Action not permitted
Modal body text goes here.
cve-2024-31990
Vulnerability from cvelistv5
Published
2024-04-15 19:52
Modified
2024-08-02 01:59
Severity ?
EPSS score ?
Summary
Argo CD' API server does not enforce project sourceNamespaces
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kubernetes:argo-cd:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "argo-cd",
"vendor": "kubernetes",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31990",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T18:46:24.506220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:35:59.749Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:59:50.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2gvw-w6fj-7m3c",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2gvw-w6fj-7m3c"
},
{
"name": "https://github.com/argoproj/argo-cd/commit/c514105af739eebedb9dbe89d8a6dd8dfc30bb2c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/argoproj/argo-cd/commit/c514105af739eebedb9dbe89d8a6dd8dfc30bb2c"
},
{
"name": "https://github.com/argoproj/argo-cd/commit/c5a252c4cc260e240e2074794aedb861d07e9ca5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/argoproj/argo-cd/commit/c5a252c4cc260e240e2074794aedb861d07e9ca5"
},
{
"name": "https://github.com/argoproj/argo-cd/commit/e0ff56d89fbd7d066e9c862b30337f6520f13f17",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/argoproj/argo-cd/commit/e0ff56d89fbd7d066e9c862b30337f6520f13f17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "argo-cd",
"vendor": "argoproj",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.10.0, \u003c 2.10.7"
},
{
"status": "affected",
"version": "\u003e= 2.9.0, \u003c 2.9.12"
},
{
"status": "affected",
"version": "\u003e= 2.4.0, \u003c 2.8.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces which allows attackers to use the UI to edit resources which should only be mutable via gitops. This vulenrability is fixed in 2.10.7, 2.9.12, and 2.8.16.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-15T19:52:55.718Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2gvw-w6fj-7m3c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2gvw-w6fj-7m3c"
},
{
"name": "https://github.com/argoproj/argo-cd/commit/c514105af739eebedb9dbe89d8a6dd8dfc30bb2c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/argoproj/argo-cd/commit/c514105af739eebedb9dbe89d8a6dd8dfc30bb2c"
},
{
"name": "https://github.com/argoproj/argo-cd/commit/c5a252c4cc260e240e2074794aedb861d07e9ca5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/argoproj/argo-cd/commit/c5a252c4cc260e240e2074794aedb861d07e9ca5"
},
{
"name": "https://github.com/argoproj/argo-cd/commit/e0ff56d89fbd7d066e9c862b30337f6520f13f17",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/argoproj/argo-cd/commit/e0ff56d89fbd7d066e9c862b30337f6520f13f17"
}
],
"source": {
"advisory": "GHSA-2gvw-w6fj-7m3c",
"discovery": "UNKNOWN"
},
"title": "Argo CD\u0027 API server does not enforce project sourceNamespaces"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-31990",
"datePublished": "2024-04-15T19:52:55.718Z",
"dateReserved": "2024-04-08T13:48:37.491Z",
"dateUpdated": "2024-08-02T01:59:50.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-31990\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-04-15T20:15:11.127\",\"lastModified\":\"2024-04-16T13:24:07.103\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces which allows attackers to use the UI to edit resources which should only be mutable via gitops. This vulenrability is fixed in 2.10.7, 2.9.12, and 2.8.16.\\n\"},{\"lang\":\"es\",\"value\":\"Argo CD es una herramienta declarativa de entrega continua de GitOps para Kubernetes. El servidor API no aplica los espacios de nombres de origen del proyecto, lo que permite a los atacantes usar la interfaz de usuario para editar recursos que solo deber\u00edan poder modificarse a trav\u00e9s de gitops. Esta vulnerabilidad se corrigi\u00f3 en 2.10.7, 2.9.12 y 2.8.16.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.2,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"references\":[{\"url\":\"https://github.com/argoproj/argo-cd/commit/c514105af739eebedb9dbe89d8a6dd8dfc30bb2c\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/argoproj/argo-cd/commit/c5a252c4cc260e240e2074794aedb861d07e9ca5\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/argoproj/argo-cd/commit/e0ff56d89fbd7d066e9c862b30337f6520f13f17\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/argoproj/argo-cd/security/advisories/GHSA-2gvw-w6fj-7m3c\",\"source\":\"security-advisories@github.com\"}]}}"
}
}
wid-sec-w-2024-1091
Vulnerability from csaf_certbund
Published
2024-05-12 22:00
Modified
2024-05-20 22:00
Summary
Red Hat OpenShift: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um Informationen offenzulegen und um die Sicherheitsmaßnahmen zu umgehen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um Informationen offenzulegen und um die Sicherheitsma\u00dfnahmen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1091 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1091.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1091 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1091"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2024-05-12",
"url": "https://access.redhat.com/errata/RHSA-2024:2815"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2024-05-12",
"url": "https://access.redhat.com/errata/RHSA-2024:2816"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2024-05-12",
"url": "https://access.redhat.com/errata/RHSA-2024:2817"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2941 vom 2024-05-21",
"url": "https://access.redhat.com/errata/RHSA-2024:2941"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenShift: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-05-20T22:00:00.000+00:00",
"generator": {
"date": "2024-05-21T12:06:05.923+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2024-1091",
"initial_release_date": "2024-05-12T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-05-12T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-05-20T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Advanced Cluster Security for Kubernetes 4",
"product": {
"name": "Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4",
"product_id": "T027916",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cv1.10.5",
"product": {
"name": "Red Hat OpenShift \u003cv1.10.5",
"product_id": "T034697",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:v1.10.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003cv1.11.4",
"product": {
"name": "Red Hat OpenShift \u003cv1.11.4",
"product_id": "T034698",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:v1.11.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003cv1.12.2",
"product": {
"name": "Red Hat OpenShift \u003cv1.12.2",
"product_id": "T034699",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:v1.12.2"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-29180",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Red Hat OpenShift. Dieser Fehler liegt im webpack-dev-middleware-Paket aufgrund einer inkorrekten \u00dcberpr\u00fcfung der URL-Adresse. Ein entfernter, anonymer Angreifer kann diesen Fehler ausnutzen, um einen PAth Traversal durchzuf\u00fchren und auf vertrauliche Informationen zuzugreifen, indem er speziell pr\u00e4parierte URLs verwendet, die beliebige lokale Dateien zur\u00fcckgeben. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T027916"
]
},
"release_date": "2024-05-12T22:00:00Z",
"title": "CVE-2024-29180"
},
{
"cve": "CVE-2024-31990",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Red Hat OpenShift. Dieser Fehler betrifft das Argo CD-Komponente aufgrund einer inkorrekten Behandlung von Projekt-Quellennamensr\u00e4umen. Ein entfernt authentifizierter Angreifer kann diese Sicherheitsl\u00fccke ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen und Ressourcen zu bearbeiten, die nur \u00fcber GitOps-Prozesse ver\u00e4nderbar sein sollten. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T027916",
"T034698",
"T034697"
]
},
"release_date": "2024-05-12T22:00:00Z",
"title": "CVE-2024-31990"
}
]
}
rhsa-2024_2816
Vulnerability from csaf_redhat
Published
2024-05-10 19:16
Modified
2024-11-06 05:48
Summary
Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.12.2 security update
Notes
Topic
An update is now available for Red Hat OpenShift GitOps v1.12.2 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Errata Advisory for Red Hat OpenShift GitOps v1.12.2.
Security Fix(es):
* argo-cd: webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180).
* argo-cd: API server does not enforce project sourceNamespaces (CVE-2024-31990).
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
1. Fix for a critical bug reported by customers where IgnoreDifferences Option in Sync Options was not working for array fields in ArgoCD. This fix will allow the users to ignore specific fields in the array when specified in ignoreDifferences during Sync.
2. Added support for rollouts in gitops-must-gather which will allow customers to gather data and logs about their rollout installation.
3. A fix that enables customer to add clusters hosted on GCP to ArgoCD.
4. A fix to allow users to configure Notification Context in NotificationsConfigurationCR.
5. Another fix to enable scheduling console-plugin workloads on Infra nodes.
6. A fix to resolve customer bug which will now allow the users to create ArgoCD from Developer Console.
7. An important customer fix that ensures that Argo CD correctly reports support for these host key algorithms during the handshake process, allowing the pull from Azure DevOps Repos to succeed.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift GitOps v1.12.2 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Errata Advisory for Red Hat OpenShift GitOps v1.12.2.\n\nSecurity Fix(es):\n\n* argo-cd: webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180).\n\n* argo-cd: API server does not enforce project sourceNamespaces (CVE-2024-31990).\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n1. Fix for a critical bug reported by customers where IgnoreDifferences Option in Sync Options was not working for array fields in ArgoCD. This fix will allow the users to ignore specific fields in the array when specified in ignoreDifferences during Sync.\n\n2. Added support for rollouts in gitops-must-gather which will allow customers to gather data and logs about their rollout installation.\n\n3. A fix that enables customer to add clusters hosted on GCP to ArgoCD.\n\n4. A fix to allow users to configure Notification Context in NotificationsConfigurationCR.\n\n5. Another fix to enable scheduling console-plugin workloads on Infra nodes.\n\n6. A fix to resolve customer bug which will now allow the users to create ArgoCD from Developer Console.\n\n7. An important customer fix that ensures that Argo CD correctly reports support for these host key algorithms during the handshake process, allowing the pull from Azure DevOps Repos to succeed.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2816",
"url": "https://access.redhat.com/errata/RHSA-2024:2816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.openshift.com/gitops/1.12/release_notes/gitops-release-notes.html",
"url": "https://docs.openshift.com/gitops/1.12/release_notes/gitops-release-notes.html"
},
{
"category": "external",
"summary": "https://docs.openshift.com/gitops/1.12/understanding_openshift_gitops/about-redhat-openshift-gitops.html",
"url": "https://docs.openshift.com/gitops/1.12/understanding_openshift_gitops/about-redhat-openshift-gitops.html"
},
{
"category": "external",
"summary": "2270863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
},
{
"category": "external",
"summary": "2275189",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275189"
},
{
"category": "external",
"summary": "GITOPS-3736",
"url": "https://issues.redhat.com/browse/GITOPS-3736"
},
{
"category": "external",
"summary": "GITOPS-3947",
"url": "https://issues.redhat.com/browse/GITOPS-3947"
},
{
"category": "external",
"summary": "GITOPS-4226",
"url": "https://issues.redhat.com/browse/GITOPS-4226"
},
{
"category": "external",
"summary": "GITOPS-4303",
"url": "https://issues.redhat.com/browse/GITOPS-4303"
},
{
"category": "external",
"summary": "GITOPS-4358",
"url": "https://issues.redhat.com/browse/GITOPS-4358"
},
{
"category": "external",
"summary": "GITOPS-4496",
"url": "https://issues.redhat.com/browse/GITOPS-4496"
},
{
"category": "external",
"summary": "GITOPS-4513",
"url": "https://issues.redhat.com/browse/GITOPS-4513"
},
{
"category": "external",
"summary": "GITOPS-4543",
"url": "https://issues.redhat.com/browse/GITOPS-4543"
},
{
"category": "external",
"summary": "GITOPS-4645",
"url": "https://issues.redhat.com/browse/GITOPS-4645"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2816.json"
}
],
"title": "Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.12.2 security update",
"tracking": {
"current_release_date": "2024-11-06T05:48:25+00:00",
"generator": {
"date": "2024-11-06T05:48:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2024:2816",
"initial_release_date": "2024-05-10T19:16:32+00:00",
"revision_history": [
{
"date": "2024-05-10T19:16:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-10T19:16:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-06T05:48:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.12",
"product": {
"name": "Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_gitops:1.12::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift GitOps"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64",
"product": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64",
"product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64",
"product": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64",
"product_id": "openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.12.2-1"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64",
"product": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64",
"product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64",
"product": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64",
"product_id": "openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64",
"product": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64",
"product_id": "openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-operator-bundle\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.12.2-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le",
"product": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le",
"product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le",
"product": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le",
"product_id": "openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.12.2-1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x",
"product": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x",
"product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x",
"product": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x",
"product_id": "openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.12.2-1"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x"
},
"product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le"
},
"product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64"
},
"product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64"
},
"product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64"
},
"product_reference": "openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64"
},
"product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x"
},
"product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64"
},
"product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le"
},
"product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-29180",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2024-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270863"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer\u0027s machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webpack-dev-middleware: lack of URL validation may lead to file leak",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29180"
},
{
"category": "external",
"summary": "RHBZ#2270863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180"
},
{
"category": "external",
"summary": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6",
"url": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6"
}
],
"release_date": "2024-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-10T19:16:32+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2816"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webpack-dev-middleware: lack of URL validation may lead to file leak"
},
{
"acknowledgments": [
{
"names": [
"Michael Crenshaw"
]
}
],
"cve": "CVE-2024-31990",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2024-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2275189"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Argo CD. The API server does not enforce project sourceNamespaces, which can allow an attacker to use the UI to edit resources which should only be mutable via gitops.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "argo-cd: API server does not enforce project sourceNamespaces",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-31990"
},
{
"category": "external",
"summary": "RHBZ#2275189",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275189"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-31990",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-31990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31990"
}
],
"release_date": "2024-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-10T19:16:32+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2816"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "argo-cd: API server does not enforce project sourceNamespaces"
}
]
}
ghsa-2gvw-w6fj-7m3c
Vulnerability from github
Published
2024-04-15 20:20
Modified
2024-04-15 21:37
Severity ?
Summary
Argo CD's API server does not enforce project sourceNamespaces
Details
Impact
I can convince the UI to let me do things with an invalid Application.
1. Admin gives me p, michael, applications, *, demo/*, allow, where demo can just deploy to the demo namespace
2. Admin gives me AppProject dev which reconciles from ns dev-apps
3. Admin gives me p, michael, applications, sync, dev/*, allow, i.e. no updating via the UI allowed, gitops-only
4. I create an Application called pwn in dev-apps with project dev and sync the app with sources from git
5. I change the Application’s project to demo via kubectl or gitops (whichever mechanism my admins have given me, because it should be safe)
6. I use the UI to edit the resource which should only be mutable via gitops
Patches
A patch for this vulnerability has been released in the following Argo CD versions:
v2.10.7 v2.9.12 v2.8.16
For more information
If you have any questions or comments about this advisory:
Open an issue in the Argo CD issue tracker or discussions Join us on Slack in channel #argo-cd
Credits
This vulnerability was found & reported by @crenshaw-dev (Michael Crenshaw)
The Argo team would like to thank these contributors for their responsible disclosure and constructive communications during the resolve of this issue
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/argoproj/argo-cd/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.8.16"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/argoproj/argo-cd/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/argoproj/argo-cd/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.10.0"
},
{
"fixed": "2.10.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-31990"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-15T20:20:50Z",
"nvd_published_at": "2024-04-15T20:15:11Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nI can convince the UI to let me do things with an invalid Application.\n1. Admin gives me `p, michael, applications, *, demo/*, allow`, where `demo` can just deploy to the `demo` namespace\n2. Admin gives me AppProject `dev` which reconciles from ns `dev-apps`\n3. Admin gives me `p, michael, applications, sync, dev/*, allow`, i.e. no updating via the UI allowed, gitops-only\n4. I create an Application called `pwn` in `dev-apps` with project dev and sync the app with sources from git\n5. I change the Application\u2019s project to demo via kubectl or gitops (whichever mechanism my admins have given me, because it should be safe)\n6. I use the UI to edit the resource which should only be mutable via gitops\n\n### Patches\nA patch for this vulnerability has been released in the following Argo CD versions:\n\nv2.10.7 \nv2.9.12 \nv2.8.16\n\n### For more information\nIf you have any questions or comments about this advisory:\n\nOpen an issue in [the Argo CD issue tracker](https://github.com/argoproj/argo-cd/issues) or [discussions](https://github.com/argoproj/argo-cd/discussions)\nJoin us on [Slack](https://argoproj.github.io/community/join-slack) in channel #argo-cd\n\n### Credits\nThis vulnerability was found \u0026 reported by @crenshaw-dev (Michael Crenshaw)\n\nThe Argo team would like to thank these contributors for their responsible disclosure and constructive communications during the resolve of this issue\n",
"id": "GHSA-2gvw-w6fj-7m3c",
"modified": "2024-04-15T21:37:22Z",
"published": "2024-04-15T20:20:50Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2gvw-w6fj-7m3c"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31990"
},
{
"type": "WEB",
"url": "https://github.com/argoproj/argo-cd/commit/c514105af739eebedb9dbe89d8a6dd8dfc30bb2c"
},
{
"type": "WEB",
"url": "https://github.com/argoproj/argo-cd/commit/c5a252c4cc260e240e2074794aedb861d07e9ca5"
},
{
"type": "WEB",
"url": "https://github.com/argoproj/argo-cd/commit/e0ff56d89fbd7d066e9c862b30337f6520f13f17"
},
{
"type": "PACKAGE",
"url": "https://github.com/argoproj/argo-cd"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Argo CD\u0027s API server does not enforce project sourceNamespaces"
}
gsd-2024-31990
Vulnerability from gsd
Modified
2024-04-11 05:03
Details
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces which allows attackers to use the UI to edit resources which should only be mutable via gitops. This vulenrability is fixed in 2.10.7, 2.9.12, and 2.8.16.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-31990"
],
"details": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces which allows attackers to use the UI to edit resources which should only be mutable via gitops. This vulenrability is fixed in 2.10.7, 2.9.12, and 2.8.16.\n",
"id": "GSD-2024-31990",
"modified": "2024-04-11T05:03:20.633956Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2024-31990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "argo-cd",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "\u003e= 2.10.0, \u003c 2.10.7"
},
{
"version_affected": "=",
"version_value": "\u003e= 2.9.0, \u003c 2.9.12"
},
{
"version_affected": "=",
"version_value": "\u003e= 2.4.0, \u003c 2.8.16"
}
]
}
}
]
},
"vendor_name": "argoproj"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces which allows attackers to use the UI to edit resources which should only be mutable via gitops. This vulenrability is fixed in 2.10.7, 2.9.12, and 2.8.16.\n"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-863",
"lang": "eng",
"value": "CWE-863: Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2gvw-w6fj-7m3c",
"refsource": "MISC",
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2gvw-w6fj-7m3c"
},
{
"name": "https://github.com/argoproj/argo-cd/commit/c514105af739eebedb9dbe89d8a6dd8dfc30bb2c",
"refsource": "MISC",
"url": "https://github.com/argoproj/argo-cd/commit/c514105af739eebedb9dbe89d8a6dd8dfc30bb2c"
},
{
"name": "https://github.com/argoproj/argo-cd/commit/c5a252c4cc260e240e2074794aedb861d07e9ca5",
"refsource": "MISC",
"url": "https://github.com/argoproj/argo-cd/commit/c5a252c4cc260e240e2074794aedb861d07e9ca5"
},
{
"name": "https://github.com/argoproj/argo-cd/commit/e0ff56d89fbd7d066e9c862b30337f6520f13f17",
"refsource": "MISC",
"url": "https://github.com/argoproj/argo-cd/commit/e0ff56d89fbd7d066e9c862b30337f6520f13f17"
}
]
},
"source": {
"advisory": "GHSA-2gvw-w6fj-7m3c",
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces which allows attackers to use the UI to edit resources which should only be mutable via gitops. This vulenrability is fixed in 2.10.7, 2.9.12, and 2.8.16.\n"
},
{
"lang": "es",
"value": "Argo CD es una herramienta declarativa de entrega continua de GitOps para Kubernetes. El servidor API no aplica los espacios de nombres de origen del proyecto, lo que permite a los atacantes usar la interfaz de usuario para editar recursos que solo deber\u00edan poder modificarse a trav\u00e9s de gitops. Esta vulnerabilidad se corrigi\u00f3 en 2.10.7, 2.9.12 y 2.8.16."
}
],
"id": "CVE-2024-31990",
"lastModified": "2024-04-16T13:24:07.103",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2024-04-15T20:15:11.127",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/argoproj/argo-cd/commit/c514105af739eebedb9dbe89d8a6dd8dfc30bb2c"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/argoproj/argo-cd/commit/c5a252c4cc260e240e2074794aedb861d07e9ca5"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/argoproj/argo-cd/commit/e0ff56d89fbd7d066e9c862b30337f6520f13f17"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2gvw-w6fj-7m3c"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
}
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.