rhsa-2023_0466
Vulnerability from csaf_redhat
Published
2023-01-25 20:28
Modified
2024-09-16 10:08
Summary
Red Hat Security Advisory: Red Hat OpenShift GitOps security update
Notes
Topic
An update is now available for Red Hat OpenShift GitOps 1.6.4
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.
Security Fix(es):
* ArgoCD: JWT audience claim is not verified (CVE-2023-22482)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift GitOps 1.6.4\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.\n\nSecurity Fix(es):\n\n* ArgoCD: JWT audience claim is not verified (CVE-2023-22482)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0466",
"url": "https://access.redhat.com/errata/RHSA-2023:0466"
},
{
"category": "external",
"summary": "https://docs.openshift.com/container-platform/latest/cicd/gitops/understanding-openshift-gitops.html",
"url": "https://docs.openshift.com/container-platform/latest/cicd/gitops/understanding-openshift-gitops.html"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2160492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160492"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_0466.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift GitOps security update",
"tracking": {
"current_release_date": "2024-09-16T10:08:38+00:00",
"generator": {
"date": "2024-09-16T10:08:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2023:0466",
"initial_release_date": "2023-01-25T20:28:24+00:00",
"revision_history": [
{
"date": "2023-01-25T20:28:24+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-01-25T20:28:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T10:08:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.6",
"product": {
"name": "Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_gitops:1.6::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift GitOps"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:c93f9f51ae0dbd0d09332acb52efd6d0663b28760c3f4002a895f183b0b108cd_ppc64le",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:c93f9f51ae0dbd0d09332acb52efd6d0663b28760c3f4002a895f183b0b108cd_ppc64le",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:c93f9f51ae0dbd0d09332acb52efd6d0663b28760c3f4002a895f183b0b108cd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:c93f9f51ae0dbd0d09332acb52efd6d0663b28760c3f4002a895f183b0b108cd?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.6.4-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:670fc4b628570d01de9c129d3ad8baa57f00501074b0c3ce6781a8665d2e8f97_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:670fc4b628570d01de9c129d3ad8baa57f00501074b0c3ce6781a8665d2e8f97_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:670fc4b628570d01de9c129d3ad8baa57f00501074b0c3ce6781a8665d2e8f97_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:670fc4b628570d01de9c129d3ad8baa57f00501074b0c3ce6781a8665d2e8f97?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.6.4-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:16ab1b532a1b16e3de8cb5d4951444b1ab4c02b357c3f1e29ee81ba283e5e929_ppc64le",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:16ab1b532a1b16e3de8cb5d4951444b1ab4c02b357c3f1e29ee81ba283e5e929_ppc64le",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:16ab1b532a1b16e3de8cb5d4951444b1ab4c02b357c3f1e29ee81ba283e5e929_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:16ab1b532a1b16e3de8cb5d4951444b1ab4c02b357c3f1e29ee81ba283e5e929?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.6.4-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:71314cc8315eccd746b0527442c7307b9758e90ac3ab2c1026df33b35a46d308_ppc64le",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:71314cc8315eccd746b0527442c7307b9758e90ac3ab2c1026df33b35a46d308_ppc64le",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:71314cc8315eccd746b0527442c7307b9758e90ac3ab2c1026df33b35a46d308_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:71314cc8315eccd746b0527442c7307b9758e90ac3ab2c1026df33b35a46d308?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.6.4-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:2ff93a530f9d58f0eec72d5dc229f70f830a2b52ee6ec0df25169cd2f94a4ae3_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:2ff93a530f9d58f0eec72d5dc229f70f830a2b52ee6ec0df25169cd2f94a4ae3_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:2ff93a530f9d58f0eec72d5dc229f70f830a2b52ee6ec0df25169cd2f94a4ae3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:2ff93a530f9d58f0eec72d5dc229f70f830a2b52ee6ec0df25169cd2f94a4ae3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.6.4-3"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:a0b0614edfeb29f866cf0939f907a0dc65319b35222d5b020bcdce6ce0d507ee_s390x",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:a0b0614edfeb29f866cf0939f907a0dc65319b35222d5b020bcdce6ce0d507ee_s390x",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:a0b0614edfeb29f866cf0939f907a0dc65319b35222d5b020bcdce6ce0d507ee_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:a0b0614edfeb29f866cf0939f907a0dc65319b35222d5b020bcdce6ce0d507ee?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.6.4-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:7b7ddc4e33b4279dfbed5c7efd17f2c3381cdaaf3fe550fe39ec980dca21a7c9_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:7b7ddc4e33b4279dfbed5c7efd17f2c3381cdaaf3fe550fe39ec980dca21a7c9_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:7b7ddc4e33b4279dfbed5c7efd17f2c3381cdaaf3fe550fe39ec980dca21a7c9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:7b7ddc4e33b4279dfbed5c7efd17f2c3381cdaaf3fe550fe39ec980dca21a7c9?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.6.4-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:b55d225acaa15e51df7b25453b4a28a6a38c3ab04226cbb848410c562133fb75_s390x",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:b55d225acaa15e51df7b25453b4a28a6a38c3ab04226cbb848410c562133fb75_s390x",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:b55d225acaa15e51df7b25453b4a28a6a38c3ab04226cbb848410c562133fb75_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:b55d225acaa15e51df7b25453b4a28a6a38c3ab04226cbb848410c562133fb75?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.6.4-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:6ee402228287e1bc1ba025ef897e064d228137bd92c4c8db25c15d829b95168e_s390x",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:6ee402228287e1bc1ba025ef897e064d228137bd92c4c8db25c15d829b95168e_s390x",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:6ee402228287e1bc1ba025ef897e064d228137bd92c4c8db25c15d829b95168e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:6ee402228287e1bc1ba025ef897e064d228137bd92c4c8db25c15d829b95168e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.6.4-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:6250feeab35e11cd0a2cc1446156d9c021d9dbd7f107212811e9648a84d97263_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:6250feeab35e11cd0a2cc1446156d9c021d9dbd7f107212811e9648a84d97263_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:6250feeab35e11cd0a2cc1446156d9c021d9dbd7f107212811e9648a84d97263_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:6250feeab35e11cd0a2cc1446156d9c021d9dbd7f107212811e9648a84d97263?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.6.4-3"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:2552a77174faf3983df086ce96257f4a650ba56cdb9565317c06bfe152389fdf_amd64",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:2552a77174faf3983df086ce96257f4a650ba56cdb9565317c06bfe152389fdf_amd64",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:2552a77174faf3983df086ce96257f4a650ba56cdb9565317c06bfe152389fdf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:2552a77174faf3983df086ce96257f4a650ba56cdb9565317c06bfe152389fdf?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.6.4-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:d78332d3ad329d088270d518819bcb1c94bb770b0ab0b03625a637ab70ab2ec5_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:d78332d3ad329d088270d518819bcb1c94bb770b0ab0b03625a637ab70ab2ec5_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:d78332d3ad329d088270d518819bcb1c94bb770b0ab0b03625a637ab70ab2ec5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:d78332d3ad329d088270d518819bcb1c94bb770b0ab0b03625a637ab70ab2ec5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.6.4-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:9cfd7fe91d7dcbd1665716b68f4aeb69a65c7010a25131a4dbc95638ed8d16d8_amd64",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:9cfd7fe91d7dcbd1665716b68f4aeb69a65c7010a25131a4dbc95638ed8d16d8_amd64",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:9cfd7fe91d7dcbd1665716b68f4aeb69a65c7010a25131a4dbc95638ed8d16d8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:9cfd7fe91d7dcbd1665716b68f4aeb69a65c7010a25131a4dbc95638ed8d16d8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.6.4-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:b721c2ffbea8066a6f3024486c80b443d2d3db5118b97942560a74b6e1db1915_amd64",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:b721c2ffbea8066a6f3024486c80b443d2d3db5118b97942560a74b6e1db1915_amd64",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:b721c2ffbea8066a6f3024486c80b443d2d3db5118b97942560a74b6e1db1915_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:b721c2ffbea8066a6f3024486c80b443d2d3db5118b97942560a74b6e1db1915?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.6.4-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:72d865d9e7e63f185cda94cb0287312688fc25d33fe9717021e864dd0c73532f_amd64",
"product": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:72d865d9e7e63f185cda94cb0287312688fc25d33fe9717021e864dd0c73532f_amd64",
"product_id": "openshift-gitops-1/gitops-operator-bundle@sha256:72d865d9e7e63f185cda94cb0287312688fc25d33fe9717021e864dd0c73532f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-operator-bundle@sha256:72d865d9e7e63f185cda94cb0287312688fc25d33fe9717021e864dd0c73532f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-operator-bundle\u0026tag=v1.6.4-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:25f0f6d5a1d9f7ecc6cc0e15f4e5b8139ffd27e316e0d0c94e4ac106be12df24_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:25f0f6d5a1d9f7ecc6cc0e15f4e5b8139ffd27e316e0d0c94e4ac106be12df24_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:25f0f6d5a1d9f7ecc6cc0e15f4e5b8139ffd27e316e0d0c94e4ac106be12df24_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:25f0f6d5a1d9f7ecc6cc0e15f4e5b8139ffd27e316e0d0c94e4ac106be12df24?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.6.4-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:2552a77174faf3983df086ce96257f4a650ba56cdb9565317c06bfe152389fdf_amd64 as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:2552a77174faf3983df086ce96257f4a650ba56cdb9565317c06bfe152389fdf_amd64"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:2552a77174faf3983df086ce96257f4a650ba56cdb9565317c06bfe152389fdf_amd64",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:a0b0614edfeb29f866cf0939f907a0dc65319b35222d5b020bcdce6ce0d507ee_s390x as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:a0b0614edfeb29f866cf0939f907a0dc65319b35222d5b020bcdce6ce0d507ee_s390x"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:a0b0614edfeb29f866cf0939f907a0dc65319b35222d5b020bcdce6ce0d507ee_s390x",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:c93f9f51ae0dbd0d09332acb52efd6d0663b28760c3f4002a895f183b0b108cd_ppc64le as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:c93f9f51ae0dbd0d09332acb52efd6d0663b28760c3f4002a895f183b0b108cd_ppc64le"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:c93f9f51ae0dbd0d09332acb52efd6d0663b28760c3f4002a895f183b0b108cd_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:16ab1b532a1b16e3de8cb5d4951444b1ab4c02b357c3f1e29ee81ba283e5e929_ppc64le as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:16ab1b532a1b16e3de8cb5d4951444b1ab4c02b357c3f1e29ee81ba283e5e929_ppc64le"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:16ab1b532a1b16e3de8cb5d4951444b1ab4c02b357c3f1e29ee81ba283e5e929_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:9cfd7fe91d7dcbd1665716b68f4aeb69a65c7010a25131a4dbc95638ed8d16d8_amd64 as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:9cfd7fe91d7dcbd1665716b68f4aeb69a65c7010a25131a4dbc95638ed8d16d8_amd64"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:9cfd7fe91d7dcbd1665716b68f4aeb69a65c7010a25131a4dbc95638ed8d16d8_amd64",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:b55d225acaa15e51df7b25453b4a28a6a38c3ab04226cbb848410c562133fb75_s390x as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:b55d225acaa15e51df7b25453b4a28a6a38c3ab04226cbb848410c562133fb75_s390x"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:b55d225acaa15e51df7b25453b4a28a6a38c3ab04226cbb848410c562133fb75_s390x",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:72d865d9e7e63f185cda94cb0287312688fc25d33fe9717021e864dd0c73532f_amd64 as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/gitops-operator-bundle@sha256:72d865d9e7e63f185cda94cb0287312688fc25d33fe9717021e864dd0c73532f_amd64"
},
"product_reference": "openshift-gitops-1/gitops-operator-bundle@sha256:72d865d9e7e63f185cda94cb0287312688fc25d33fe9717021e864dd0c73532f_amd64",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:25f0f6d5a1d9f7ecc6cc0e15f4e5b8139ffd27e316e0d0c94e4ac106be12df24_amd64 as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:25f0f6d5a1d9f7ecc6cc0e15f4e5b8139ffd27e316e0d0c94e4ac106be12df24_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:25f0f6d5a1d9f7ecc6cc0e15f4e5b8139ffd27e316e0d0c94e4ac106be12df24_amd64",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:2ff93a530f9d58f0eec72d5dc229f70f830a2b52ee6ec0df25169cd2f94a4ae3_ppc64le as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:2ff93a530f9d58f0eec72d5dc229f70f830a2b52ee6ec0df25169cd2f94a4ae3_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:2ff93a530f9d58f0eec72d5dc229f70f830a2b52ee6ec0df25169cd2f94a4ae3_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:6250feeab35e11cd0a2cc1446156d9c021d9dbd7f107212811e9648a84d97263_s390x as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:6250feeab35e11cd0a2cc1446156d9c021d9dbd7f107212811e9648a84d97263_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:6250feeab35e11cd0a2cc1446156d9c021d9dbd7f107212811e9648a84d97263_s390x",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:670fc4b628570d01de9c129d3ad8baa57f00501074b0c3ce6781a8665d2e8f97_ppc64le as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:670fc4b628570d01de9c129d3ad8baa57f00501074b0c3ce6781a8665d2e8f97_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:670fc4b628570d01de9c129d3ad8baa57f00501074b0c3ce6781a8665d2e8f97_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:7b7ddc4e33b4279dfbed5c7efd17f2c3381cdaaf3fe550fe39ec980dca21a7c9_s390x as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:7b7ddc4e33b4279dfbed5c7efd17f2c3381cdaaf3fe550fe39ec980dca21a7c9_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:7b7ddc4e33b4279dfbed5c7efd17f2c3381cdaaf3fe550fe39ec980dca21a7c9_s390x",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:d78332d3ad329d088270d518819bcb1c94bb770b0ab0b03625a637ab70ab2ec5_amd64 as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:d78332d3ad329d088270d518819bcb1c94bb770b0ab0b03625a637ab70ab2ec5_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:d78332d3ad329d088270d518819bcb1c94bb770b0ab0b03625a637ab70ab2ec5_amd64",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:6ee402228287e1bc1ba025ef897e064d228137bd92c4c8db25c15d829b95168e_s390x as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:6ee402228287e1bc1ba025ef897e064d228137bd92c4c8db25c15d829b95168e_s390x"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:6ee402228287e1bc1ba025ef897e064d228137bd92c4c8db25c15d829b95168e_s390x",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:71314cc8315eccd746b0527442c7307b9758e90ac3ab2c1026df33b35a46d308_ppc64le as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:71314cc8315eccd746b0527442c7307b9758e90ac3ab2c1026df33b35a46d308_ppc64le"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:71314cc8315eccd746b0527442c7307b9758e90ac3ab2c1026df33b35a46d308_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:b721c2ffbea8066a6f3024486c80b443d2d3db5118b97942560a74b6e1db1915_amd64 as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:b721c2ffbea8066a6f3024486c80b443d2d3db5118b97942560a74b6e1db1915_amd64"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:b721c2ffbea8066a6f3024486c80b443d2d3db5118b97942560a74b6e1db1915_amd64",
"relates_to_product_reference": "8Base-GitOps-1.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-22482",
"discovery_date": "2023-01-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:16ab1b532a1b16e3de8cb5d4951444b1ab4c02b357c3f1e29ee81ba283e5e929_ppc64le",
"8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:9cfd7fe91d7dcbd1665716b68f4aeb69a65c7010a25131a4dbc95638ed8d16d8_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:b55d225acaa15e51df7b25453b4a28a6a38c3ab04226cbb848410c562133fb75_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-operator-bundle@sha256:72d865d9e7e63f185cda94cb0287312688fc25d33fe9717021e864dd0c73532f_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:25f0f6d5a1d9f7ecc6cc0e15f4e5b8139ffd27e316e0d0c94e4ac106be12df24_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:2ff93a530f9d58f0eec72d5dc229f70f830a2b52ee6ec0df25169cd2f94a4ae3_ppc64le",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:6250feeab35e11cd0a2cc1446156d9c021d9dbd7f107212811e9648a84d97263_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:670fc4b628570d01de9c129d3ad8baa57f00501074b0c3ce6781a8665d2e8f97_ppc64le",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:7b7ddc4e33b4279dfbed5c7efd17f2c3381cdaaf3fe550fe39ec980dca21a7c9_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:d78332d3ad329d088270d518819bcb1c94bb770b0ab0b03625a637ab70ab2ec5_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:6ee402228287e1bc1ba025ef897e064d228137bd92c4c8db25c15d829b95168e_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:71314cc8315eccd746b0527442c7307b9758e90ac3ab2c1026df33b35a46d308_ppc64le",
"8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:b721c2ffbea8066a6f3024486c80b443d2d3db5118b97942560a74b6e1db1915_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2160492"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ArgoCD. GitOps is vulnerable to an improper authorization bug where the API may accept invalid tokens. ID providers include an audience claim in signed tokens, which may be used to restrict which services can accept the token. ArgoCD doesn\u0027t properly validate the audience claim in such scenarios; if the ID provider used with ArgoCD is also being used with other audiences, it will accept tokens that may not be intended to access the ArgoCD cluster.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ArgoCD: JWT audience claim is not verified",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:2552a77174faf3983df086ce96257f4a650ba56cdb9565317c06bfe152389fdf_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:a0b0614edfeb29f866cf0939f907a0dc65319b35222d5b020bcdce6ce0d507ee_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:c93f9f51ae0dbd0d09332acb52efd6d0663b28760c3f4002a895f183b0b108cd_ppc64le"
],
"known_not_affected": [
"8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:16ab1b532a1b16e3de8cb5d4951444b1ab4c02b357c3f1e29ee81ba283e5e929_ppc64le",
"8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:9cfd7fe91d7dcbd1665716b68f4aeb69a65c7010a25131a4dbc95638ed8d16d8_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:b55d225acaa15e51df7b25453b4a28a6a38c3ab04226cbb848410c562133fb75_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-operator-bundle@sha256:72d865d9e7e63f185cda94cb0287312688fc25d33fe9717021e864dd0c73532f_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:25f0f6d5a1d9f7ecc6cc0e15f4e5b8139ffd27e316e0d0c94e4ac106be12df24_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:2ff93a530f9d58f0eec72d5dc229f70f830a2b52ee6ec0df25169cd2f94a4ae3_ppc64le",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:6250feeab35e11cd0a2cc1446156d9c021d9dbd7f107212811e9648a84d97263_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:670fc4b628570d01de9c129d3ad8baa57f00501074b0c3ce6781a8665d2e8f97_ppc64le",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:7b7ddc4e33b4279dfbed5c7efd17f2c3381cdaaf3fe550fe39ec980dca21a7c9_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:d78332d3ad329d088270d518819bcb1c94bb770b0ab0b03625a637ab70ab2ec5_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:6ee402228287e1bc1ba025ef897e064d228137bd92c4c8db25c15d829b95168e_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:71314cc8315eccd746b0527442c7307b9758e90ac3ab2c1026df33b35a46d308_ppc64le",
"8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:b721c2ffbea8066a6f3024486c80b443d2d3db5118b97942560a74b6e1db1915_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-22482"
},
{
"category": "external",
"summary": "RHBZ#2160492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160492"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-22482",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22482"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-22482",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22482"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-q9hr-j4rf-8fjc",
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-q9hr-j4rf-8fjc"
}
],
"release_date": "2023-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:2552a77174faf3983df086ce96257f4a650ba56cdb9565317c06bfe152389fdf_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:a0b0614edfeb29f866cf0939f907a0dc65319b35222d5b020bcdce6ce0d507ee_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:c93f9f51ae0dbd0d09332acb52efd6d0663b28760c3f4002a895f183b0b108cd_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0466"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:2552a77174faf3983df086ce96257f4a650ba56cdb9565317c06bfe152389fdf_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:a0b0614edfeb29f866cf0939f907a0dc65319b35222d5b020bcdce6ce0d507ee_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:c93f9f51ae0dbd0d09332acb52efd6d0663b28760c3f4002a895f183b0b108cd_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ArgoCD: JWT audience claim is not verified"
}
]
}
Loading...