024:1697", "initial_release_date": "2024-04-08T13:36:17+00:00", "revision_history": [ { "date": "2024-04-08T13:36:17+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-04-08T13:36:17+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-24T15:00:14+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift GitOps 1.11", "product": { "name": "Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_gitops:1.11::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift GitOps" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-1/argocd-rhel8@sha256:6a130b07e68b8e30d78d8d6db6f85b718583fc3ceb35827834a46bd07cee1727_amd64", "product": { "name": "openshift-gitops-1/argocd-rhel8@sha256:6a130b07e68b8e30d78d8d6db6f85b718583fc3ceb35827834a46bd07cee1727_amd64", "product_id": "openshift-gitops-1/argocd-rhel8@sha256:6a130b07e68b8e30d78d8d6db6f85b718583fc3ceb35827834a46bd07cee1727_amd64", "product_identification_helper": { "purl": "pkg:oci/argocd-rhel8@sha256:6a130b07e68b8e30d78d8d6db6f85b718583fc3ceb35827834a46bd07cee1727?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.11.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:f90e8392c932d527fd720a016341484be74a8934cea153322ad76e192b995d9e_amd64", "product": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:f90e8392c932d527fd720a016341484be74a8934cea153322ad76e192b995d9e_amd64", "product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:f90e8392c932d527fd720a016341484be74a8934cea153322ad76e192b995d9e_amd64", "product_identification_helper": { "purl": "pkg:oci/argo-rollouts-rhel8@sha256:f90e8392c932d527fd720a016341484be74a8934cea153322ad76e192b995d9e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.11.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/console-plugin-rhel8@sha256:c9947f0f6981e1b7e7a8919e59cb36e981eab217d710101947a50f029f9d5864_amd64", "product": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:c9947f0f6981e1b7e7a8919e59cb36e981eab217d710101947a50f029f9d5864_amd64", "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:c9947f0f6981e1b7e7a8919e59cb36e981eab217d710101947a50f029f9d5864_amd64", "product_identification_helper": { "purl": "pkg:oci/console-plugin-rhel8@sha256:c9947f0f6981e1b7e7a8919e59cb36e981eab217d710101947a50f029f9d5864?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.11.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8@sha256:f1b5e410215abb50f6fa0b7575a75fd5d2f4a6ad901566fca037c96a31455f07_amd64", "product": { "name": "openshift-gitops-1/gitops-rhel8@sha256:f1b5e410215abb50f6fa0b7575a75fd5d2f4a6ad901566fca037c96a31455f07_amd64", "product_id": "openshift-gitops-1/gitops-rhel8@sha256:f1b5e410215abb50f6fa0b7575a75fd5d2f4a6ad901566fca037c96a31455f07_amd64", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8@sha256:f1b5e410215abb50f6fa0b7575a75fd5d2f4a6ad901566fca037c96a31455f07?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.11.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/dex-rhel8@sha256:2e20b3f1b6178faab7e1363efe0629998a18d93e134703312b729efdceac9069_amd64", "product": { "name": "openshift-gitops-1/dex-rhel8@sha256:2e20b3f1b6178faab7e1363efe0629998a18d93e134703312b729efdceac9069_amd64", "product_id": "openshift-gitops-1/dex-rhel8@sha256:2e20b3f1b6178faab7e1363efe0629998a18d93e134703312b729efdceac9069_amd64", "product_identification_helper": { "purl": "pkg:oci/dex-rhel8@sha256:2e20b3f1b6178faab7e1363efe0629998a18d93e134703312b729efdceac9069?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.11.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:243757043ae12bb32ada35638b39f0ad8621dbb2a4f0b0ea2cc00ef22398e3c0_amd64", "product": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:243757043ae12bb32ada35638b39f0ad8621dbb2a4f0b0ea2cc00ef22398e3c0_amd64", "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:243757043ae12bb32ada35638b39f0ad8621dbb2a4f0b0ea2cc00ef22398e3c0_amd64", "product_identification_helper": { "purl": "pkg:oci/kam-delivery-rhel8@sha256:243757043ae12bb32ada35638b39f0ad8621dbb2a4f0b0ea2cc00ef22398e3c0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.11.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/must-gather-rhel8@sha256:8ae7446f334fafdcdd23886096566ee9a9af6b1c74f825cc7d5ca2797cdc1dbf_amd64", "product": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:8ae7446f334fafdcdd23886096566ee9a9af6b1c74f825cc7d5ca2797cdc1dbf_amd64", "product_id": "openshift-gitops-1/must-gather-rhel8@sha256:8ae7446f334fafdcdd23886096566ee9a9af6b1c74f825cc7d5ca2797cdc1dbf_amd64", "product_identification_helper": { "purl": "pkg:oci/must-gather-rhel8@sha256:8ae7446f334fafdcdd23886096566ee9a9af6b1c74f825cc7d5ca2797cdc1dbf?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.11.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-operator-bundle@sha256:648d9e94bd34d93d425132a80b445cc2113f8068c803deb1c241fe73e1b21b56_amd64", "product": { "name": "openshift-gitops-1/gitops-operator-bundle@sha256:648d9e94bd34d93d425132a80b445cc2113f8068c803deb1c241fe73e1b21b56_amd64", "product_id": "openshift-gitops-1/gitops-operator-bundle@sha256:648d9e94bd34d93d425132a80b445cc2113f8068c803deb1c241fe73e1b21b56_amd64", "product_identification_helper": { "purl": "pkg:oci/gitops-operator-bundle@sha256:648d9e94bd34d93d425132a80b445cc2113f8068c803deb1c241fe73e1b21b56?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-operator-bundle\u0026tag=v1.11.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:b263b478702fb4de022d5f9906273842ce0613eaefdf6f4ee8f07fc5384f9857_amd64", "product": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:b263b478702fb4de022d5f9906273842ce0613eaefdf6f4ee8f07fc5384f9857_amd64", "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:b263b478702fb4de022d5f9906273842ce0613eaefdf6f4ee8f07fc5384f9857_amd64", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8-operator@sha256:b263b478702fb4de022d5f9906273842ce0613eaefdf6f4ee8f07fc5384f9857?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.11.3-2" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-1/argocd-rhel8@sha256:c8bc4553ee07fe306549c3a915bc7822ac2fccc1895be00d91a2d5113a0f9231_s390x", "product": { "name": "openshift-gitops-1/argocd-rhel8@sha256:c8bc4553ee07fe306549c3a915bc7822ac2fccc1895be00d91a2d5113a0f9231_s390x", "product_id": "openshift-gitops-1/argocd-rhel8@sha256:c8bc4553ee07fe306549c3a915bc7822ac2fccc1895be00d91a2d5113a0f9231_s390x", "product_identification_helper": { "purl": "pkg:oci/argocd-rhel8@sha256:c8bc4553ee07fe306549c3a915bc7822ac2fccc1895be00d91a2d5113a0f9231?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.11.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:6127403dba805efc36d574037cd42a28d6b9890ee90695f8bf55d9050a2cf484_s390x", "product": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:6127403dba805efc36d574037cd42a28d6b9890ee90695f8bf55d9050a2cf484_s390x", "product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:6127403dba805efc36d574037cd42a28d6b9890ee90695f8bf55d9050a2cf484_s390x", "product_identification_helper": { "purl": "pkg:oci/argo-rollouts-rhel8@sha256:6127403dba805efc36d574037cd42a28d6b9890ee90695f8bf55d9050a2cf484?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.11.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/console-plugin-rhel8@sha256:339617f04389e835b127ed280aeda5f43f6817988c9ebe0ecd0f609b149c3b82_s390x", "product": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:339617f04389e835b127ed280aeda5f43f6817988c9ebe0ecd0f609b149c3b82_s390x", "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:339617f04389e835b127ed280aeda5f43f6817988c9ebe0ecd0f609b149c3b82_s390x", "product_identification_helper": { "purl": "pkg:oci/console-plugin-rhel8@sha256:339617f04389e835b127ed280aeda5f43f6817988c9ebe0ecd0f609b149c3b82?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.11.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8@sha256:f848e0bedee28d10351781cc25fb7662bfbf692d1ed2f5972032d7ed5d50ede6_s390x", "product": { "name": "openshift-gitops-1/gitops-rhel8@sha256:f848e0bedee28d10351781cc25fb7662bfbf692d1ed2f5972032d7ed5d50ede6_s390x", "product_id": "openshift-gitops-1/gitops-rhel8@sha256:f848e0bedee28d10351781cc25fb7662bfbf692d1ed2f5972032d7ed5d50ede6_s390x", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8@sha256:f848e0bedee28d10351781cc25fb7662bfbf692d1ed2f5972032d7ed5d50ede6?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.11.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/dex-rhel8@sha256:567428139e895d1a8eea9baaea570ed24dc64dd7d36e65167d029579fbf0cfd4_s390x", "product": { "name": "openshift-gitops-1/dex-rhel8@sha256:567428139e895d1a8eea9baaea570ed24dc64dd7d36e65167d029579fbf0cfd4_s390x", "product_id": "openshift-gitops-1/dex-rhel8@sha256:567428139e895d1a8eea9baaea570ed24dc64dd7d36e65167d029579fbf0cfd4_s390x", "product_identification_helper": { "purl": "pkg:oci/dex-rhel8@sha256:567428139e895d1a8eea9baaea570ed24dc64dd7d36e65167d029579fbf0cfd4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.11.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:fdaa10d7f6696f36f51aed47f96575a2ef4bca1a4912af0c75ac4a2f4a0eb7cc_s390x", "product": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:fdaa10d7f6696f36f51aed47f96575a2ef4bca1a4912af0c75ac4a2f4a0eb7cc_s390x", "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:fdaa10d7f6696f36f51aed47f96575a2ef4bca1a4912af0c75ac4a2f4a0eb7cc_s390x", "product_identification_helper": { "purl": "pkg:oci/kam-delivery-rhel8@sha256:fdaa10d7f6696f36f51aed47f96575a2ef4bca1a4912af0c75ac4a2f4a0eb7cc?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.11.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/must-gather-rhel8@sha256:38a621bda3e0b14787f3fe412ecf7016d090f71d4645cfb1a196ac7c7bbf96f1_s390x", "product": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:38a621bda3e0b14787f3fe412ecf7016d090f71d4645cfb1a196ac7c7bbf96f1_s390x", "product_id": "openshift-gitops-1/must-gather-rhel8@sha256:38a621bda3e0b14787f3fe412ecf7016d090f71d4645cfb1a196ac7c7bbf96f1_s390x", "product_identification_helper": { "purl": "pkg:oci/must-gather-rhel8@sha256:38a621bda3e0b14787f3fe412ecf7016d090f71d4645cfb1a196ac7c7bbf96f1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.11.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:97cd97e2c99c69b94ab9a18d2515114c32b39ea39f25aa5d560e107190e34fbb_s390x", "product": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:97cd97e2c99c69b94ab9a18d2515114c32b39ea39f25aa5d560e107190e34fbb_s390x", "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:97cd97e2c99c69b94ab9a18d2515114c32b39ea39f25aa5d560e107190e34fbb_s390x", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8-operator@sha256:97cd97e2c99c69b94ab9a18d2515114c32b39ea39f25aa5d560e107190e34fbb?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.11.3-2" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-1/argocd-rhel8@sha256:fbd1daea3cfa54e43089f97b6ce1887e5f4df027bde9d20ab7e32d1e221b757d_arm64", "product": { "name": "openshift-gitops-1/argocd-rhel8@sha256:fbd1daea3cfa54e43089f97b6ce1887e5f4df027bde9d20ab7e32d1e221b757d_arm64", "product_id": "openshift-gitops-1/argocd-rhel8@sha256:fbd1daea3cfa54e43089f97b6ce1887e5f4df027bde9d20ab7e32d1e221b757d_arm64", "product_identification_helper": { "purl": "pkg:oci/argocd-rhel8@sha256:fbd1daea3cfa54e43089f97b6ce1887e5f4df027bde9d20ab7e32d1e221b757d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.11.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:dfb51f001b4ff4b926e5651e66c71fdc3fd5ffa56744b401c648ba1e6a04b461_arm64", "product": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:dfb51f001b4ff4b926e5651e66c71fdc3fd5ffa56744b401c648ba1e6a04b461_arm64", "product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:dfb51f001b4ff4b926e5651e66c71fdc3fd5ffa56744b401c648ba1e6a04b461_arm64", "product_identification_helper": { "purl": "pkg:oci/argo-rollouts-rhel8@sha256:dfb51f001b4ff4b926e5651e66c71fdc3fd5ffa56744b401c648ba1e6a04b461?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.11.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/console-plugin-rhel8@sha256:9f9b1dc112f45ec605b817450388b116e523733cd5ad66ba09e91a47b624eed9_arm64", "product": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:9f9b1dc112f45ec605b817450388b116e523733cd5ad66ba09e91a47b624eed9_arm64", "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:9f9b1dc112f45ec605b817450388b116e523733cd5ad66ba09e91a47b624eed9_arm64", "product_identification_helper": { "purl": "pkg:oci/console-plugin-rhel8@sha256:9f9b1dc112f45ec605b817450388b116e523733cd5ad66ba09e91a47b624eed9?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.11.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8@sha256:b655a97c3aeab2feca73b054e03e832172c6886dbb29334f511d868be31de009_arm64", "product": { "name": "openshift-gitops-1/gitops-rhel8@sha256:b655a97c3aeab2feca73b054e03e832172c6886dbb29334f511d868be31de009_arm64", "product_id": "openshift-gitops-1/gitops-rhel8@sha256:b655a97c3aeab2feca73b054e03e832172c6886dbb29334f511d868be31de009_arm64", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8@sha256:b655a97c3aeab2feca73b054e03e832172c6886dbb29334f511d868be31de009?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.11.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/dex-rhel8@sha256:ffefdc53c0d0b1c6ca36c83d4d0b3a48a5ccafa02aa3c865450d0bc01cfc6983_arm64", "product": { "name": "openshift-gitops-1/dex-rhel8@sha256:ffefdc53c0d0b1c6ca36c83d4d0b3a48a5ccafa02aa3c865450d0bc01cfc6983_arm64", "product_id": "openshift-gitops-1/dex-rhel8@sha256:ffefdc53c0d0b1c6ca36c83d4d0b3a48a5ccafa02aa3c865450d0bc01cfc6983_arm64", "product_identification_helper": { "purl": "pkg:oci/dex-rhel8@sha256:ffefdc53c0d0b1c6ca36c83d4d0b3a48a5ccafa02aa3c865450d0bc01cfc6983?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.11.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:3f57e8c1c090bf3e276966e15903c372551b9360f4558589a66b5f5b112ba735_arm64", "product": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:3f57e8c1c090bf3e276966e15903c372551b9360f4558589a66b5f5b112ba735_arm64", "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:3f57e8c1c090bf3e276966e15903c372551b9360f4558589a66b5f5b112ba735_arm64", "product_identification_helper": { "purl": "pkg:oci/kam-delivery-rhel8@sha256:3f57e8c1c090bf3e276966e15903c372551b9360f4558589a66b5f5b112ba735?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.11.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/must-gather-rhel8@sha256:dec2b37341e2ecdfd29288f623dbbfda388d24794d8e101adb18bd4e6ff6d2d1_arm64", "product": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:dec2b37341e2ecdfd29288f623dbbfda388d24794d8e101adb18bd4e6ff6d2d1_arm64", "product_id": "openshift-gitops-1/must-gather-rhel8@sha256:dec2b37341e2ecdfd29288f623dbbfda388d24794d8e101adb18bd4e6ff6d2d1_arm64", "product_identification_helper": { "purl": "pkg:oci/must-gather-rhel8@sha256:dec2b37341e2ecdfd29288f623dbbfda388d24794d8e101adb18bd4e6ff6d2d1?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.11.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:c5b00eadf15a9d84727630246efa051e8eb8c73106ada11acf1bc11bcd85f19d_arm64", "product": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:c5b00eadf15a9d84727630246efa051e8eb8c73106ada11acf1bc11bcd85f19d_arm64", "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:c5b00eadf15a9d84727630246efa051e8eb8c73106ada11acf1bc11bcd85f19d_arm64", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8-operator@sha256:c5b00eadf15a9d84727630246efa051e8eb8c73106ada11acf1bc11bcd85f19d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.11.3-2" } } } ], "category": "architecture", "name": "arm64" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-1/argocd-rhel8@sha256:fb2afdfdfe8744e2840695b6f4f77f257d7c6f554cb02c9ca6c277bc2d2772be_ppc64le", "product": { "name": "openshift-gitops-1/argocd-rhel8@sha256:fb2afdfdfe8744e2840695b6f4f77f257d7c6f554cb02c9ca6c277bc2d2772be_ppc64le", "product_id": "openshift-gitops-1/argocd-rhel8@sha256:fb2afdfdfe8744e2840695b6f4f77f257d7c6f554cb02c9ca6c277bc2d2772be_ppc64le", "product_identification_helper": { "purl": "pkg:oci/argocd-rhel8@sha256:fb2afdfdfe8744e2840695b6f4f77f257d7c6f554cb02c9ca6c277bc2d2772be?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.11.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:b9b41d7e3bf03fd203164e1ec9bc894e824decee530a73a3ac64ebd023f0df70_ppc64le", "product": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:b9b41d7e3bf03fd203164e1ec9bc894e824decee530a73a3ac64ebd023f0df70_ppc64le", "product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:b9b41d7e3bf03fd203164e1ec9bc894e824decee530a73a3ac64ebd023f0df70_ppc64le", "product_identification_helper": { "purl": "pkg:oci/argo-rollouts-rhel8@sha256:b9b41d7e3bf03fd203164e1ec9bc894e824decee530a73a3ac64ebd023f0df70?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.11.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/console-plugin-rhel8@sha256:acd4ec75a69fbf1f04c1f825df2bf3f6fcfdad2f594f441dc01985a3bca9ae75_ppc64le", "product": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:acd4ec75a69fbf1f04c1f825df2bf3f6fcfdad2f594f441dc01985a3bca9ae75_ppc64le", "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:acd4ec75a69fbf1f04c1f825df2bf3f6fcfdad2f594f441dc01985a3bca9ae75_ppc64le", "product_identification_helper": { "purl": "pkg:oci/console-plugin-rhel8@sha256:acd4ec75a69fbf1f04c1f825df2bf3f6fcfdad2f594f441dc01985a3bca9ae75?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.11.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8@sha256:c947179654ddbef9a0268831920e19fd301187701e5022863736b43d883bf027_ppc64le", "product": { "name": "openshift-gitops-1/gitops-rhel8@sha256:c947179654ddbef9a0268831920e19fd301187701e5022863736b43d883bf027_ppc64le", "product_id": "openshift-gitops-1/gitops-rhel8@sha256:c947179654ddbef9a0268831920e19fd301187701e5022863736b43d883bf027_ppc64le", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8@sha256:c947179654ddbef9a0268831920e19fd301187701e5022863736b43d883bf027?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.11.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/dex-rhel8@sha256:37aa863fe717c6587e0d3079f1613e36d95d45c8958d6e63940419b801f6cc75_ppc64le", "product": { "name": "openshift-gitops-1/dex-rhel8@sha256:37aa863fe717c6587e0d3079f1613e36d95d45c8958d6e63940419b801f6cc75_ppc64le", "product_id": "openshift-gitops-1/dex-rhel8@sha256:37aa863fe717c6587e0d3079f1613e36d95d45c8958d6e63940419b801f6cc75_ppc64le", "product_identification_helper": { "purl": "pkg:oci/dex-rhel8@sha256:37aa863fe717c6587e0d3079f1613e36d95d45c8958d6e63940419b801f6cc75?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.11.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:341056443b4b4b73d399906ab4c6752557b170a894f2791c8e96ac448dfd1094_ppc64le", "product": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:341056443b4b4b73d399906ab4c6752557b170a894f2791c8e96ac448dfd1094_ppc64le", "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:341056443b4b4b73d399906ab4c6752557b170a894f2791c8e96ac448dfd1094_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kam-delivery-rhel8@sha256:341056443b4b4b73d399906ab4c6752557b170a894f2791c8e96ac448dfd1094?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.11.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/must-gather-rhel8@sha256:e4cf9b2d875fbedb7e317aa2038865e82ef965e72f4d1ab3983adfaff11b791f_ppc64le", "product": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:e4cf9b2d875fbedb7e317aa2038865e82ef965e72f4d1ab3983adfaff11b791f_ppc64le", "product_id": "openshift-gitops-1/must-gather-rhel8@sha256:e4cf9b2d875fbedb7e317aa2038865e82ef965e72f4d1ab3983adfaff11b791f_ppc64le", "product_identification_helper": { "purl": "pkg:oci/must-gather-rhel8@sha256:e4cf9b2d875fbedb7e317aa2038865e82ef965e72f4d1ab3983adfaff11b791f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.11.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:98c86ba6b3ba5ae4b5c21f1913693174166a1e60a1c6da399e500ed6974ce72e_ppc64le", "product": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:98c86ba6b3ba5ae4b5c21f1913693174166a1e60a1c6da399e500ed6974ce72e_ppc64le", "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:98c86ba6b3ba5ae4b5c21f1913693174166a1e60a1c6da399e500ed6974ce72e_ppc64le", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8-operator@sha256:98c86ba6b3ba5ae4b5c21f1913693174166a1e60a1c6da399e500ed6974ce72e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.11.3-2" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:6127403dba805efc36d574037cd42a28d6b9890ee90695f8bf55d9050a2cf484_s390x as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:6127403dba805efc36d574037cd42a28d6b9890ee90695f8bf55d9050a2cf484_s390x" }, "product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:6127403dba805efc36d574037cd42a28d6b9890ee90695f8bf55d9050a2cf484_s390x", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:b9b41d7e3bf03fd203164e1ec9bc894e824decee530a73a3ac64ebd023f0df70_ppc64le as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:b9b41d7e3bf03fd203164e1ec9bc894e824decee530a73a3ac64ebd023f0df70_ppc64le" }, "product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:b9b41d7e3bf03fd203164e1ec9bc894e824decee530a73a3ac64ebd023f0df70_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:dfb51f001b4ff4b926e5651e66c71fdc3fd5ffa56744b401c648ba1e6a04b461_arm64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:dfb51f001b4ff4b926e5651e66c71fdc3fd5ffa56744b401c648ba1e6a04b461_arm64" }, "product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:dfb51f001b4ff4b926e5651e66c71fdc3fd5ffa56744b401c648ba1e6a04b461_arm64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:f90e8392c932d527fd720a016341484be74a8934cea153322ad76e192b995d9e_amd64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:f90e8392c932d527fd720a016341484be74a8934cea153322ad76e192b995d9e_amd64" }, "product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:f90e8392c932d527fd720a016341484be74a8934cea153322ad76e192b995d9e_amd64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argocd-rhel8@sha256:6a130b07e68b8e30d78d8d6db6f85b718583fc3ceb35827834a46bd07cee1727_amd64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:6a130b07e68b8e30d78d8d6db6f85b718583fc3ceb35827834a46bd07cee1727_amd64" }, "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:6a130b07e68b8e30d78d8d6db6f85b718583fc3ceb35827834a46bd07cee1727_amd64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argocd-rhel8@sha256:c8bc4553ee07fe306549c3a915bc7822ac2fccc1895be00d91a2d5113a0f9231_s390x as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:c8bc4553ee07fe306549c3a915bc7822ac2fccc1895be00d91a2d5113a0f9231_s390x" }, "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:c8bc4553ee07fe306549c3a915bc7822ac2fccc1895be00d91a2d5113a0f9231_s390x", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argocd-rhel8@sha256:fb2afdfdfe8744e2840695b6f4f77f257d7c6f554cb02c9ca6c277bc2d2772be_ppc64le as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fb2afdfdfe8744e2840695b6f4f77f257d7c6f554cb02c9ca6c277bc2d2772be_ppc64le" }, "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:fb2afdfdfe8744e2840695b6f4f77f257d7c6f554cb02c9ca6c277bc2d2772be_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argocd-rhel8@sha256:fbd1daea3cfa54e43089f97b6ce1887e5f4df027bde9d20ab7e32d1e221b757d_arm64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fbd1daea3cfa54e43089f97b6ce1887e5f4df027bde9d20ab7e32d1e221b757d_arm64" }, "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:fbd1daea3cfa54e43089f97b6ce1887e5f4df027bde9d20ab7e32d1e221b757d_arm64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:339617f04389e835b127ed280aeda5f43f6817988c9ebe0ecd0f609b149c3b82_s390x as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:339617f04389e835b127ed280aeda5f43f6817988c9ebe0ecd0f609b149c3b82_s390x" }, "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:339617f04389e835b127ed280aeda5f43f6817988c9ebe0ecd0f609b149c3b82_s390x", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:9f9b1dc112f45ec605b817450388b116e523733cd5ad66ba09e91a47b624eed9_arm64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:9f9b1dc112f45ec605b817450388b116e523733cd5ad66ba09e91a47b624eed9_arm64" }, "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:9f9b1dc112f45ec605b817450388b116e523733cd5ad66ba09e91a47b624eed9_arm64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:acd4ec75a69fbf1f04c1f825df2bf3f6fcfdad2f594f441dc01985a3bca9ae75_ppc64le as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:acd4ec75a69fbf1f04c1f825df2bf3f6fcfdad2f594f441dc01985a3bca9ae75_ppc64le" }, "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:acd4ec75a69fbf1f04c1f825df2bf3f6fcfdad2f594f441dc01985a3bca9ae75_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:c9947f0f6981e1b7e7a8919e59cb36e981eab217d710101947a50f029f9d5864_amd64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:c9947f0f6981e1b7e7a8919e59cb36e981eab217d710101947a50f029f9d5864_amd64" }, "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:c9947f0f6981e1b7e7a8919e59cb36e981eab217d710101947a50f029f9d5864_amd64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/dex-rhel8@sha256:2e20b3f1b6178faab7e1363efe0629998a18d93e134703312b729efdceac9069_amd64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:2e20b3f1b6178faab7e1363efe0629998a18d93e134703312b729efdceac9069_amd64" }, "product_reference": "openshift-gitops-1/dex-rhel8@sha256:2e20b3f1b6178faab7e1363efe0629998a18d93e134703312b729efdceac9069_amd64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/dex-rhel8@sha256:37aa863fe717c6587e0d3079f1613e36d95d45c8958d6e63940419b801f6cc75_ppc64le as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:37aa863fe717c6587e0d3079f1613e36d95d45c8958d6e63940419b801f6cc75_ppc64le" }, "product_reference": "openshift-gitops-1/dex-rhel8@sha256:37aa863fe717c6587e0d3079f1613e36d95d45c8958d6e63940419b801f6cc75_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/dex-rhel8@sha256:567428139e895d1a8eea9baaea570ed24dc64dd7d36e65167d029579fbf0cfd4_s390x as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:567428139e895d1a8eea9baaea570ed24dc64dd7d36e65167d029579fbf0cfd4_s390x" }, "product_reference": "openshift-gitops-1/dex-rhel8@sha256:567428139e895d1a8eea9baaea570ed24dc64dd7d36e65167d029579fbf0cfd4_s390x", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/dex-rhel8@sha256:ffefdc53c0d0b1c6ca36c83d4d0b3a48a5ccafa02aa3c865450d0bc01cfc6983_arm64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:ffefdc53c0d0b1c6ca36c83d4d0b3a48a5ccafa02aa3c865450d0bc01cfc6983_arm64" }, "product_reference": "openshift-gitops-1/dex-rhel8@sha256:ffefdc53c0d0b1c6ca36c83d4d0b3a48a5ccafa02aa3c865450d0bc01cfc6983_arm64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-operator-bundle@sha256:648d9e94bd34d93d425132a80b445cc2113f8068c803deb1c241fe73e1b21b56_amd64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/gitops-operator-bundle@sha256:648d9e94bd34d93d425132a80b445cc2113f8068c803deb1c241fe73e1b21b56_amd64" }, "product_reference": "openshift-gitops-1/gitops-operator-bundle@sha256:648d9e94bd34d93d425132a80b445cc2113f8068c803deb1c241fe73e1b21b56_amd64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:97cd97e2c99c69b94ab9a18d2515114c32b39ea39f25aa5d560e107190e34fbb_s390x as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:97cd97e2c99c69b94ab9a18d2515114c32b39ea39f25aa5d560e107190e34fbb_s390x" }, "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:97cd97e2c99c69b94ab9a18d2515114c32b39ea39f25aa5d560e107190e34fbb_s390x", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:98c86ba6b3ba5ae4b5c21f1913693174166a1e60a1c6da399e500ed6974ce72e_ppc64le as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:98c86ba6b3ba5ae4b5c21f1913693174166a1e60a1c6da399e500ed6974ce72e_ppc64le" }, "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:98c86ba6b3ba5ae4b5c21f1913693174166a1e60a1c6da399e500ed6974ce72e_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:b263b478702fb4de022d5f9906273842ce0613eaefdf6f4ee8f07fc5384f9857_amd64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:b263b478702fb4de022d5f9906273842ce0613eaefdf6f4ee8f07fc5384f9857_amd64" }, "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:b263b478702fb4de022d5f9906273842ce0613eaefdf6f4ee8f07fc5384f9857_amd64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:c5b00eadf15a9d84727630246efa051e8eb8c73106ada11acf1bc11bcd85f19d_arm64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:c5b00eadf15a9d84727630246efa051e8eb8c73106ada11acf1bc11bcd85f19d_arm64" }, "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:c5b00eadf15a9d84727630246efa051e8eb8c73106ada11acf1bc11bcd85f19d_arm64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8@sha256:b655a97c3aeab2feca73b054e03e832172c6886dbb29334f511d868be31de009_arm64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:b655a97c3aeab2feca73b054e03e832172c6886dbb29334f511d868be31de009_arm64" }, "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:b655a97c3aeab2feca73b054e03e832172c6886dbb29334f511d868be31de009_arm64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8@sha256:c947179654ddbef9a0268831920e19fd301187701e5022863736b43d883bf027_ppc64le as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:c947179654ddbef9a0268831920e19fd301187701e5022863736b43d883bf027_ppc64le" }, "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:c947179654ddbef9a0268831920e19fd301187701e5022863736b43d883bf027_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8@sha256:f1b5e410215abb50f6fa0b7575a75fd5d2f4a6ad901566fca037c96a31455f07_amd64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f1b5e410215abb50f6fa0b7575a75fd5d2f4a6ad901566fca037c96a31455f07_amd64" }, "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:f1b5e410215abb50f6fa0b7575a75fd5d2f4a6ad901566fca037c96a31455f07_amd64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8@sha256:f848e0bedee28d10351781cc25fb7662bfbf692d1ed2f5972032d7ed5d50ede6_s390x as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f848e0bedee28d10351781cc25fb7662bfbf692d1ed2f5972032d7ed5d50ede6_s390x" }, "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:f848e0bedee28d10351781cc25fb7662bfbf692d1ed2f5972032d7ed5d50ede6_s390x", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:243757043ae12bb32ada35638b39f0ad8621dbb2a4f0b0ea2cc00ef22398e3c0_amd64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:243757043ae12bb32ada35638b39f0ad8621dbb2a4f0b0ea2cc00ef22398e3c0_amd64" }, "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:243757043ae12bb32ada35638b39f0ad8621dbb2a4f0b0ea2cc00ef22398e3c0_amd64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:341056443b4b4b73d399906ab4c6752557b170a894f2791c8e96ac448dfd1094_ppc64le as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:341056443b4b4b73d399906ab4c6752557b170a894f2791c8e96ac448dfd1094_ppc64le" }, "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:341056443b4b4b73d399906ab4c6752557b170a894f2791c8e96ac448dfd1094_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:3f57e8c1c090bf3e276966e15903c372551b9360f4558589a66b5f5b112ba735_arm64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:3f57e8c1c090bf3e276966e15903c372551b9360f4558589a66b5f5b112ba735_arm64" }, "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:3f57e8c1c090bf3e276966e15903c372551b9360f4558589a66b5f5b112ba735_arm64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:fdaa10d7f6696f36f51aed47f96575a2ef4bca1a4912af0c75ac4a2f4a0eb7cc_s390x as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:fdaa10d7f6696f36f51aed47f96575a2ef4bca1a4912af0c75ac4a2f4a0eb7cc_s390x" }, "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:fdaa10d7f6696f36f51aed47f96575a2ef4bca1a4912af0c75ac4a2f4a0eb7cc_s390x", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:38a621bda3e0b14787f3fe412ecf7016d090f71d4645cfb1a196ac7c7bbf96f1_s390x as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:38a621bda3e0b14787f3fe412ecf7016d090f71d4645cfb1a196ac7c7bbf96f1_s390x" }, "product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:38a621bda3e0b14787f3fe412ecf7016d090f71d4645cfb1a196ac7c7bbf96f1_s390x", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:8ae7446f334fafdcdd23886096566ee9a9af6b1c74f825cc7d5ca2797cdc1dbf_amd64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:8ae7446f334fafdcdd23886096566ee9a9af6b1c74f825cc7d5ca2797cdc1dbf_amd64" }, "product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:8ae7446f334fafdcdd23886096566ee9a9af6b1c74f825cc7d5ca2797cdc1dbf_amd64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:dec2b37341e2ecdfd29288f623dbbfda388d24794d8e101adb18bd4e6ff6d2d1_arm64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:dec2b37341e2ecdfd29288f623dbbfda388d24794d8e101adb18bd4e6ff6d2d1_arm64" }, "product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:dec2b37341e2ecdfd29288f623dbbfda388d24794d8e101adb18bd4e6ff6d2d1_arm64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:e4cf9b2d875fbedb7e317aa2038865e82ef965e72f4d1ab3983adfaff11b791f_ppc64le as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:e4cf9b2d875fbedb7e317aa2038865e82ef965e72f4d1ab3983adfaff11b791f_ppc64le" }, "product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:e4cf9b2d875fbedb7e317aa2038865e82ef965e72f4d1ab3983adfaff11b791f_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.11" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-50726", "cwe": { "id": "CWE-269", "name": "Improper Privilege Management" }, "discovery_date": "2024-03-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2269479" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Argo CD package. An improper validation bug allows users to sync local manifests on app creation, who have create privileges but not override privileges. All other restrictions, including AppProject restrictions, are still enforced. The only restriction that is not enforced is that the manifests come from some approved git/Helm/OCI source.", "title": "Vulnerability description" }, { "category": "summary", "text": "CD: Users with `create` but not `override` privileges can perform local sync", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:6127403dba805efc36d574037cd42a28d6b9890ee90695f8bf55d9050a2cf484_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:b9b41d7e3bf03fd203164e1ec9bc894e824decee530a73a3ac64ebd023f0df70_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:dfb51f001b4ff4b926e5651e66c71fdc3fd5ffa56744b401c648ba1e6a04b461_arm64", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:f90e8392c932d527fd720a016341484be74a8934cea153322ad76e192b995d9e_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:6a130b07e68b8e30d78d8d6db6f85b718583fc3ceb35827834a46bd07cee1727_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:c8bc4553ee07fe306549c3a915bc7822ac2fccc1895be00d91a2d5113a0f9231_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fb2afdfdfe8744e2840695b6f4f77f257d7c6f554cb02c9ca6c277bc2d2772be_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fbd1daea3cfa54e43089f97b6ce1887e5f4df027bde9d20ab7e32d1e221b757d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:339617f04389e835b127ed280aeda5f43f6817988c9ebe0ecd0f609b149c3b82_s390x", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:9f9b1dc112f45ec605b817450388b116e523733cd5ad66ba09e91a47b624eed9_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:acd4ec75a69fbf1f04c1f825df2bf3f6fcfdad2f594f441dc01985a3bca9ae75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:c9947f0f6981e1b7e7a8919e59cb36e981eab217d710101947a50f029f9d5864_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:2e20b3f1b6178faab7e1363efe0629998a18d93e134703312b729efdceac9069_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:37aa863fe717c6587e0d3079f1613e36d95d45c8958d6e63940419b801f6cc75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:567428139e895d1a8eea9baaea570ed24dc64dd7d36e65167d029579fbf0cfd4_s390x", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:ffefdc53c0d0b1c6ca36c83d4d0b3a48a5ccafa02aa3c865450d0bc01cfc6983_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-operator-bundle@sha256:648d9e94bd34d93d425132a80b445cc2113f8068c803deb1c241fe73e1b21b56_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:97cd97e2c99c69b94ab9a18d2515114c32b39ea39f25aa5d560e107190e34fbb_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:98c86ba6b3ba5ae4b5c21f1913693174166a1e60a1c6da399e500ed6974ce72e_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:b263b478702fb4de022d5f9906273842ce0613eaefdf6f4ee8f07fc5384f9857_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:c5b00eadf15a9d84727630246efa051e8eb8c73106ada11acf1bc11bcd85f19d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:b655a97c3aeab2feca73b054e03e832172c6886dbb29334f511d868be31de009_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:c947179654ddbef9a0268831920e19fd301187701e5022863736b43d883bf027_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f1b5e410215abb50f6fa0b7575a75fd5d2f4a6ad901566fca037c96a31455f07_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f848e0bedee28d10351781cc25fb7662bfbf692d1ed2f5972032d7ed5d50ede6_s390x", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:243757043ae12bb32ada35638b39f0ad8621dbb2a4f0b0ea2cc00ef22398e3c0_amd64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:341056443b4b4b73d399906ab4c6752557b170a894f2791c8e96ac448dfd1094_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:3f57e8c1c090bf3e276966e15903c372551b9360f4558589a66b5f5b112ba735_arm64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:fdaa10d7f6696f36f51aed47f96575a2ef4bca1a4912af0c75ac4a2f4a0eb7cc_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:38a621bda3e0b14787f3fe412ecf7016d090f71d4645cfb1a196ac7c7bbf96f1_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:8ae7446f334fafdcdd23886096566ee9a9af6b1c74f825cc7d5ca2797cdc1dbf_amd64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:dec2b37341e2ecdfd29288f623dbbfda388d24794d8e101adb18bd4e6ff6d2d1_arm64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:e4cf9b2d875fbedb7e317aa2038865e82ef965e72f4d1ab3983adfaff11b791f_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-50726" }, { "category": "external", "summary": "RHBZ#2269479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269479" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-50726", "url": "https://www.cve.org/CVERecord?id=CVE-2023-50726" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-50726", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50726" }, { "category": "external", "summary": "https://argo-cd.readthedocs.io/en/latest/operator-manual/rbac", "url": "https://argo-cd.readthedocs.io/en/latest/operator-manual/rbac" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/commit/3b8f673f06c2d228e01cbc830e5cb57cef008978", "url": "https://github.com/argoproj/argo-cd/commit/3b8f673f06c2d228e01cbc830e5cb57cef008978" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-g623-jcgg-mhmm", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-g623-jcgg-mhmm" } ], "release_date": "2024-03-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-08T13:36:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:6127403dba805efc36d574037cd42a28d6b9890ee90695f8bf55d9050a2cf484_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:b9b41d7e3bf03fd203164e1ec9bc894e824decee530a73a3ac64ebd023f0df70_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:dfb51f001b4ff4b926e5651e66c71fdc3fd5ffa56744b401c648ba1e6a04b461_arm64", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:f90e8392c932d527fd720a016341484be74a8934cea153322ad76e192b995d9e_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:6a130b07e68b8e30d78d8d6db6f85b718583fc3ceb35827834a46bd07cee1727_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:c8bc4553ee07fe306549c3a915bc7822ac2fccc1895be00d91a2d5113a0f9231_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fb2afdfdfe8744e2840695b6f4f77f257d7c6f554cb02c9ca6c277bc2d2772be_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fbd1daea3cfa54e43089f97b6ce1887e5f4df027bde9d20ab7e32d1e221b757d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:339617f04389e835b127ed280aeda5f43f6817988c9ebe0ecd0f609b149c3b82_s390x", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:9f9b1dc112f45ec605b817450388b116e523733cd5ad66ba09e91a47b624eed9_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:acd4ec75a69fbf1f04c1f825df2bf3f6fcfdad2f594f441dc01985a3bca9ae75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:c9947f0f6981e1b7e7a8919e59cb36e981eab217d710101947a50f029f9d5864_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:2e20b3f1b6178faab7e1363efe0629998a18d93e134703312b729efdceac9069_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:37aa863fe717c6587e0d3079f1613e36d95d45c8958d6e63940419b801f6cc75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:567428139e895d1a8eea9baaea570ed24dc64dd7d36e65167d029579fbf0cfd4_s390x", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:ffefdc53c0d0b1c6ca36c83d4d0b3a48a5ccafa02aa3c865450d0bc01cfc6983_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-operator-bundle@sha256:648d9e94bd34d93d425132a80b445cc2113f8068c803deb1c241fe73e1b21b56_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:97cd97e2c99c69b94ab9a18d2515114c32b39ea39f25aa5d560e107190e34fbb_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:98c86ba6b3ba5ae4b5c21f1913693174166a1e60a1c6da399e500ed6974ce72e_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:b263b478702fb4de022d5f9906273842ce0613eaefdf6f4ee8f07fc5384f9857_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:c5b00eadf15a9d84727630246efa051e8eb8c73106ada11acf1bc11bcd85f19d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:b655a97c3aeab2feca73b054e03e832172c6886dbb29334f511d868be31de009_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:c947179654ddbef9a0268831920e19fd301187701e5022863736b43d883bf027_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f1b5e410215abb50f6fa0b7575a75fd5d2f4a6ad901566fca037c96a31455f07_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f848e0bedee28d10351781cc25fb7662bfbf692d1ed2f5972032d7ed5d50ede6_s390x", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:243757043ae12bb32ada35638b39f0ad8621dbb2a4f0b0ea2cc00ef22398e3c0_amd64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:341056443b4b4b73d399906ab4c6752557b170a894f2791c8e96ac448dfd1094_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:3f57e8c1c090bf3e276966e15903c372551b9360f4558589a66b5f5b112ba735_arm64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:fdaa10d7f6696f36f51aed47f96575a2ef4bca1a4912af0c75ac4a2f4a0eb7cc_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:38a621bda3e0b14787f3fe412ecf7016d090f71d4645cfb1a196ac7c7bbf96f1_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:8ae7446f334fafdcdd23886096566ee9a9af6b1c74f825cc7d5ca2797cdc1dbf_amd64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:dec2b37341e2ecdfd29288f623dbbfda388d24794d8e101adb18bd4e6ff6d2d1_arm64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:e4cf9b2d875fbedb7e317aa2038865e82ef965e72f4d1ab3983adfaff11b791f_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1697" }, { "category": "workaround", "details": "To mitigate the risk of branch protection bypass, remove applications and create RBAC access.", "product_ids": [ "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:6127403dba805efc36d574037cd42a28d6b9890ee90695f8bf55d9050a2cf484_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:b9b41d7e3bf03fd203164e1ec9bc894e824decee530a73a3ac64ebd023f0df70_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:dfb51f001b4ff4b926e5651e66c71fdc3fd5ffa56744b401c648ba1e6a04b461_arm64", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:f90e8392c932d527fd720a016341484be74a8934cea153322ad76e192b995d9e_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:6a130b07e68b8e30d78d8d6db6f85b718583fc3ceb35827834a46bd07cee1727_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:c8bc4553ee07fe306549c3a915bc7822ac2fccc1895be00d91a2d5113a0f9231_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fb2afdfdfe8744e2840695b6f4f77f257d7c6f554cb02c9ca6c277bc2d2772be_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fbd1daea3cfa54e43089f97b6ce1887e5f4df027bde9d20ab7e32d1e221b757d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:339617f04389e835b127ed280aeda5f43f6817988c9ebe0ecd0f609b149c3b82_s390x", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:9f9b1dc112f45ec605b817450388b116e523733cd5ad66ba09e91a47b624eed9_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:acd4ec75a69fbf1f04c1f825df2bf3f6fcfdad2f594f441dc01985a3bca9ae75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:c9947f0f6981e1b7e7a8919e59cb36e981eab217d710101947a50f029f9d5864_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:2e20b3f1b6178faab7e1363efe0629998a18d93e134703312b729efdceac9069_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:37aa863fe717c6587e0d3079f1613e36d95d45c8958d6e63940419b801f6cc75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:567428139e895d1a8eea9baaea570ed24dc64dd7d36e65167d029579fbf0cfd4_s390x", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:ffefdc53c0d0b1c6ca36c83d4d0b3a48a5ccafa02aa3c865450d0bc01cfc6983_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-operator-bundle@sha256:648d9e94bd34d93d425132a80b445cc2113f8068c803deb1c241fe73e1b21b56_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:97cd97e2c99c69b94ab9a18d2515114c32b39ea39f25aa5d560e107190e34fbb_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:98c86ba6b3ba5ae4b5c21f1913693174166a1e60a1c6da399e500ed6974ce72e_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:b263b478702fb4de022d5f9906273842ce0613eaefdf6f4ee8f07fc5384f9857_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:c5b00eadf15a9d84727630246efa051e8eb8c73106ada11acf1bc11bcd85f19d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:b655a97c3aeab2feca73b054e03e832172c6886dbb29334f511d868be31de009_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:c947179654ddbef9a0268831920e19fd301187701e5022863736b43d883bf027_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f1b5e410215abb50f6fa0b7575a75fd5d2f4a6ad901566fca037c96a31455f07_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f848e0bedee28d10351781cc25fb7662bfbf692d1ed2f5972032d7ed5d50ede6_s390x", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:243757043ae12bb32ada35638b39f0ad8621dbb2a4f0b0ea2cc00ef22398e3c0_amd64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:341056443b4b4b73d399906ab4c6752557b170a894f2791c8e96ac448dfd1094_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:3f57e8c1c090bf3e276966e15903c372551b9360f4558589a66b5f5b112ba735_arm64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:fdaa10d7f6696f36f51aed47f96575a2ef4bca1a4912af0c75ac4a2f4a0eb7cc_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:38a621bda3e0b14787f3fe412ecf7016d090f71d4645cfb1a196ac7c7bbf96f1_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:8ae7446f334fafdcdd23886096566ee9a9af6b1c74f825cc7d5ca2797cdc1dbf_amd64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:dec2b37341e2ecdfd29288f623dbbfda388d24794d8e101adb18bd4e6ff6d2d1_arm64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:e4cf9b2d875fbedb7e317aa2038865e82ef965e72f4d1ab3983adfaff11b791f_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", "version": "3.1" }, "products": [ "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:6127403dba805efc36d574037cd42a28d6b9890ee90695f8bf55d9050a2cf484_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:b9b41d7e3bf03fd203164e1ec9bc894e824decee530a73a3ac64ebd023f0df70_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:dfb51f001b4ff4b926e5651e66c71fdc3fd5ffa56744b401c648ba1e6a04b461_arm64", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:f90e8392c932d527fd720a016341484be74a8934cea153322ad76e192b995d9e_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:6a130b07e68b8e30d78d8d6db6f85b718583fc3ceb35827834a46bd07cee1727_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:c8bc4553ee07fe306549c3a915bc7822ac2fccc1895be00d91a2d5113a0f9231_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fb2afdfdfe8744e2840695b6f4f77f257d7c6f554cb02c9ca6c277bc2d2772be_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fbd1daea3cfa54e43089f97b6ce1887e5f4df027bde9d20ab7e32d1e221b757d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:339617f04389e835b127ed280aeda5f43f6817988c9ebe0ecd0f609b149c3b82_s390x", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:9f9b1dc112f45ec605b817450388b116e523733cd5ad66ba09e91a47b624eed9_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:acd4ec75a69fbf1f04c1f825df2bf3f6fcfdad2f594f441dc01985a3bca9ae75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:c9947f0f6981e1b7e7a8919e59cb36e981eab217d710101947a50f029f9d5864_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:2e20b3f1b6178faab7e1363efe0629998a18d93e134703312b729efdceac9069_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:37aa863fe717c6587e0d3079f1613e36d95d45c8958d6e63940419b801f6cc75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:567428139e895d1a8eea9baaea570ed24dc64dd7d36e65167d029579fbf0cfd4_s390x", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:ffefdc53c0d0b1c6ca36c83d4d0b3a48a5ccafa02aa3c865450d0bc01cfc6983_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-operator-bundle@sha256:648d9e94bd34d93d425132a80b445cc2113f8068c803deb1c241fe73e1b21b56_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:97cd97e2c99c69b94ab9a18d2515114c32b39ea39f25aa5d560e107190e34fbb_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:98c86ba6b3ba5ae4b5c21f1913693174166a1e60a1c6da399e500ed6974ce72e_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:b263b478702fb4de022d5f9906273842ce0613eaefdf6f4ee8f07fc5384f9857_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:c5b00eadf15a9d84727630246efa051e8eb8c73106ada11acf1bc11bcd85f19d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:b655a97c3aeab2feca73b054e03e832172c6886dbb29334f511d868be31de009_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:c947179654ddbef9a0268831920e19fd301187701e5022863736b43d883bf027_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f1b5e410215abb50f6fa0b7575a75fd5d2f4a6ad901566fca037c96a31455f07_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f848e0bedee28d10351781cc25fb7662bfbf692d1ed2f5972032d7ed5d50ede6_s390x", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:243757043ae12bb32ada35638b39f0ad8621dbb2a4f0b0ea2cc00ef22398e3c0_amd64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:341056443b4b4b73d399906ab4c6752557b170a894f2791c8e96ac448dfd1094_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:3f57e8c1c090bf3e276966e15903c372551b9360f4558589a66b5f5b112ba735_arm64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:fdaa10d7f6696f36f51aed47f96575a2ef4bca1a4912af0c75ac4a2f4a0eb7cc_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:38a621bda3e0b14787f3fe412ecf7016d090f71d4645cfb1a196ac7c7bbf96f1_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:8ae7446f334fafdcdd23886096566ee9a9af6b1c74f825cc7d5ca2797cdc1dbf_amd64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:dec2b37341e2ecdfd29288f623dbbfda388d24794d8e101adb18bd4e6ff6d2d1_arm64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:e4cf9b2d875fbedb7e317aa2038865e82ef965e72f4d1ab3983adfaff11b791f_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "CD: Users with `create` but not `override` privileges can perform local sync" }, { "cve": "CVE-2024-21652", "cwe": { "id": "CWE-307", "name": "Improper Restriction of Excessive Authentication Attempts" }, "discovery_date": "2024-03-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2270170" } ], "notes": [ { "category": "description", "text": "A bypass of brute force protection flaw was found in Argo CD. Since login attempts are stored only in memory, every time the server restarts, that number is lost and unlimited login attempts can be made. It is possible to bypass brute force protections by chaining this issue with a denial of service issue, such as CVE-2024-21661.", "title": "Vulnerability description" }, { "category": "summary", "text": "argo-cd: Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:6127403dba805efc36d574037cd42a28d6b9890ee90695f8bf55d9050a2cf484_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:b9b41d7e3bf03fd203164e1ec9bc894e824decee530a73a3ac64ebd023f0df70_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:dfb51f001b4ff4b926e5651e66c71fdc3fd5ffa56744b401c648ba1e6a04b461_arm64", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:f90e8392c932d527fd720a016341484be74a8934cea153322ad76e192b995d9e_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:6a130b07e68b8e30d78d8d6db6f85b718583fc3ceb35827834a46bd07cee1727_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:c8bc4553ee07fe306549c3a915bc7822ac2fccc1895be00d91a2d5113a0f9231_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fb2afdfdfe8744e2840695b6f4f77f257d7c6f554cb02c9ca6c277bc2d2772be_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fbd1daea3cfa54e43089f97b6ce1887e5f4df027bde9d20ab7e32d1e221b757d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:339617f04389e835b127ed280aeda5f43f6817988c9ebe0ecd0f609b149c3b82_s390x", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:9f9b1dc112f45ec605b817450388b116e523733cd5ad66ba09e91a47b624eed9_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:acd4ec75a69fbf1f04c1f825df2bf3f6fcfdad2f594f441dc01985a3bca9ae75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:c9947f0f6981e1b7e7a8919e59cb36e981eab217d710101947a50f029f9d5864_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:2e20b3f1b6178faab7e1363efe0629998a18d93e134703312b729efdceac9069_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:37aa863fe717c6587e0d3079f1613e36d95d45c8958d6e63940419b801f6cc75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:567428139e895d1a8eea9baaea570ed24dc64dd7d36e65167d029579fbf0cfd4_s390x", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:ffefdc53c0d0b1c6ca36c83d4d0b3a48a5ccafa02aa3c865450d0bc01cfc6983_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-operator-bundle@sha256:648d9e94bd34d93d425132a80b445cc2113f8068c803deb1c241fe73e1b21b56_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:97cd97e2c99c69b94ab9a18d2515114c32b39ea39f25aa5d560e107190e34fbb_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:98c86ba6b3ba5ae4b5c21f1913693174166a1e60a1c6da399e500ed6974ce72e_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:b263b478702fb4de022d5f9906273842ce0613eaefdf6f4ee8f07fc5384f9857_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:c5b00eadf15a9d84727630246efa051e8eb8c73106ada11acf1bc11bcd85f19d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:b655a97c3aeab2feca73b054e03e832172c6886dbb29334f511d868be31de009_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:c947179654ddbef9a0268831920e19fd301187701e5022863736b43d883bf027_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f1b5e410215abb50f6fa0b7575a75fd5d2f4a6ad901566fca037c96a31455f07_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f848e0bedee28d10351781cc25fb7662bfbf692d1ed2f5972032d7ed5d50ede6_s390x", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:243757043ae12bb32ada35638b39f0ad8621dbb2a4f0b0ea2cc00ef22398e3c0_amd64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:341056443b4b4b73d399906ab4c6752557b170a894f2791c8e96ac448dfd1094_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:3f57e8c1c090bf3e276966e15903c372551b9360f4558589a66b5f5b112ba735_arm64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:fdaa10d7f6696f36f51aed47f96575a2ef4bca1a4912af0c75ac4a2f4a0eb7cc_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:38a621bda3e0b14787f3fe412ecf7016d090f71d4645cfb1a196ac7c7bbf96f1_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:8ae7446f334fafdcdd23886096566ee9a9af6b1c74f825cc7d5ca2797cdc1dbf_amd64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:dec2b37341e2ecdfd29288f623dbbfda388d24794d8e101adb18bd4e6ff6d2d1_arm64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:e4cf9b2d875fbedb7e317aa2038865e82ef965e72f4d1ab3983adfaff11b791f_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-21652" }, { "category": "external", "summary": "RHBZ#2270170", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270170" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21652", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21652" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21652", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21652" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-x32m-mvfj-52xv", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-x32m-mvfj-52xv" } ], "release_date": "2024-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-08T13:36:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:6127403dba805efc36d574037cd42a28d6b9890ee90695f8bf55d9050a2cf484_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:b9b41d7e3bf03fd203164e1ec9bc894e824decee530a73a3ac64ebd023f0df70_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:dfb51f001b4ff4b926e5651e66c71fdc3fd5ffa56744b401c648ba1e6a04b461_arm64", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:f90e8392c932d527fd720a016341484be74a8934cea153322ad76e192b995d9e_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:6a130b07e68b8e30d78d8d6db6f85b718583fc3ceb35827834a46bd07cee1727_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:c8bc4553ee07fe306549c3a915bc7822ac2fccc1895be00d91a2d5113a0f9231_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fb2afdfdfe8744e2840695b6f4f77f257d7c6f554cb02c9ca6c277bc2d2772be_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fbd1daea3cfa54e43089f97b6ce1887e5f4df027bde9d20ab7e32d1e221b757d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:339617f04389e835b127ed280aeda5f43f6817988c9ebe0ecd0f609b149c3b82_s390x", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:9f9b1dc112f45ec605b817450388b116e523733cd5ad66ba09e91a47b624eed9_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:acd4ec75a69fbf1f04c1f825df2bf3f6fcfdad2f594f441dc01985a3bca9ae75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:c9947f0f6981e1b7e7a8919e59cb36e981eab217d710101947a50f029f9d5864_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:2e20b3f1b6178faab7e1363efe0629998a18d93e134703312b729efdceac9069_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:37aa863fe717c6587e0d3079f1613e36d95d45c8958d6e63940419b801f6cc75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:567428139e895d1a8eea9baaea570ed24dc64dd7d36e65167d029579fbf0cfd4_s390x", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:ffefdc53c0d0b1c6ca36c83d4d0b3a48a5ccafa02aa3c865450d0bc01cfc6983_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-operator-bundle@sha256:648d9e94bd34d93d425132a80b445cc2113f8068c803deb1c241fe73e1b21b56_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:97cd97e2c99c69b94ab9a18d2515114c32b39ea39f25aa5d560e107190e34fbb_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:98c86ba6b3ba5ae4b5c21f1913693174166a1e60a1c6da399e500ed6974ce72e_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:b263b478702fb4de022d5f9906273842ce0613eaefdf6f4ee8f07fc5384f9857_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:c5b00eadf15a9d84727630246efa051e8eb8c73106ada11acf1bc11bcd85f19d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:b655a97c3aeab2feca73b054e03e832172c6886dbb29334f511d868be31de009_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:c947179654ddbef9a0268831920e19fd301187701e5022863736b43d883bf027_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f1b5e410215abb50f6fa0b7575a75fd5d2f4a6ad901566fca037c96a31455f07_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f848e0bedee28d10351781cc25fb7662bfbf692d1ed2f5972032d7ed5d50ede6_s390x", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:243757043ae12bb32ada35638b39f0ad8621dbb2a4f0b0ea2cc00ef22398e3c0_amd64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:341056443b4b4b73d399906ab4c6752557b170a894f2791c8e96ac448dfd1094_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:3f57e8c1c090bf3e276966e15903c372551b9360f4558589a66b5f5b112ba735_arm64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:fdaa10d7f6696f36f51aed47f96575a2ef4bca1a4912af0c75ac4a2f4a0eb7cc_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:38a621bda3e0b14787f3fe412ecf7016d090f71d4645cfb1a196ac7c7bbf96f1_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:8ae7446f334fafdcdd23886096566ee9a9af6b1c74f825cc7d5ca2797cdc1dbf_amd64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:dec2b37341e2ecdfd29288f623dbbfda388d24794d8e101adb18bd4e6ff6d2d1_arm64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:e4cf9b2d875fbedb7e317aa2038865e82ef965e72f4d1ab3983adfaff11b791f_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1697" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:6127403dba805efc36d574037cd42a28d6b9890ee90695f8bf55d9050a2cf484_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:b9b41d7e3bf03fd203164e1ec9bc894e824decee530a73a3ac64ebd023f0df70_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:dfb51f001b4ff4b926e5651e66c71fdc3fd5ffa56744b401c648ba1e6a04b461_arm64", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:f90e8392c932d527fd720a016341484be74a8934cea153322ad76e192b995d9e_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:6a130b07e68b8e30d78d8d6db6f85b718583fc3ceb35827834a46bd07cee1727_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:c8bc4553ee07fe306549c3a915bc7822ac2fccc1895be00d91a2d5113a0f9231_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fb2afdfdfe8744e2840695b6f4f77f257d7c6f554cb02c9ca6c277bc2d2772be_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fbd1daea3cfa54e43089f97b6ce1887e5f4df027bde9d20ab7e32d1e221b757d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:339617f04389e835b127ed280aeda5f43f6817988c9ebe0ecd0f609b149c3b82_s390x", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:9f9b1dc112f45ec605b817450388b116e523733cd5ad66ba09e91a47b624eed9_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:acd4ec75a69fbf1f04c1f825df2bf3f6fcfdad2f594f441dc01985a3bca9ae75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:c9947f0f6981e1b7e7a8919e59cb36e981eab217d710101947a50f029f9d5864_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:2e20b3f1b6178faab7e1363efe0629998a18d93e134703312b729efdceac9069_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:37aa863fe717c6587e0d3079f1613e36d95d45c8958d6e63940419b801f6cc75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:567428139e895d1a8eea9baaea570ed24dc64dd7d36e65167d029579fbf0cfd4_s390x", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:ffefdc53c0d0b1c6ca36c83d4d0b3a48a5ccafa02aa3c865450d0bc01cfc6983_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-operator-bundle@sha256:648d9e94bd34d93d425132a80b445cc2113f8068c803deb1c241fe73e1b21b56_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:97cd97e2c99c69b94ab9a18d2515114c32b39ea39f25aa5d560e107190e34fbb_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:98c86ba6b3ba5ae4b5c21f1913693174166a1e60a1c6da399e500ed6974ce72e_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:b263b478702fb4de022d5f9906273842ce0613eaefdf6f4ee8f07fc5384f9857_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:c5b00eadf15a9d84727630246efa051e8eb8c73106ada11acf1bc11bcd85f19d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:b655a97c3aeab2feca73b054e03e832172c6886dbb29334f511d868be31de009_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:c947179654ddbef9a0268831920e19fd301187701e5022863736b43d883bf027_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f1b5e410215abb50f6fa0b7575a75fd5d2f4a6ad901566fca037c96a31455f07_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f848e0bedee28d10351781cc25fb7662bfbf692d1ed2f5972032d7ed5d50ede6_s390x", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:243757043ae12bb32ada35638b39f0ad8621dbb2a4f0b0ea2cc00ef22398e3c0_amd64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:341056443b4b4b73d399906ab4c6752557b170a894f2791c8e96ac448dfd1094_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:3f57e8c1c090bf3e276966e15903c372551b9360f4558589a66b5f5b112ba735_arm64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:fdaa10d7f6696f36f51aed47f96575a2ef4bca1a4912af0c75ac4a2f4a0eb7cc_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:38a621bda3e0b14787f3fe412ecf7016d090f71d4645cfb1a196ac7c7bbf96f1_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:8ae7446f334fafdcdd23886096566ee9a9af6b1c74f825cc7d5ca2797cdc1dbf_amd64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:dec2b37341e2ecdfd29288f623dbbfda388d24794d8e101adb18bd4e6ff6d2d1_arm64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:e4cf9b2d875fbedb7e317aa2038865e82ef965e72f4d1ab3983adfaff11b791f_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:6127403dba805efc36d574037cd42a28d6b9890ee90695f8bf55d9050a2cf484_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:b9b41d7e3bf03fd203164e1ec9bc894e824decee530a73a3ac64ebd023f0df70_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:dfb51f001b4ff4b926e5651e66c71fdc3fd5ffa56744b401c648ba1e6a04b461_arm64", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:f90e8392c932d527fd720a016341484be74a8934cea153322ad76e192b995d9e_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:6a130b07e68b8e30d78d8d6db6f85b718583fc3ceb35827834a46bd07cee1727_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:c8bc4553ee07fe306549c3a915bc7822ac2fccc1895be00d91a2d5113a0f9231_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fb2afdfdfe8744e2840695b6f4f77f257d7c6f554cb02c9ca6c277bc2d2772be_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fbd1daea3cfa54e43089f97b6ce1887e5f4df027bde9d20ab7e32d1e221b757d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:339617f04389e835b127ed280aeda5f43f6817988c9ebe0ecd0f609b149c3b82_s390x", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:9f9b1dc112f45ec605b817450388b116e523733cd5ad66ba09e91a47b624eed9_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:acd4ec75a69fbf1f04c1f825df2bf3f6fcfdad2f594f441dc01985a3bca9ae75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:c9947f0f6981e1b7e7a8919e59cb36e981eab217d710101947a50f029f9d5864_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:2e20b3f1b6178faab7e1363efe0629998a18d93e134703312b729efdceac9069_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:37aa863fe717c6587e0d3079f1613e36d95d45c8958d6e63940419b801f6cc75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:567428139e895d1a8eea9baaea570ed24dc64dd7d36e65167d029579fbf0cfd4_s390x", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:ffefdc53c0d0b1c6ca36c83d4d0b3a48a5ccafa02aa3c865450d0bc01cfc6983_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-operator-bundle@sha256:648d9e94bd34d93d425132a80b445cc2113f8068c803deb1c241fe73e1b21b56_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:97cd97e2c99c69b94ab9a18d2515114c32b39ea39f25aa5d560e107190e34fbb_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:98c86ba6b3ba5ae4b5c21f1913693174166a1e60a1c6da399e500ed6974ce72e_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:b263b478702fb4de022d5f9906273842ce0613eaefdf6f4ee8f07fc5384f9857_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:c5b00eadf15a9d84727630246efa051e8eb8c73106ada11acf1bc11bcd85f19d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:b655a97c3aeab2feca73b054e03e832172c6886dbb29334f511d868be31de009_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:c947179654ddbef9a0268831920e19fd301187701e5022863736b43d883bf027_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f1b5e410215abb50f6fa0b7575a75fd5d2f4a6ad901566fca037c96a31455f07_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f848e0bedee28d10351781cc25fb7662bfbf692d1ed2f5972032d7ed5d50ede6_s390x", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:243757043ae12bb32ada35638b39f0ad8621dbb2a4f0b0ea2cc00ef22398e3c0_amd64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:341056443b4b4b73d399906ab4c6752557b170a894f2791c8e96ac448dfd1094_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:3f57e8c1c090bf3e276966e15903c372551b9360f4558589a66b5f5b112ba735_arm64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:fdaa10d7f6696f36f51aed47f96575a2ef4bca1a4912af0c75ac4a2f4a0eb7cc_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:38a621bda3e0b14787f3fe412ecf7016d090f71d4645cfb1a196ac7c7bbf96f1_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:8ae7446f334fafdcdd23886096566ee9a9af6b1c74f825cc7d5ca2797cdc1dbf_amd64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:dec2b37341e2ecdfd29288f623dbbfda388d24794d8e101adb18bd4e6ff6d2d1_arm64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:e4cf9b2d875fbedb7e317aa2038865e82ef965e72f4d1ab3983adfaff11b791f_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "argo-cd: Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss" }, { "cve": "CVE-2024-21661", "cwe": { "id": "CWE-567", "name": "Unsynchronized Access to Shared Data in a Multithreaded Context" }, "discovery_date": "2024-03-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2270173" } ], "notes": [ { "category": "description", "text": "A flaw was found in Argo CD that may result in a remote denial of service. The expireOldFailedAttempts function modifies an array while it is being iterated over. This issue may cause an application crash when executed in a multi-threaded environment if two threads interact with the same array simultaneously.", "title": "Vulnerability description" }, { "category": "summary", "text": "argo-cd: Denial of Service Due to Unsafe Array Modification in Multi-threaded Environment", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:6127403dba805efc36d574037cd42a28d6b9890ee90695f8bf55d9050a2cf484_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:b9b41d7e3bf03fd203164e1ec9bc894e824decee530a73a3ac64ebd023f0df70_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:dfb51f001b4ff4b926e5651e66c71fdc3fd5ffa56744b401c648ba1e6a04b461_arm64", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:f90e8392c932d527fd720a016341484be74a8934cea153322ad76e192b995d9e_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:6a130b07e68b8e30d78d8d6db6f85b718583fc3ceb35827834a46bd07cee1727_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:c8bc4553ee07fe306549c3a915bc7822ac2fccc1895be00d91a2d5113a0f9231_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fb2afdfdfe8744e2840695b6f4f77f257d7c6f554cb02c9ca6c277bc2d2772be_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fbd1daea3cfa54e43089f97b6ce1887e5f4df027bde9d20ab7e32d1e221b757d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:339617f04389e835b127ed280aeda5f43f6817988c9ebe0ecd0f609b149c3b82_s390x", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:9f9b1dc112f45ec605b817450388b116e523733cd5ad66ba09e91a47b624eed9_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:acd4ec75a69fbf1f04c1f825df2bf3f6fcfdad2f594f441dc01985a3bca9ae75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:c9947f0f6981e1b7e7a8919e59cb36e981eab217d710101947a50f029f9d5864_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:2e20b3f1b6178faab7e1363efe0629998a18d93e134703312b729efdceac9069_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:37aa863fe717c6587e0d3079f1613e36d95d45c8958d6e63940419b801f6cc75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:567428139e895d1a8eea9baaea570ed24dc64dd7d36e65167d029579fbf0cfd4_s390x", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:ffefdc53c0d0b1c6ca36c83d4d0b3a48a5ccafa02aa3c865450d0bc01cfc6983_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-operator-bundle@sha256:648d9e94bd34d93d425132a80b445cc2113f8068c803deb1c241fe73e1b21b56_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:97cd97e2c99c69b94ab9a18d2515114c32b39ea39f25aa5d560e107190e34fbb_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:98c86ba6b3ba5ae4b5c21f1913693174166a1e60a1c6da399e500ed6974ce72e_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:b263b478702fb4de022d5f9906273842ce0613eaefdf6f4ee8f07fc5384f9857_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:c5b00eadf15a9d84727630246efa051e8eb8c73106ada11acf1bc11bcd85f19d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:b655a97c3aeab2feca73b054e03e832172c6886dbb29334f511d868be31de009_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:c947179654ddbef9a0268831920e19fd301187701e5022863736b43d883bf027_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f1b5e410215abb50f6fa0b7575a75fd5d2f4a6ad901566fca037c96a31455f07_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f848e0bedee28d10351781cc25fb7662bfbf692d1ed2f5972032d7ed5d50ede6_s390x", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:243757043ae12bb32ada35638b39f0ad8621dbb2a4f0b0ea2cc00ef22398e3c0_amd64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:341056443b4b4b73d399906ab4c6752557b170a894f2791c8e96ac448dfd1094_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:3f57e8c1c090bf3e276966e15903c372551b9360f4558589a66b5f5b112ba735_arm64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:fdaa10d7f6696f36f51aed47f96575a2ef4bca1a4912af0c75ac4a2f4a0eb7cc_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:38a621bda3e0b14787f3fe412ecf7016d090f71d4645cfb1a196ac7c7bbf96f1_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:8ae7446f334fafdcdd23886096566ee9a9af6b1c74f825cc7d5ca2797cdc1dbf_amd64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:dec2b37341e2ecdfd29288f623dbbfda388d24794d8e101adb18bd4e6ff6d2d1_arm64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:e4cf9b2d875fbedb7e317aa2038865e82ef965e72f4d1ab3983adfaff11b791f_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-21661" }, { "category": "external", "summary": "RHBZ#2270173", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270173" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21661", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21661" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21661", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21661" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-6v85-wr92-q4p7", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-6v85-wr92-q4p7" } ], "release_date": "2024-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-08T13:36:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:6127403dba805efc36d574037cd42a28d6b9890ee90695f8bf55d9050a2cf484_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:b9b41d7e3bf03fd203164e1ec9bc894e824decee530a73a3ac64ebd023f0df70_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:dfb51f001b4ff4b926e5651e66c71fdc3fd5ffa56744b401c648ba1e6a04b461_arm64", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:f90e8392c932d527fd720a016341484be74a8934cea153322ad76e192b995d9e_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:6a130b07e68b8e30d78d8d6db6f85b718583fc3ceb35827834a46bd07cee1727_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:c8bc4553ee07fe306549c3a915bc7822ac2fccc1895be00d91a2d5113a0f9231_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fb2afdfdfe8744e2840695b6f4f77f257d7c6f554cb02c9ca6c277bc2d2772be_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fbd1daea3cfa54e43089f97b6ce1887e5f4df027bde9d20ab7e32d1e221b757d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:339617f04389e835b127ed280aeda5f43f6817988c9ebe0ecd0f609b149c3b82_s390x", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:9f9b1dc112f45ec605b817450388b116e523733cd5ad66ba09e91a47b624eed9_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:acd4ec75a69fbf1f04c1f825df2bf3f6fcfdad2f594f441dc01985a3bca9ae75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:c9947f0f6981e1b7e7a8919e59cb36e981eab217d710101947a50f029f9d5864_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:2e20b3f1b6178faab7e1363efe0629998a18d93e134703312b729efdceac9069_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:37aa863fe717c6587e0d3079f1613e36d95d45c8958d6e63940419b801f6cc75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:567428139e895d1a8eea9baaea570ed24dc64dd7d36e65167d029579fbf0cfd4_s390x", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:ffefdc53c0d0b1c6ca36c83d4d0b3a48a5ccafa02aa3c865450d0bc01cfc6983_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-operator-bundle@sha256:648d9e94bd34d93d425132a80b445cc2113f8068c803deb1c241fe73e1b21b56_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:97cd97e2c99c69b94ab9a18d2515114c32b39ea39f25aa5d560e107190e34fbb_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:98c86ba6b3ba5ae4b5c21f1913693174166a1e60a1c6da399e500ed6974ce72e_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:b263b478702fb4de022d5f9906273842ce0613eaefdf6f4ee8f07fc5384f9857_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:c5b00eadf15a9d84727630246efa051e8eb8c73106ada11acf1bc11bcd85f19d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:b655a97c3aeab2feca73b054e03e832172c6886dbb29334f511d868be31de009_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:c947179654ddbef9a0268831920e19fd301187701e5022863736b43d883bf027_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f1b5e410215abb50f6fa0b7575a75fd5d2f4a6ad901566fca037c96a31455f07_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f848e0bedee28d10351781cc25fb7662bfbf692d1ed2f5972032d7ed5d50ede6_s390x", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:243757043ae12bb32ada35638b39f0ad8621dbb2a4f0b0ea2cc00ef22398e3c0_amd64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:341056443b4b4b73d399906ab4c6752557b170a894f2791c8e96ac448dfd1094_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:3f57e8c1c090bf3e276966e15903c372551b9360f4558589a66b5f5b112ba735_arm64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:fdaa10d7f6696f36f51aed47f96575a2ef4bca1a4912af0c75ac4a2f4a0eb7cc_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:38a621bda3e0b14787f3fe412ecf7016d090f71d4645cfb1a196ac7c7bbf96f1_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:8ae7446f334fafdcdd23886096566ee9a9af6b1c74f825cc7d5ca2797cdc1dbf_amd64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:dec2b37341e2ecdfd29288f623dbbfda388d24794d8e101adb18bd4e6ff6d2d1_arm64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:e4cf9b2d875fbedb7e317aa2038865e82ef965e72f4d1ab3983adfaff11b791f_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1697" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:6127403dba805efc36d574037cd42a28d6b9890ee90695f8bf55d9050a2cf484_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:b9b41d7e3bf03fd203164e1ec9bc894e824decee530a73a3ac64ebd023f0df70_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:dfb51f001b4ff4b926e5651e66c71fdc3fd5ffa56744b401c648ba1e6a04b461_arm64", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:f90e8392c932d527fd720a016341484be74a8934cea153322ad76e192b995d9e_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:6a130b07e68b8e30d78d8d6db6f85b718583fc3ceb35827834a46bd07cee1727_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:c8bc4553ee07fe306549c3a915bc7822ac2fccc1895be00d91a2d5113a0f9231_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fb2afdfdfe8744e2840695b6f4f77f257d7c6f554cb02c9ca6c277bc2d2772be_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fbd1daea3cfa54e43089f97b6ce1887e5f4df027bde9d20ab7e32d1e221b757d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:339617f04389e835b127ed280aeda5f43f6817988c9ebe0ecd0f609b149c3b82_s390x", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:9f9b1dc112f45ec605b817450388b116e523733cd5ad66ba09e91a47b624eed9_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:acd4ec75a69fbf1f04c1f825df2bf3f6fcfdad2f594f441dc01985a3bca9ae75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:c9947f0f6981e1b7e7a8919e59cb36e981eab217d710101947a50f029f9d5864_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:2e20b3f1b6178faab7e1363efe0629998a18d93e134703312b729efdceac9069_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:37aa863fe717c6587e0d3079f1613e36d95d45c8958d6e63940419b801f6cc75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:567428139e895d1a8eea9baaea570ed24dc64dd7d36e65167d029579fbf0cfd4_s390x", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:ffefdc53c0d0b1c6ca36c83d4d0b3a48a5ccafa02aa3c865450d0bc01cfc6983_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-operator-bundle@sha256:648d9e94bd34d93d425132a80b445cc2113f8068c803deb1c241fe73e1b21b56_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:97cd97e2c99c69b94ab9a18d2515114c32b39ea39f25aa5d560e107190e34fbb_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:98c86ba6b3ba5ae4b5c21f1913693174166a1e60a1c6da399e500ed6974ce72e_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:b263b478702fb4de022d5f9906273842ce0613eaefdf6f4ee8f07fc5384f9857_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:c5b00eadf15a9d84727630246efa051e8eb8c73106ada11acf1bc11bcd85f19d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:b655a97c3aeab2feca73b054e03e832172c6886dbb29334f511d868be31de009_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:c947179654ddbef9a0268831920e19fd301187701e5022863736b43d883bf027_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f1b5e410215abb50f6fa0b7575a75fd5d2f4a6ad901566fca037c96a31455f07_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f848e0bedee28d10351781cc25fb7662bfbf692d1ed2f5972032d7ed5d50ede6_s390x", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:243757043ae12bb32ada35638b39f0ad8621dbb2a4f0b0ea2cc00ef22398e3c0_amd64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:341056443b4b4b73d399906ab4c6752557b170a894f2791c8e96ac448dfd1094_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:3f57e8c1c090bf3e276966e15903c372551b9360f4558589a66b5f5b112ba735_arm64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:fdaa10d7f6696f36f51aed47f96575a2ef4bca1a4912af0c75ac4a2f4a0eb7cc_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:38a621bda3e0b14787f3fe412ecf7016d090f71d4645cfb1a196ac7c7bbf96f1_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:8ae7446f334fafdcdd23886096566ee9a9af6b1c74f825cc7d5ca2797cdc1dbf_amd64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:dec2b37341e2ecdfd29288f623dbbfda388d24794d8e101adb18bd4e6ff6d2d1_arm64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:e4cf9b2d875fbedb7e317aa2038865e82ef965e72f4d1ab3983adfaff11b791f_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:6127403dba805efc36d574037cd42a28d6b9890ee90695f8bf55d9050a2cf484_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:b9b41d7e3bf03fd203164e1ec9bc894e824decee530a73a3ac64ebd023f0df70_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:dfb51f001b4ff4b926e5651e66c71fdc3fd5ffa56744b401c648ba1e6a04b461_arm64", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:f90e8392c932d527fd720a016341484be74a8934cea153322ad76e192b995d9e_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:6a130b07e68b8e30d78d8d6db6f85b718583fc3ceb35827834a46bd07cee1727_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:c8bc4553ee07fe306549c3a915bc7822ac2fccc1895be00d91a2d5113a0f9231_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fb2afdfdfe8744e2840695b6f4f77f257d7c6f554cb02c9ca6c277bc2d2772be_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fbd1daea3cfa54e43089f97b6ce1887e5f4df027bde9d20ab7e32d1e221b757d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:339617f04389e835b127ed280aeda5f43f6817988c9ebe0ecd0f609b149c3b82_s390x", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:9f9b1dc112f45ec605b817450388b116e523733cd5ad66ba09e91a47b624eed9_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:acd4ec75a69fbf1f04c1f825df2bf3f6fcfdad2f594f441dc01985a3bca9ae75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:c9947f0f6981e1b7e7a8919e59cb36e981eab217d710101947a50f029f9d5864_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:2e20b3f1b6178faab7e1363efe0629998a18d93e134703312b729efdceac9069_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:37aa863fe717c6587e0d3079f1613e36d95d45c8958d6e63940419b801f6cc75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:567428139e895d1a8eea9baaea570ed24dc64dd7d36e65167d029579fbf0cfd4_s390x", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:ffefdc53c0d0b1c6ca36c83d4d0b3a48a5ccafa02aa3c865450d0bc01cfc6983_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-operator-bundle@sha256:648d9e94bd34d93d425132a80b445cc2113f8068c803deb1c241fe73e1b21b56_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:97cd97e2c99c69b94ab9a18d2515114c32b39ea39f25aa5d560e107190e34fbb_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:98c86ba6b3ba5ae4b5c21f1913693174166a1e60a1c6da399e500ed6974ce72e_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:b263b478702fb4de022d5f9906273842ce0613eaefdf6f4ee8f07fc5384f9857_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:c5b00eadf15a9d84727630246efa051e8eb8c73106ada11acf1bc11bcd85f19d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:b655a97c3aeab2feca73b054e03e832172c6886dbb29334f511d868be31de009_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:c947179654ddbef9a0268831920e19fd301187701e5022863736b43d883bf027_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f1b5e410215abb50f6fa0b7575a75fd5d2f4a6ad901566fca037c96a31455f07_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f848e0bedee28d10351781cc25fb7662bfbf692d1ed2f5972032d7ed5d50ede6_s390x", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:243757043ae12bb32ada35638b39f0ad8621dbb2a4f0b0ea2cc00ef22398e3c0_amd64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:341056443b4b4b73d399906ab4c6752557b170a894f2791c8e96ac448dfd1094_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:3f57e8c1c090bf3e276966e15903c372551b9360f4558589a66b5f5b112ba735_arm64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:fdaa10d7f6696f36f51aed47f96575a2ef4bca1a4912af0c75ac4a2f4a0eb7cc_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:38a621bda3e0b14787f3fe412ecf7016d090f71d4645cfb1a196ac7c7bbf96f1_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:8ae7446f334fafdcdd23886096566ee9a9af6b1c74f825cc7d5ca2797cdc1dbf_amd64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:dec2b37341e2ecdfd29288f623dbbfda388d24794d8e101adb18bd4e6ff6d2d1_arm64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:e4cf9b2d875fbedb7e317aa2038865e82ef965e72f4d1ab3983adfaff11b791f_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "argo-cd: Denial of Service Due to Unsafe Array Modification in Multi-threaded Environment" }, { "cve": "CVE-2024-21662", "cwe": { "id": "CWE-307", "name": "Improper Restriction of Excessive Authentication Attempts" }, "discovery_date": "2024-03-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2270182" } ], "notes": [ { "category": "description", "text": "A flaw was found in Argo CD, where the rate limit for login attempts may be bypassed due to an incomplete fix for CVE-2020-8827. The cache-based mechanism is limited to a `defaultMaxCacheSize` of 1000 entries. An attacker can overflow this cache by sending excessive login attempts for different users, thereby pushing out the admin account\u0027s failed attempts and effectively resetting the rate limit for that account. This enables attackers to perform brute force attacks at an accelerated rate, especially targeting the default admin account.", "title": "Vulnerability description" }, { "category": "summary", "text": "argo-cd: Bypassing Rate Limit and Brute Force Protection Using Cache Overflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:6127403dba805efc36d574037cd42a28d6b9890ee90695f8bf55d9050a2cf484_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:b9b41d7e3bf03fd203164e1ec9bc894e824decee530a73a3ac64ebd023f0df70_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:dfb51f001b4ff4b926e5651e66c71fdc3fd5ffa56744b401c648ba1e6a04b461_arm64", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:f90e8392c932d527fd720a016341484be74a8934cea153322ad76e192b995d9e_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:6a130b07e68b8e30d78d8d6db6f85b718583fc3ceb35827834a46bd07cee1727_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:c8bc4553ee07fe306549c3a915bc7822ac2fccc1895be00d91a2d5113a0f9231_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fb2afdfdfe8744e2840695b6f4f77f257d7c6f554cb02c9ca6c277bc2d2772be_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fbd1daea3cfa54e43089f97b6ce1887e5f4df027bde9d20ab7e32d1e221b757d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:339617f04389e835b127ed280aeda5f43f6817988c9ebe0ecd0f609b149c3b82_s390x", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:9f9b1dc112f45ec605b817450388b116e523733cd5ad66ba09e91a47b624eed9_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:acd4ec75a69fbf1f04c1f825df2bf3f6fcfdad2f594f441dc01985a3bca9ae75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:c9947f0f6981e1b7e7a8919e59cb36e981eab217d710101947a50f029f9d5864_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:2e20b3f1b6178faab7e1363efe0629998a18d93e134703312b729efdceac9069_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:37aa863fe717c6587e0d3079f1613e36d95d45c8958d6e63940419b801f6cc75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:567428139e895d1a8eea9baaea570ed24dc64dd7d36e65167d029579fbf0cfd4_s390x", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:ffefdc53c0d0b1c6ca36c83d4d0b3a48a5ccafa02aa3c865450d0bc01cfc6983_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-operator-bundle@sha256:648d9e94bd34d93d425132a80b445cc2113f8068c803deb1c241fe73e1b21b56_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:97cd97e2c99c69b94ab9a18d2515114c32b39ea39f25aa5d560e107190e34fbb_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:98c86ba6b3ba5ae4b5c21f1913693174166a1e60a1c6da399e500ed6974ce72e_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:b263b478702fb4de022d5f9906273842ce0613eaefdf6f4ee8f07fc5384f9857_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:c5b00eadf15a9d84727630246efa051e8eb8c73106ada11acf1bc11bcd85f19d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:b655a97c3aeab2feca73b054e03e832172c6886dbb29334f511d868be31de009_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:c947179654ddbef9a0268831920e19fd301187701e5022863736b43d883bf027_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f1b5e410215abb50f6fa0b7575a75fd5d2f4a6ad901566fca037c96a31455f07_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f848e0bedee28d10351781cc25fb7662bfbf692d1ed2f5972032d7ed5d50ede6_s390x", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:243757043ae12bb32ada35638b39f0ad8621dbb2a4f0b0ea2cc00ef22398e3c0_amd64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:341056443b4b4b73d399906ab4c6752557b170a894f2791c8e96ac448dfd1094_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:3f57e8c1c090bf3e276966e15903c372551b9360f4558589a66b5f5b112ba735_arm64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:fdaa10d7f6696f36f51aed47f96575a2ef4bca1a4912af0c75ac4a2f4a0eb7cc_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:38a621bda3e0b14787f3fe412ecf7016d090f71d4645cfb1a196ac7c7bbf96f1_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:8ae7446f334fafdcdd23886096566ee9a9af6b1c74f825cc7d5ca2797cdc1dbf_amd64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:dec2b37341e2ecdfd29288f623dbbfda388d24794d8e101adb18bd4e6ff6d2d1_arm64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:e4cf9b2d875fbedb7e317aa2038865e82ef965e72f4d1ab3983adfaff11b791f_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-21662" }, { "category": "external", "summary": "RHBZ#2270182", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270182" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21662", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21662" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21662", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21662" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/commit/17b0df1168a4c535f6f37e95f25ed7cd81e1fa4d", "url": "https://github.com/argoproj/argo-cd/commit/17b0df1168a4c535f6f37e95f25ed7cd81e1fa4d" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/commit/6e181d72b31522f886a2afa029d5b26d7912ec7b", "url": "https://github.com/argoproj/argo-cd/commit/6e181d72b31522f886a2afa029d5b26d7912ec7b" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/commit/cebb6538f7944c87ca2fecb5d17f8baacc431456", "url": "https://github.com/argoproj/argo-cd/commit/cebb6538f7944c87ca2fecb5d17f8baacc431456" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2vgg-9h6w-m454", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2vgg-9h6w-m454" } ], "release_date": "2024-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-08T13:36:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:6127403dba805efc36d574037cd42a28d6b9890ee90695f8bf55d9050a2cf484_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:b9b41d7e3bf03fd203164e1ec9bc894e824decee530a73a3ac64ebd023f0df70_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:dfb51f001b4ff4b926e5651e66c71fdc3fd5ffa56744b401c648ba1e6a04b461_arm64", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:f90e8392c932d527fd720a016341484be74a8934cea153322ad76e192b995d9e_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:6a130b07e68b8e30d78d8d6db6f85b718583fc3ceb35827834a46bd07cee1727_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:c8bc4553ee07fe306549c3a915bc7822ac2fccc1895be00d91a2d5113a0f9231_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fb2afdfdfe8744e2840695b6f4f77f257d7c6f554cb02c9ca6c277bc2d2772be_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fbd1daea3cfa54e43089f97b6ce1887e5f4df027bde9d20ab7e32d1e221b757d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:339617f04389e835b127ed280aeda5f43f6817988c9ebe0ecd0f609b149c3b82_s390x", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:9f9b1dc112f45ec605b817450388b116e523733cd5ad66ba09e91a47b624eed9_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:acd4ec75a69fbf1f04c1f825df2bf3f6fcfdad2f594f441dc01985a3bca9ae75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:c9947f0f6981e1b7e7a8919e59cb36e981eab217d710101947a50f029f9d5864_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:2e20b3f1b6178faab7e1363efe0629998a18d93e134703312b729efdceac9069_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:37aa863fe717c6587e0d3079f1613e36d95d45c8958d6e63940419b801f6cc75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:567428139e895d1a8eea9baaea570ed24dc64dd7d36e65167d029579fbf0cfd4_s390x", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:ffefdc53c0d0b1c6ca36c83d4d0b3a48a5ccafa02aa3c865450d0bc01cfc6983_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-operator-bundle@sha256:648d9e94bd34d93d425132a80b445cc2113f8068c803deb1c241fe73e1b21b56_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:97cd97e2c99c69b94ab9a18d2515114c32b39ea39f25aa5d560e107190e34fbb_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:98c86ba6b3ba5ae4b5c21f1913693174166a1e60a1c6da399e500ed6974ce72e_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:b263b478702fb4de022d5f9906273842ce0613eaefdf6f4ee8f07fc5384f9857_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:c5b00eadf15a9d84727630246efa051e8eb8c73106ada11acf1bc11bcd85f19d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:b655a97c3aeab2feca73b054e03e832172c6886dbb29334f511d868be31de009_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:c947179654ddbef9a0268831920e19fd301187701e5022863736b43d883bf027_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f1b5e410215abb50f6fa0b7575a75fd5d2f4a6ad901566fca037c96a31455f07_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f848e0bedee28d10351781cc25fb7662bfbf692d1ed2f5972032d7ed5d50ede6_s390x", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:243757043ae12bb32ada35638b39f0ad8621dbb2a4f0b0ea2cc00ef22398e3c0_amd64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:341056443b4b4b73d399906ab4c6752557b170a894f2791c8e96ac448dfd1094_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:3f57e8c1c090bf3e276966e15903c372551b9360f4558589a66b5f5b112ba735_arm64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:fdaa10d7f6696f36f51aed47f96575a2ef4bca1a4912af0c75ac4a2f4a0eb7cc_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:38a621bda3e0b14787f3fe412ecf7016d090f71d4645cfb1a196ac7c7bbf96f1_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:8ae7446f334fafdcdd23886096566ee9a9af6b1c74f825cc7d5ca2797cdc1dbf_amd64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:dec2b37341e2ecdfd29288f623dbbfda388d24794d8e101adb18bd4e6ff6d2d1_arm64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:e4cf9b2d875fbedb7e317aa2038865e82ef965e72f4d1ab3983adfaff11b791f_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1697" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:6127403dba805efc36d574037cd42a28d6b9890ee90695f8bf55d9050a2cf484_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:b9b41d7e3bf03fd203164e1ec9bc894e824decee530a73a3ac64ebd023f0df70_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:dfb51f001b4ff4b926e5651e66c71fdc3fd5ffa56744b401c648ba1e6a04b461_arm64", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:f90e8392c932d527fd720a016341484be74a8934cea153322ad76e192b995d9e_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:6a130b07e68b8e30d78d8d6db6f85b718583fc3ceb35827834a46bd07cee1727_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:c8bc4553ee07fe306549c3a915bc7822ac2fccc1895be00d91a2d5113a0f9231_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fb2afdfdfe8744e2840695b6f4f77f257d7c6f554cb02c9ca6c277bc2d2772be_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fbd1daea3cfa54e43089f97b6ce1887e5f4df027bde9d20ab7e32d1e221b757d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:339617f04389e835b127ed280aeda5f43f6817988c9ebe0ecd0f609b149c3b82_s390x", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:9f9b1dc112f45ec605b817450388b116e523733cd5ad66ba09e91a47b624eed9_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:acd4ec75a69fbf1f04c1f825df2bf3f6fcfdad2f594f441dc01985a3bca9ae75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:c9947f0f6981e1b7e7a8919e59cb36e981eab217d710101947a50f029f9d5864_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:2e20b3f1b6178faab7e1363efe0629998a18d93e134703312b729efdceac9069_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:37aa863fe717c6587e0d3079f1613e36d95d45c8958d6e63940419b801f6cc75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:567428139e895d1a8eea9baaea570ed24dc64dd7d36e65167d029579fbf0cfd4_s390x", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:ffefdc53c0d0b1c6ca36c83d4d0b3a48a5ccafa02aa3c865450d0bc01cfc6983_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-operator-bundle@sha256:648d9e94bd34d93d425132a80b445cc2113f8068c803deb1c241fe73e1b21b56_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:97cd97e2c99c69b94ab9a18d2515114c32b39ea39f25aa5d560e107190e34fbb_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:98c86ba6b3ba5ae4b5c21f1913693174166a1e60a1c6da399e500ed6974ce72e_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:b263b478702fb4de022d5f9906273842ce0613eaefdf6f4ee8f07fc5384f9857_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:c5b00eadf15a9d84727630246efa051e8eb8c73106ada11acf1bc11bcd85f19d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:b655a97c3aeab2feca73b054e03e832172c6886dbb29334f511d868be31de009_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:c947179654ddbef9a0268831920e19fd301187701e5022863736b43d883bf027_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f1b5e410215abb50f6fa0b7575a75fd5d2f4a6ad901566fca037c96a31455f07_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f848e0bedee28d10351781cc25fb7662bfbf692d1ed2f5972032d7ed5d50ede6_s390x", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:243757043ae12bb32ada35638b39f0ad8621dbb2a4f0b0ea2cc00ef22398e3c0_amd64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:341056443b4b4b73d399906ab4c6752557b170a894f2791c8e96ac448dfd1094_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:3f57e8c1c090bf3e276966e15903c372551b9360f4558589a66b5f5b112ba735_arm64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:fdaa10d7f6696f36f51aed47f96575a2ef4bca1a4912af0c75ac4a2f4a0eb7cc_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:38a621bda3e0b14787f3fe412ecf7016d090f71d4645cfb1a196ac7c7bbf96f1_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:8ae7446f334fafdcdd23886096566ee9a9af6b1c74f825cc7d5ca2797cdc1dbf_amd64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:dec2b37341e2ecdfd29288f623dbbfda388d24794d8e101adb18bd4e6ff6d2d1_arm64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:e4cf9b2d875fbedb7e317aa2038865e82ef965e72f4d1ab3983adfaff11b791f_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:6127403dba805efc36d574037cd42a28d6b9890ee90695f8bf55d9050a2cf484_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:b9b41d7e3bf03fd203164e1ec9bc894e824decee530a73a3ac64ebd023f0df70_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:dfb51f001b4ff4b926e5651e66c71fdc3fd5ffa56744b401c648ba1e6a04b461_arm64", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:f90e8392c932d527fd720a016341484be74a8934cea153322ad76e192b995d9e_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:6a130b07e68b8e30d78d8d6db6f85b718583fc3ceb35827834a46bd07cee1727_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:c8bc4553ee07fe306549c3a915bc7822ac2fccc1895be00d91a2d5113a0f9231_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fb2afdfdfe8744e2840695b6f4f77f257d7c6f554cb02c9ca6c277bc2d2772be_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fbd1daea3cfa54e43089f97b6ce1887e5f4df027bde9d20ab7e32d1e221b757d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:339617f04389e835b127ed280aeda5f43f6817988c9ebe0ecd0f609b149c3b82_s390x", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:9f9b1dc112f45ec605b817450388b116e523733cd5ad66ba09e91a47b624eed9_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:acd4ec75a69fbf1f04c1f825df2bf3f6fcfdad2f594f441dc01985a3bca9ae75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:c9947f0f6981e1b7e7a8919e59cb36e981eab217d710101947a50f029f9d5864_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:2e20b3f1b6178faab7e1363efe0629998a18d93e134703312b729efdceac9069_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:37aa863fe717c6587e0d3079f1613e36d95d45c8958d6e63940419b801f6cc75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:567428139e895d1a8eea9baaea570ed24dc64dd7d36e65167d029579fbf0cfd4_s390x", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:ffefdc53c0d0b1c6ca36c83d4d0b3a48a5ccafa02aa3c865450d0bc01cfc6983_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-operator-bundle@sha256:648d9e94bd34d93d425132a80b445cc2113f8068c803deb1c241fe73e1b21b56_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:97cd97e2c99c69b94ab9a18d2515114c32b39ea39f25aa5d560e107190e34fbb_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:98c86ba6b3ba5ae4b5c21f1913693174166a1e60a1c6da399e500ed6974ce72e_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:b263b478702fb4de022d5f9906273842ce0613eaefdf6f4ee8f07fc5384f9857_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:c5b00eadf15a9d84727630246efa051e8eb8c73106ada11acf1bc11bcd85f19d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:b655a97c3aeab2feca73b054e03e832172c6886dbb29334f511d868be31de009_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:c947179654ddbef9a0268831920e19fd301187701e5022863736b43d883bf027_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f1b5e410215abb50f6fa0b7575a75fd5d2f4a6ad901566fca037c96a31455f07_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f848e0bedee28d10351781cc25fb7662bfbf692d1ed2f5972032d7ed5d50ede6_s390x", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:243757043ae12bb32ada35638b39f0ad8621dbb2a4f0b0ea2cc00ef22398e3c0_amd64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:341056443b4b4b73d399906ab4c6752557b170a894f2791c8e96ac448dfd1094_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:3f57e8c1c090bf3e276966e15903c372551b9360f4558589a66b5f5b112ba735_arm64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:fdaa10d7f6696f36f51aed47f96575a2ef4bca1a4912af0c75ac4a2f4a0eb7cc_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:38a621bda3e0b14787f3fe412ecf7016d090f71d4645cfb1a196ac7c7bbf96f1_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:8ae7446f334fafdcdd23886096566ee9a9af6b1c74f825cc7d5ca2797cdc1dbf_amd64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:dec2b37341e2ecdfd29288f623dbbfda388d24794d8e101adb18bd4e6ff6d2d1_arm64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:e4cf9b2d875fbedb7e317aa2038865e82ef965e72f4d1ab3983adfaff11b791f_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "argo-cd: Bypassing Rate Limit and Brute Force Protection Using Cache Overflow" }, { "cve": "CVE-2024-29893", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-03-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2272211" } ], "notes": [ { "category": "description", "text": "The ArgoCD repo-server component is vulnerable to a denial of service attack, where it is possible to crash the repo server component through an out-of-memory error by pointing it to a malicious Helm registry. The loadRepoIndex() function in the ArgoCD\u0027s helm package does not limit the size or time while fetching the data. It fetches and creates a byte slice from the retrieved data in one go. If the registry is implemented to push data continuously, the repo server will keep allocating memory until it runs out.", "title": "Vulnerability description" }, { "category": "summary", "text": "argo-cd: uncontrolled memory allocation vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:6127403dba805efc36d574037cd42a28d6b9890ee90695f8bf55d9050a2cf484_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:b9b41d7e3bf03fd203164e1ec9bc894e824decee530a73a3ac64ebd023f0df70_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:dfb51f001b4ff4b926e5651e66c71fdc3fd5ffa56744b401c648ba1e6a04b461_arm64", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:f90e8392c932d527fd720a016341484be74a8934cea153322ad76e192b995d9e_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:6a130b07e68b8e30d78d8d6db6f85b718583fc3ceb35827834a46bd07cee1727_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:c8bc4553ee07fe306549c3a915bc7822ac2fccc1895be00d91a2d5113a0f9231_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fb2afdfdfe8744e2840695b6f4f77f257d7c6f554cb02c9ca6c277bc2d2772be_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fbd1daea3cfa54e43089f97b6ce1887e5f4df027bde9d20ab7e32d1e221b757d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:339617f04389e835b127ed280aeda5f43f6817988c9ebe0ecd0f609b149c3b82_s390x", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:9f9b1dc112f45ec605b817450388b116e523733cd5ad66ba09e91a47b624eed9_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:acd4ec75a69fbf1f04c1f825df2bf3f6fcfdad2f594f441dc01985a3bca9ae75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:c9947f0f6981e1b7e7a8919e59cb36e981eab217d710101947a50f029f9d5864_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:2e20b3f1b6178faab7e1363efe0629998a18d93e134703312b729efdceac9069_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:37aa863fe717c6587e0d3079f1613e36d95d45c8958d6e63940419b801f6cc75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:567428139e895d1a8eea9baaea570ed24dc64dd7d36e65167d029579fbf0cfd4_s390x", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:ffefdc53c0d0b1c6ca36c83d4d0b3a48a5ccafa02aa3c865450d0bc01cfc6983_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-operator-bundle@sha256:648d9e94bd34d93d425132a80b445cc2113f8068c803deb1c241fe73e1b21b56_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:97cd97e2c99c69b94ab9a18d2515114c32b39ea39f25aa5d560e107190e34fbb_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:98c86ba6b3ba5ae4b5c21f1913693174166a1e60a1c6da399e500ed6974ce72e_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:b263b478702fb4de022d5f9906273842ce0613eaefdf6f4ee8f07fc5384f9857_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:c5b00eadf15a9d84727630246efa051e8eb8c73106ada11acf1bc11bcd85f19d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:b655a97c3aeab2feca73b054e03e832172c6886dbb29334f511d868be31de009_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:c947179654ddbef9a0268831920e19fd301187701e5022863736b43d883bf027_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f1b5e410215abb50f6fa0b7575a75fd5d2f4a6ad901566fca037c96a31455f07_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f848e0bedee28d10351781cc25fb7662bfbf692d1ed2f5972032d7ed5d50ede6_s390x", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:243757043ae12bb32ada35638b39f0ad8621dbb2a4f0b0ea2cc00ef22398e3c0_amd64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:341056443b4b4b73d399906ab4c6752557b170a894f2791c8e96ac448dfd1094_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:3f57e8c1c090bf3e276966e15903c372551b9360f4558589a66b5f5b112ba735_arm64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:fdaa10d7f6696f36f51aed47f96575a2ef4bca1a4912af0c75ac4a2f4a0eb7cc_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:38a621bda3e0b14787f3fe412ecf7016d090f71d4645cfb1a196ac7c7bbf96f1_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:8ae7446f334fafdcdd23886096566ee9a9af6b1c74f825cc7d5ca2797cdc1dbf_amd64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:dec2b37341e2ecdfd29288f623dbbfda388d24794d8e101adb18bd4e6ff6d2d1_arm64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:e4cf9b2d875fbedb7e317aa2038865e82ef965e72f4d1ab3983adfaff11b791f_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-29893" }, { "category": "external", "summary": "RHBZ#2272211", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272211" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29893", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29893" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29893", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29893" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/commit/14f681e3ee7c38731943b98f92277e88a3db109d", "url": "https://github.com/argoproj/argo-cd/commit/14f681e3ee7c38731943b98f92277e88a3db109d" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/commit/36b8a12a38f8d92d55bffc81deed44389bf6eb59", "url": "https://github.com/argoproj/argo-cd/commit/36b8a12a38f8d92d55bffc81deed44389bf6eb59" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/commit/3e5a878f6e30d935fa149723ea2a2e93748fcddd", "url": "https://github.com/argoproj/argo-cd/commit/3e5a878f6e30d935fa149723ea2a2e93748fcddd" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-jhwx-mhww-rgc3", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-jhwx-mhww-rgc3" } ], "release_date": "2024-03-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-08T13:36:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:6127403dba805efc36d574037cd42a28d6b9890ee90695f8bf55d9050a2cf484_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:b9b41d7e3bf03fd203164e1ec9bc894e824decee530a73a3ac64ebd023f0df70_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:dfb51f001b4ff4b926e5651e66c71fdc3fd5ffa56744b401c648ba1e6a04b461_arm64", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:f90e8392c932d527fd720a016341484be74a8934cea153322ad76e192b995d9e_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:6a130b07e68b8e30d78d8d6db6f85b718583fc3ceb35827834a46bd07cee1727_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:c8bc4553ee07fe306549c3a915bc7822ac2fccc1895be00d91a2d5113a0f9231_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fb2afdfdfe8744e2840695b6f4f77f257d7c6f554cb02c9ca6c277bc2d2772be_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fbd1daea3cfa54e43089f97b6ce1887e5f4df027bde9d20ab7e32d1e221b757d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:339617f04389e835b127ed280aeda5f43f6817988c9ebe0ecd0f609b149c3b82_s390x", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:9f9b1dc112f45ec605b817450388b116e523733cd5ad66ba09e91a47b624eed9_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:acd4ec75a69fbf1f04c1f825df2bf3f6fcfdad2f594f441dc01985a3bca9ae75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:c9947f0f6981e1b7e7a8919e59cb36e981eab217d710101947a50f029f9d5864_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:2e20b3f1b6178faab7e1363efe0629998a18d93e134703312b729efdceac9069_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:37aa863fe717c6587e0d3079f1613e36d95d45c8958d6e63940419b801f6cc75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:567428139e895d1a8eea9baaea570ed24dc64dd7d36e65167d029579fbf0cfd4_s390x", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:ffefdc53c0d0b1c6ca36c83d4d0b3a48a5ccafa02aa3c865450d0bc01cfc6983_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-operator-bundle@sha256:648d9e94bd34d93d425132a80b445cc2113f8068c803deb1c241fe73e1b21b56_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:97cd97e2c99c69b94ab9a18d2515114c32b39ea39f25aa5d560e107190e34fbb_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:98c86ba6b3ba5ae4b5c21f1913693174166a1e60a1c6da399e500ed6974ce72e_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:b263b478702fb4de022d5f9906273842ce0613eaefdf6f4ee8f07fc5384f9857_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:c5b00eadf15a9d84727630246efa051e8eb8c73106ada11acf1bc11bcd85f19d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:b655a97c3aeab2feca73b054e03e832172c6886dbb29334f511d868be31de009_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:c947179654ddbef9a0268831920e19fd301187701e5022863736b43d883bf027_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f1b5e410215abb50f6fa0b7575a75fd5d2f4a6ad901566fca037c96a31455f07_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f848e0bedee28d10351781cc25fb7662bfbf692d1ed2f5972032d7ed5d50ede6_s390x", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:243757043ae12bb32ada35638b39f0ad8621dbb2a4f0b0ea2cc00ef22398e3c0_amd64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:341056443b4b4b73d399906ab4c6752557b170a894f2791c8e96ac448dfd1094_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:3f57e8c1c090bf3e276966e15903c372551b9360f4558589a66b5f5b112ba735_arm64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:fdaa10d7f6696f36f51aed47f96575a2ef4bca1a4912af0c75ac4a2f4a0eb7cc_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:38a621bda3e0b14787f3fe412ecf7016d090f71d4645cfb1a196ac7c7bbf96f1_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:8ae7446f334fafdcdd23886096566ee9a9af6b1c74f825cc7d5ca2797cdc1dbf_amd64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:dec2b37341e2ecdfd29288f623dbbfda388d24794d8e101adb18bd4e6ff6d2d1_arm64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:e4cf9b2d875fbedb7e317aa2038865e82ef965e72f4d1ab3983adfaff11b791f_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1697" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:6127403dba805efc36d574037cd42a28d6b9890ee90695f8bf55d9050a2cf484_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:b9b41d7e3bf03fd203164e1ec9bc894e824decee530a73a3ac64ebd023f0df70_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:dfb51f001b4ff4b926e5651e66c71fdc3fd5ffa56744b401c648ba1e6a04b461_arm64", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:f90e8392c932d527fd720a016341484be74a8934cea153322ad76e192b995d9e_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:6a130b07e68b8e30d78d8d6db6f85b718583fc3ceb35827834a46bd07cee1727_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:c8bc4553ee07fe306549c3a915bc7822ac2fccc1895be00d91a2d5113a0f9231_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fb2afdfdfe8744e2840695b6f4f77f257d7c6f554cb02c9ca6c277bc2d2772be_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fbd1daea3cfa54e43089f97b6ce1887e5f4df027bde9d20ab7e32d1e221b757d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:339617f04389e835b127ed280aeda5f43f6817988c9ebe0ecd0f609b149c3b82_s390x", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:9f9b1dc112f45ec605b817450388b116e523733cd5ad66ba09e91a47b624eed9_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:acd4ec75a69fbf1f04c1f825df2bf3f6fcfdad2f594f441dc01985a3bca9ae75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:c9947f0f6981e1b7e7a8919e59cb36e981eab217d710101947a50f029f9d5864_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:2e20b3f1b6178faab7e1363efe0629998a18d93e134703312b729efdceac9069_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:37aa863fe717c6587e0d3079f1613e36d95d45c8958d6e63940419b801f6cc75_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:567428139e895d1a8eea9baaea570ed24dc64dd7d36e65167d029579fbf0cfd4_s390x", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:ffefdc53c0d0b1c6ca36c83d4d0b3a48a5ccafa02aa3c865450d0bc01cfc6983_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-operator-bundle@sha256:648d9e94bd34d93d425132a80b445cc2113f8068c803deb1c241fe73e1b21b56_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:97cd97e2c99c69b94ab9a18d2515114c32b39ea39f25aa5d560e107190e34fbb_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:98c86ba6b3ba5ae4b5c21f1913693174166a1e60a1c6da399e500ed6974ce72e_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:b263b478702fb4de022d5f9906273842ce0613eaefdf6f4ee8f07fc5384f9857_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:c5b00eadf15a9d84727630246efa051e8eb8c73106ada11acf1bc11bcd85f19d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:b655a97c3aeab2feca73b054e03e832172c6886dbb29334f511d868be31de009_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:c947179654ddbef9a0268831920e19fd301187701e5022863736b43d883bf027_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f1b5e410215abb50f6fa0b7575a75fd5d2f4a6ad901566fca037c96a31455f07_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f848e0bedee28d10351781cc25fb7662bfbf692d1ed2f5972032d7ed5d50ede6_s390x", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:243757043ae12bb32ada35638b39f0ad8621dbb2a4f0b0ea2cc00ef22398e3c0_amd64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:341056443b4b4b73d399906ab4c6752557b170a894f2791c8e96ac448dfd1094_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:3f57e8c1c090bf3e276966e15903c372551b9360f4558589a66b5f5b112ba735_arm64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:fdaa10d7f6696f36f51aed47f96575a2ef4bca1a4912af0c75ac4a2f4a0eb7cc_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:38a621bda3e0b14787f3fe412ecf7016d090f71d4645cfb1a196ac7c7bbf96f1_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:8ae7446f334fafdcdd23886096566ee9a9af6b1c74f825cc7d5ca2797cdc1dbf_amd64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:dec2b37341e2ecdfd29288f623dbbfda388d24794d8e101adb18bd4e6ff6d2d1_arm64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:e4cf9b2d875fbedb7e317aa2038865e82ef965e72f4d1ab3983adfaff11b791f_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "argo-cd: uncontrolled memory allocation vulnerability" } ] }
ghsa-g623-jcgg-mhmm
Vulnerability from github
Impact
"Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it allows the user to bypass any merge protections in git.
An improper validation bug allows users who have create
privileges but not override
privileges to sync local manifests on app creation. All other restrictions, including AppProject restrictions are still enforced. The only restriction which is not enforced is that the manifests come from some approved git/Helm/OCI source.
The bug was introduced in 1.2.0-rc1 when the local manifest sync feature was added.
Patches
The bug has been patched in the following versions:
- 2.10.3
- 2.9.8
- 2.8.12
Workarounds
To immediately mitigate the risk of branch protection bypass, remove applications, create
RBAC access. The only way to eliminate the issue without removing RBAC access is to upgrade to a patched version.
Branch protection rules and review requirements are a great way to enforce security constraints in a GitOps environment, but they should be just one layer in a multi-layered approach. Make sure your AppProject and RBAC restrictions are as thorough as possible to prevent a review bypass vulnerability from permitting excessive damage.
References
For more information
- Open an issue in the Argo CD issue tracker or discussions
- Join us on Slack in channel #argo-cd
{ "affected": [ { "package": { "ecosystem": "Go", "name": "github.com/argoproj/argo-cd" }, "ranges": [ { "events": [ { "introduced": "1.2.0-rc1" }, { "last_affected": "1.8.7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Go", "name": "github.com/argoproj/argo-cd/v2" }, "ranges": [ { "events": [ { "introduced": "2.9.0" }, { "fixed": "2.9.8" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Go", "name": "github.com/argoproj/argo-cd/v2" }, "ranges": [ { "events": [ { "introduced": "2.10.0" }, { "fixed": "2.10.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Go", "name": "github.com/argoproj/argo-cd/v2" }, "ranges": [ { "events": [ { "introduced": "2.0.0-rc3" }, { "fixed": "2.8.12" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2023-50726" ], "database_specific": { "cwe_ids": [ "CWE-269" ], "github_reviewed": true, "github_reviewed_at": "2024-03-15T16:33:19Z", "nvd_published_at": "2024-03-13T21:15:54Z", "severity": "MODERATE" }, "details": "### Impact\n\n\"Local sync\" is an Argo CD feature that allows developers to temporarily override an Application\u0027s manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it allows the user to bypass any merge protections in git.\n\nAn improper validation bug allows users who have `create` privileges but not `override` privileges to sync local manifests on app creation. All other restrictions, including AppProject restrictions are still enforced. The only restriction which is _not_ enforced is that the manifests come from some approved git/Helm/OCI source.\n\nThe bug was introduced in 1.2.0-rc1 when the local manifest sync feature was added.\n\n### Patches\n\nThe bug has been patched in the following versions:\n\n* 2.10.3\n* 2.9.8\n* 2.8.12\n\n### Workarounds\n\nTo immediately mitigate the risk of branch protection bypass, remove `applications, create` RBAC access. The only way to eliminate the issue without removing RBAC access is to upgrade to a patched version.\n\nBranch protection rules and review requirements are a great way to enforce security constraints in a GitOps environment, but they should be just one layer in a multi-layered approach. Make sure your AppProject and RBAC restrictions are as thorough as possible to prevent a review bypass vulnerability from permitting excessive damage.\n\n### References\n\n* [Argo CD RBAC documentation](https://argo-cd.readthedocs.io/en/latest/operator-manual/rbac/)\n\n### For more information\n\n* Open an issue in [the Argo CD issue tracker](https://github.com/argoproj/argo-cd/issues) or [discussions](https://github.com/argoproj/argo-cd/discussions)\n* Join us on [Slack](https://argoproj.github.io/community/join-slack) in channel #argo-cd", "id": "GHSA-g623-jcgg-mhmm", "modified": "2024-03-22T20:03:29Z", "published": "2024-03-15T16:33:19Z", "references": [ { "type": "WEB", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-g623-jcgg-mhmm" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50726" }, { "type": "WEB", "url": "https://github.com/argoproj/argo-cd/commit/3b8f673f06c2d228e01cbc830e5cb57cef008978" }, { "type": "WEB", "url": "https://argo-cd.readthedocs.io/en/latest/operator-manual/rbac" }, { "type": "PACKAGE", "url": "https://github.com/argoproj/argo-cd" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", "type": "CVSS_V3" } ], "summary": "Users with `create` but not `override` privileges can perform local sync" }
gsd-2023-50726
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2023-50726", "id": "GSD-2023-50726" }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2023-50726" ], "details": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. \"Local sync\" is an Argo CD feature that allows developers to temporarily override an Application\u0027s manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it allows the user to bypass any merge protections in git. An improper validation bug allows users who have `create` privileges but not `override` privileges to sync local manifests on app creation. All other restrictions, including AppProject restrictions are still enforced. The only restriction which is not enforced is that the manifests come from some approved git/Helm/OCI source. The bug was introduced in 1.2.0-rc1 when the local manifest sync feature was added. The bug has been patched in Argo CD versions 2.10.3, 2.9.8, and 2.8.12. Users are advised to upgrade. Users unable to upgrade may mitigate the risk of branch protection bypass by removing `applications, create` RBAC access. The only way to eliminate the issue without removing RBAC access is to upgrade to a patched version.", "id": "GSD-2023-50726", "modified": "2023-12-13T01:20:31.276869Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2023-50726", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "argo-cd", "version": { "version_data": [ { "version_affected": "=", "version_value": "\u003e= 1.2.0-rc1, \u003c 2.8.12" }, { "version_affected": "=", "version_value": "\u003e= 2.9.0, \u003c 2.9.8" }, { "version_affected": "=", "version_value": "\u003e= 2.10.0, \u003c 2.10.3" } ] } } ] }, "vendor_name": "argoproj" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. \"Local sync\" is an Argo CD feature that allows developers to temporarily override an Application\u0027s manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it allows the user to bypass any merge protections in git. An improper validation bug allows users who have `create` privileges but not `override` privileges to sync local manifests on app creation. All other restrictions, including AppProject restrictions are still enforced. The only restriction which is not enforced is that the manifests come from some approved git/Helm/OCI source. The bug was introduced in 1.2.0-rc1 when the local manifest sync feature was added. The bug has been patched in Argo CD versions 2.10.3, 2.9.8, and 2.8.12. Users are advised to upgrade. Users unable to upgrade may mitigate the risk of branch protection bypass by removing `applications, create` RBAC access. The only way to eliminate the issue without removing RBAC access is to upgrade to a patched version." } ] }, "impact": { "cvss": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", "version": "3.1" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-269", "lang": "eng", "value": "CWE-269: Improper Privilege Management" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-g623-jcgg-mhmm", "refsource": "MISC", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-g623-jcgg-mhmm" }, { "name": "https://github.com/argoproj/argo-cd/commit/3b8f673f06c2d228e01cbc830e5cb57cef008978", "refsource": "MISC", "url": "https://github.com/argoproj/argo-cd/commit/3b8f673f06c2d228e01cbc830e5cb57cef008978" }, { "name": "https://argo-cd.readthedocs.io/en/latest/operator-manual/rbac", "refsource": "MISC", "url": "https://argo-cd.readthedocs.io/en/latest/operator-manual/rbac" } ] }, "source": { "advisory": "GHSA-g623-jcgg-mhmm", "discovery": "UNKNOWN" } }, "nvd.nist.gov": { "cve": { "descriptions": [ { "lang": "en", "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. \"Local sync\" is an Argo CD feature that allows developers to temporarily override an Application\u0027s manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it allows the user to bypass any merge protections in git. An improper validation bug allows users who have `create` privileges but not `override` privileges to sync local manifests on app creation. All other restrictions, including AppProject restrictions are still enforced. The only restriction which is not enforced is that the manifests come from some approved git/Helm/OCI source. The bug was introduced in 1.2.0-rc1 when the local manifest sync feature was added. The bug has been patched in Argo CD versions 2.10.3, 2.9.8, and 2.8.12. Users are advised to upgrade. Users unable to upgrade may mitigate the risk of branch protection bypass by removing `applications, create` RBAC access. The only way to eliminate the issue without removing RBAC access is to upgrade to a patched version." }, { "lang": "es", "value": "Argo CD es una herramienta declarativa de entrega continua de GitOps para Kubernetes. La \"sincronizaci\u00f3n local\" es una caracter\u00edstica de Argo CD que permite a los desarrolladores anular temporalmente los manifiestos de una aplicaci\u00f3n con manifiestos definidos localmente. El uso de la funci\u00f3n generalmente debe limitarse a usuarios de alta confianza, ya que permite al usuario evitar cualquier protecci\u00f3n de combinaci\u00f3n en git. Un error de validaci\u00f3n inadecuado permite a los usuarios que tienen privilegios de \"crear\" pero no privilegios de \"anular\" sincronizar manifiestos locales al crear la aplicaci\u00f3n. Todas las dem\u00e1s restricciones, incluidas las de AppProject, a\u00fan se aplican. La \u00fanica restricci\u00f3n que no se aplica es que los manifiestos provengan de alguna fuente aprobada de git/Helm/OCI. El error se introdujo en 1.2.0-rc1 cuando se agreg\u00f3 la funci\u00f3n de sincronizaci\u00f3n del manifiesto local. El error se ha solucionado en las versiones 2.10.3, 2.9.8 y 2.8.12 de Argo CD. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar pueden mitigar el riesgo de eludir la protecci\u00f3n de sucursal eliminando el acceso RBAC \"aplicaciones, creaci\u00f3n\". La \u00fanica forma de eliminar el problema sin eliminar el acceso a RBAC es actualizar a una versi\u00f3n parcheada." } ], "id": "CVE-2023-50726", "lastModified": "2024-03-14T12:52:21.763", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", "version": "3.1" }, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary" } ] }, "published": "2024-03-13T21:15:54.797", "references": [ { "source": "security-advisories@github.com", "url": "https://argo-cd.readthedocs.io/en/latest/operator-manual/rbac" }, { "source": "security-advisories@github.com", "url": "https://github.com/argoproj/argo-cd/commit/3b8f673f06c2d228e01cbc830e5cb57cef008978" }, { "source": "security-advisories@github.com", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-g623-jcgg-mhmm" } ], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-269" } ], "source": "security-advisories@github.com", "type": "Secondary" } ] } } } }
wid-sec-w-2024-0812
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren oder um Sicherheitsma\u00dfnahmen zu umgehen.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0812 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0812.json" }, { "category": "self", "summary": "WID-SEC-2024-0812 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0812" }, { "category": "external", "summary": "RedHat Security Advisory vom 2024-04-08", "url": "https://access.redhat.com/errata/RHSA-2024:1697" }, { "category": "external", "summary": "RedHat Security Advisory vom 2024-04-08", "url": "https://access.redhat.com/errata/RHSA-2024:1700" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:1753 vom 2024-04-10", "url": "https://access.redhat.com/errata/RHSA-2024:1753" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:1752 vom 2024-04-10", "url": "https://access.redhat.com/errata/RHSA-2024:1752" } ], "source_lang": "en-US", "title": "Red Hat OpenShift: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-04-10T22:00:00.000+00:00", "generator": { "date": "2024-04-17T09:52:59.916+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0812", "initial_release_date": "2024-04-08T22:00:00.000+00:00", "revision_history": [ { "date": "2024-04-08T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-04-10T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } }, { "branches": [ { "category": "product_version_range", "name": "\u003cv1.11.3", "product": { "name": "Red Hat OpenShift \u003cv1.11.3", "product_id": "T033955", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:v1.11.3" } } }, { "category": "product_version_range", "name": "\u003cv1.10.4", "product": { "name": "Red Hat OpenShift \u003cv1.10.4", "product_id": "T033956", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:v1.10.4" } } } ], "category": "product_name", "name": "OpenShift" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-21661", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in der Funktion \"expireOldFailedAttempts\" sowie einem out-of-Memory Error zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-04-08T22:00:00Z", "title": "CVE-2024-21661" }, { "cve": "CVE-2024-29893", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in der Funktion \"expireOldFailedAttempts\" sowie einem out-of-Memory Error zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-04-08T22:00:00Z", "title": "CVE-2024-29893" }, { "cve": "CVE-2023-50726", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in der Komponente ArgoCD und sind auf Fehler in der Eingabevalidierung sowie ein unzureichender Brute-Force-Schutz zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-04-08T22:00:00Z", "title": "CVE-2023-50726" }, { "cve": "CVE-2024-21652", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in der Komponente ArgoCD und sind auf Fehler in der Eingabevalidierung sowie ein unzureichender Brute-Force-Schutz zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-04-08T22:00:00Z", "title": "CVE-2024-21652" }, { "cve": "CVE-2024-21662", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in der Komponente ArgoCD und sind auf Fehler in der Eingabevalidierung sowie ein unzureichender Brute-Force-Schutz zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-04-08T22:00:00Z", "title": "CVE-2024-21662" } ] }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.