csaf_redhat - rhsa-2023

rhsa-2023_0467

Vulnerability from csaf_redhat

Published

2023-01-25 20:31

Modified

2024-09-16 10:08

Summary

Red Hat Security Advisory: Red Hat OpenShift GitOps security update

Notes

Topic

An update is now available for Red Hat OpenShift GitOps 1.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Security Fix(es): * ArgoCD: JWT audience claim is not verified (CVE-2023-22482) * ArgoCD: authorization bypass (CVE-2023-22736) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat OpenShift GitOps 1.7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.\n\nSecurity Fix(es):\n\n* ArgoCD: JWT audience claim is not verified (CVE-2023-22482)\n\n* ArgoCD: authorization bypass (CVE-2023-22736)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:0467",
        "url": "https://access.redhat.com/errata/RHSA-2023:0467"
      },
      {
        "category": "external",
        "summary": "https://docs.openshift.com/container-platform/latest/cicd/gitops/understanding-openshift-gitops.html",
        "url": "https://docs.openshift.com/container-platform/latest/cicd/gitops/understanding-openshift-gitops.html"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2160492",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160492"
      },
      {
        "category": "external",
        "summary": "2162517",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162517"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_0467.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat OpenShift GitOps security update",
    "tracking": {
      "current_release_date": "2024-09-16T10:08:19+00:00",
      "generator": {
        "date": "2024-09-16T10:08:19+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHSA-2023:0467",
      "initial_release_date": "2023-01-25T20:31:53+00:00",
      "revision_history": [
        {
          "date": "2023-01-25T20:31:53+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-01-25T20:31:53+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-16T10:08:19+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift GitOps 1.7",
                "product": {
                  "name": "Red Hat OpenShift GitOps 1.7",
                  "product_id": "8Base-GitOps-1.7",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift_gitops:1.7::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift GitOps"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-gitops-1/argocd-rhel8@sha256:697fe3260ad43dd554f6092346c3f0106af0215211771e9b2172de8d24fd53d0_amd64",
                "product": {
                  "name": "openshift-gitops-1/argocd-rhel8@sha256:697fe3260ad43dd554f6092346c3f0106af0215211771e9b2172de8d24fd53d0_amd64",
                  "product_id": "openshift-gitops-1/argocd-rhel8@sha256:697fe3260ad43dd554f6092346c3f0106af0215211771e9b2172de8d24fd53d0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/argocd-rhel8@sha256:697fe3260ad43dd554f6092346c3f0106af0215211771e9b2172de8d24fd53d0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.7.1-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/console-plugin-rhel8@sha256:1aee3b28612788811761b00bcffb97f899643b1ed2d624c4f5c023f2920b9164_amd64",
                "product": {
                  "name": "openshift-gitops-1/console-plugin-rhel8@sha256:1aee3b28612788811761b00bcffb97f899643b1ed2d624c4f5c023f2920b9164_amd64",
                  "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:1aee3b28612788811761b00bcffb97f899643b1ed2d624c4f5c023f2920b9164_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/console-plugin-rhel8@sha256:1aee3b28612788811761b00bcffb97f899643b1ed2d624c4f5c023f2920b9164?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.7.1-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/gitops-rhel8@sha256:acacaa3a5164793fd5b8be4dad07b256372ccab79c5a9ca8742f95a6529f6fec_amd64",
                "product": {
                  "name": "openshift-gitops-1/gitops-rhel8@sha256:acacaa3a5164793fd5b8be4dad07b256372ccab79c5a9ca8742f95a6529f6fec_amd64",
                  "product_id": "openshift-gitops-1/gitops-rhel8@sha256:acacaa3a5164793fd5b8be4dad07b256372ccab79c5a9ca8742f95a6529f6fec_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/gitops-rhel8@sha256:acacaa3a5164793fd5b8be4dad07b256372ccab79c5a9ca8742f95a6529f6fec?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.7.1-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/dex-rhel8@sha256:a765f97e626340b468f37693caf160b9960520d54694dd66251e3d6221769abd_amd64",
                "product": {
                  "name": "openshift-gitops-1/dex-rhel8@sha256:a765f97e626340b468f37693caf160b9960520d54694dd66251e3d6221769abd_amd64",
                  "product_id": "openshift-gitops-1/dex-rhel8@sha256:a765f97e626340b468f37693caf160b9960520d54694dd66251e3d6221769abd_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/dex-rhel8@sha256:a765f97e626340b468f37693caf160b9960520d54694dd66251e3d6221769abd?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.7.1-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:cb0c68dc9fd79ce19f32b3f58a98af084158b4254d7e2884f5036d66328baefe_amd64",
                "product": {
                  "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:cb0c68dc9fd79ce19f32b3f58a98af084158b4254d7e2884f5036d66328baefe_amd64",
                  "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:cb0c68dc9fd79ce19f32b3f58a98af084158b4254d7e2884f5036d66328baefe_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kam-delivery-rhel8@sha256:cb0c68dc9fd79ce19f32b3f58a98af084158b4254d7e2884f5036d66328baefe?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.7.1-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/gitops-operator-bundle@sha256:633538bbab3eb3e19e03ef72334547c8ac8456a5468822aab8afe4d5b05217ac_amd64",
                "product": {
                  "name": "openshift-gitops-1/gitops-operator-bundle@sha256:633538bbab3eb3e19e03ef72334547c8ac8456a5468822aab8afe4d5b05217ac_amd64",
                  "product_id": "openshift-gitops-1/gitops-operator-bundle@sha256:633538bbab3eb3e19e03ef72334547c8ac8456a5468822aab8afe4d5b05217ac_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/gitops-operator-bundle@sha256:633538bbab3eb3e19e03ef72334547c8ac8456a5468822aab8afe4d5b05217ac?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-operator-bundle\u0026tag=v1.7.1-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:e9baa10af98c0829ff5e1e34df62b19f7b75775fb80327610911a6ad74cdd041_amd64",
                "product": {
                  "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:e9baa10af98c0829ff5e1e34df62b19f7b75775fb80327610911a6ad74cdd041_amd64",
                  "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:e9baa10af98c0829ff5e1e34df62b19f7b75775fb80327610911a6ad74cdd041_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/gitops-rhel8-operator@sha256:e9baa10af98c0829ff5e1e34df62b19f7b75775fb80327610911a6ad74cdd041?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.7.1-2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-gitops-1/argocd-rhel8@sha256:5b2ffb708f897def6a30ce79bdd2a0752f9dc94604aa1cc00c3c09888d01dd9b_ppc64le",
                "product": {
                  "name": "openshift-gitops-1/argocd-rhel8@sha256:5b2ffb708f897def6a30ce79bdd2a0752f9dc94604aa1cc00c3c09888d01dd9b_ppc64le",
                  "product_id": "openshift-gitops-1/argocd-rhel8@sha256:5b2ffb708f897def6a30ce79bdd2a0752f9dc94604aa1cc00c3c09888d01dd9b_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/argocd-rhel8@sha256:5b2ffb708f897def6a30ce79bdd2a0752f9dc94604aa1cc00c3c09888d01dd9b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.7.1-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/console-plugin-rhel8@sha256:f31c15b113daafc9f52c3f3027ded69c45e69868c0ec7f4d51e498de38551e31_ppc64le",
                "product": {
                  "name": "openshift-gitops-1/console-plugin-rhel8@sha256:f31c15b113daafc9f52c3f3027ded69c45e69868c0ec7f4d51e498de38551e31_ppc64le",
                  "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:f31c15b113daafc9f52c3f3027ded69c45e69868c0ec7f4d51e498de38551e31_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/console-plugin-rhel8@sha256:f31c15b113daafc9f52c3f3027ded69c45e69868c0ec7f4d51e498de38551e31?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.7.1-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/gitops-rhel8@sha256:5cca52e075a7eb625170bec1c6c4b3cc9ca2e831548b12c38797cb2430b8286b_ppc64le",
                "product": {
                  "name": "openshift-gitops-1/gitops-rhel8@sha256:5cca52e075a7eb625170bec1c6c4b3cc9ca2e831548b12c38797cb2430b8286b_ppc64le",
                  "product_id": "openshift-gitops-1/gitops-rhel8@sha256:5cca52e075a7eb625170bec1c6c4b3cc9ca2e831548b12c38797cb2430b8286b_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/gitops-rhel8@sha256:5cca52e075a7eb625170bec1c6c4b3cc9ca2e831548b12c38797cb2430b8286b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.7.1-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/dex-rhel8@sha256:441063b467825b620cec873df9edfc5895580c7cd35852d121d15ac8901dc35a_ppc64le",
                "product": {
                  "name": "openshift-gitops-1/dex-rhel8@sha256:441063b467825b620cec873df9edfc5895580c7cd35852d121d15ac8901dc35a_ppc64le",
                  "product_id": "openshift-gitops-1/dex-rhel8@sha256:441063b467825b620cec873df9edfc5895580c7cd35852d121d15ac8901dc35a_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/dex-rhel8@sha256:441063b467825b620cec873df9edfc5895580c7cd35852d121d15ac8901dc35a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.7.1-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:df3b6cb8ae5c120c915415dcd087fc73135ba1da0963c071a581f62d73dc9e6c_ppc64le",
                "product": {
                  "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:df3b6cb8ae5c120c915415dcd087fc73135ba1da0963c071a581f62d73dc9e6c_ppc64le",
                  "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:df3b6cb8ae5c120c915415dcd087fc73135ba1da0963c071a581f62d73dc9e6c_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kam-delivery-rhel8@sha256:df3b6cb8ae5c120c915415dcd087fc73135ba1da0963c071a581f62d73dc9e6c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.7.1-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:e042760919b6ccdc275f84bebd782155125ee059ebbbc81a61427ce2a41ea883_ppc64le",
                "product": {
                  "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:e042760919b6ccdc275f84bebd782155125ee059ebbbc81a61427ce2a41ea883_ppc64le",
                  "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:e042760919b6ccdc275f84bebd782155125ee059ebbbc81a61427ce2a41ea883_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/gitops-rhel8-operator@sha256:e042760919b6ccdc275f84bebd782155125ee059ebbbc81a61427ce2a41ea883?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.7.1-2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-gitops-1/argocd-rhel8@sha256:cdda42e902ec80fa1011d50f0a92bfb1c4664eb2b7fc3c0973d0784f759b06b2_s390x",
                "product": {
                  "name": "openshift-gitops-1/argocd-rhel8@sha256:cdda42e902ec80fa1011d50f0a92bfb1c4664eb2b7fc3c0973d0784f759b06b2_s390x",
                  "product_id": "openshift-gitops-1/argocd-rhel8@sha256:cdda42e902ec80fa1011d50f0a92bfb1c4664eb2b7fc3c0973d0784f759b06b2_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/argocd-rhel8@sha256:cdda42e902ec80fa1011d50f0a92bfb1c4664eb2b7fc3c0973d0784f759b06b2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.7.1-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/console-plugin-rhel8@sha256:dd0451c26897a5e03632b073f0e5b2e10d9665f160e071cff66d065c87bc1662_s390x",
                "product": {
                  "name": "openshift-gitops-1/console-plugin-rhel8@sha256:dd0451c26897a5e03632b073f0e5b2e10d9665f160e071cff66d065c87bc1662_s390x",
                  "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:dd0451c26897a5e03632b073f0e5b2e10d9665f160e071cff66d065c87bc1662_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/console-plugin-rhel8@sha256:dd0451c26897a5e03632b073f0e5b2e10d9665f160e071cff66d065c87bc1662?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.7.1-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/gitops-rhel8@sha256:139f2fe77640e8adfed2f94089863c6326f15eb7d346f66345dbee8aa296670c_s390x",
                "product": {
                  "name": "openshift-gitops-1/gitops-rhel8@sha256:139f2fe77640e8adfed2f94089863c6326f15eb7d346f66345dbee8aa296670c_s390x",
                  "product_id": "openshift-gitops-1/gitops-rhel8@sha256:139f2fe77640e8adfed2f94089863c6326f15eb7d346f66345dbee8aa296670c_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/gitops-rhel8@sha256:139f2fe77640e8adfed2f94089863c6326f15eb7d346f66345dbee8aa296670c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.7.1-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/dex-rhel8@sha256:d24444f16c81aeeed12c4bce743c66bd4e754beb3d22a7e95e0e541b6b308688_s390x",
                "product": {
                  "name": "openshift-gitops-1/dex-rhel8@sha256:d24444f16c81aeeed12c4bce743c66bd4e754beb3d22a7e95e0e541b6b308688_s390x",
                  "product_id": "openshift-gitops-1/dex-rhel8@sha256:d24444f16c81aeeed12c4bce743c66bd4e754beb3d22a7e95e0e541b6b308688_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/dex-rhel8@sha256:d24444f16c81aeeed12c4bce743c66bd4e754beb3d22a7e95e0e541b6b308688?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.7.1-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:28674aa8339f438392b8a22764454d8fe6b84824198168eebd654c67217f1e19_s390x",
                "product": {
                  "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:28674aa8339f438392b8a22764454d8fe6b84824198168eebd654c67217f1e19_s390x",
                  "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:28674aa8339f438392b8a22764454d8fe6b84824198168eebd654c67217f1e19_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kam-delivery-rhel8@sha256:28674aa8339f438392b8a22764454d8fe6b84824198168eebd654c67217f1e19?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.7.1-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:8290826e6b7d74c3128228469c4d65e7a888a748bb3ebfdc2a39e19e7a621e5d_s390x",
                "product": {
                  "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:8290826e6b7d74c3128228469c4d65e7a888a748bb3ebfdc2a39e19e7a621e5d_s390x",
                  "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:8290826e6b7d74c3128228469c4d65e7a888a748bb3ebfdc2a39e19e7a621e5d_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/gitops-rhel8-operator@sha256:8290826e6b7d74c3128228469c4d65e7a888a748bb3ebfdc2a39e19e7a621e5d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.7.1-2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/argocd-rhel8@sha256:5b2ffb708f897def6a30ce79bdd2a0752f9dc94604aa1cc00c3c09888d01dd9b_ppc64le as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:5b2ffb708f897def6a30ce79bdd2a0752f9dc94604aa1cc00c3c09888d01dd9b_ppc64le"
        },
        "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:5b2ffb708f897def6a30ce79bdd2a0752f9dc94604aa1cc00c3c09888d01dd9b_ppc64le",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/argocd-rhel8@sha256:697fe3260ad43dd554f6092346c3f0106af0215211771e9b2172de8d24fd53d0_amd64 as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:697fe3260ad43dd554f6092346c3f0106af0215211771e9b2172de8d24fd53d0_amd64"
        },
        "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:697fe3260ad43dd554f6092346c3f0106af0215211771e9b2172de8d24fd53d0_amd64",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/argocd-rhel8@sha256:cdda42e902ec80fa1011d50f0a92bfb1c4664eb2b7fc3c0973d0784f759b06b2_s390x as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:cdda42e902ec80fa1011d50f0a92bfb1c4664eb2b7fc3c0973d0784f759b06b2_s390x"
        },
        "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:cdda42e902ec80fa1011d50f0a92bfb1c4664eb2b7fc3c0973d0784f759b06b2_s390x",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/console-plugin-rhel8@sha256:1aee3b28612788811761b00bcffb97f899643b1ed2d624c4f5c023f2920b9164_amd64 as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:1aee3b28612788811761b00bcffb97f899643b1ed2d624c4f5c023f2920b9164_amd64"
        },
        "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:1aee3b28612788811761b00bcffb97f899643b1ed2d624c4f5c023f2920b9164_amd64",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/console-plugin-rhel8@sha256:dd0451c26897a5e03632b073f0e5b2e10d9665f160e071cff66d065c87bc1662_s390x as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:dd0451c26897a5e03632b073f0e5b2e10d9665f160e071cff66d065c87bc1662_s390x"
        },
        "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:dd0451c26897a5e03632b073f0e5b2e10d9665f160e071cff66d065c87bc1662_s390x",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/console-plugin-rhel8@sha256:f31c15b113daafc9f52c3f3027ded69c45e69868c0ec7f4d51e498de38551e31_ppc64le as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:f31c15b113daafc9f52c3f3027ded69c45e69868c0ec7f4d51e498de38551e31_ppc64le"
        },
        "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:f31c15b113daafc9f52c3f3027ded69c45e69868c0ec7f4d51e498de38551e31_ppc64le",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/dex-rhel8@sha256:441063b467825b620cec873df9edfc5895580c7cd35852d121d15ac8901dc35a_ppc64le as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:441063b467825b620cec873df9edfc5895580c7cd35852d121d15ac8901dc35a_ppc64le"
        },
        "product_reference": "openshift-gitops-1/dex-rhel8@sha256:441063b467825b620cec873df9edfc5895580c7cd35852d121d15ac8901dc35a_ppc64le",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/dex-rhel8@sha256:a765f97e626340b468f37693caf160b9960520d54694dd66251e3d6221769abd_amd64 as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:a765f97e626340b468f37693caf160b9960520d54694dd66251e3d6221769abd_amd64"
        },
        "product_reference": "openshift-gitops-1/dex-rhel8@sha256:a765f97e626340b468f37693caf160b9960520d54694dd66251e3d6221769abd_amd64",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/dex-rhel8@sha256:d24444f16c81aeeed12c4bce743c66bd4e754beb3d22a7e95e0e541b6b308688_s390x as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:d24444f16c81aeeed12c4bce743c66bd4e754beb3d22a7e95e0e541b6b308688_s390x"
        },
        "product_reference": "openshift-gitops-1/dex-rhel8@sha256:d24444f16c81aeeed12c4bce743c66bd4e754beb3d22a7e95e0e541b6b308688_s390x",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/gitops-operator-bundle@sha256:633538bbab3eb3e19e03ef72334547c8ac8456a5468822aab8afe4d5b05217ac_amd64 as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-operator-bundle@sha256:633538bbab3eb3e19e03ef72334547c8ac8456a5468822aab8afe4d5b05217ac_amd64"
        },
        "product_reference": "openshift-gitops-1/gitops-operator-bundle@sha256:633538bbab3eb3e19e03ef72334547c8ac8456a5468822aab8afe4d5b05217ac_amd64",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:8290826e6b7d74c3128228469c4d65e7a888a748bb3ebfdc2a39e19e7a621e5d_s390x as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:8290826e6b7d74c3128228469c4d65e7a888a748bb3ebfdc2a39e19e7a621e5d_s390x"
        },
        "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:8290826e6b7d74c3128228469c4d65e7a888a748bb3ebfdc2a39e19e7a621e5d_s390x",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:e042760919b6ccdc275f84bebd782155125ee059ebbbc81a61427ce2a41ea883_ppc64le as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:e042760919b6ccdc275f84bebd782155125ee059ebbbc81a61427ce2a41ea883_ppc64le"
        },
        "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:e042760919b6ccdc275f84bebd782155125ee059ebbbc81a61427ce2a41ea883_ppc64le",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:e9baa10af98c0829ff5e1e34df62b19f7b75775fb80327610911a6ad74cdd041_amd64 as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:e9baa10af98c0829ff5e1e34df62b19f7b75775fb80327610911a6ad74cdd041_amd64"
        },
        "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:e9baa10af98c0829ff5e1e34df62b19f7b75775fb80327610911a6ad74cdd041_amd64",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/gitops-rhel8@sha256:139f2fe77640e8adfed2f94089863c6326f15eb7d346f66345dbee8aa296670c_s390x as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:139f2fe77640e8adfed2f94089863c6326f15eb7d346f66345dbee8aa296670c_s390x"
        },
        "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:139f2fe77640e8adfed2f94089863c6326f15eb7d346f66345dbee8aa296670c_s390x",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/gitops-rhel8@sha256:5cca52e075a7eb625170bec1c6c4b3cc9ca2e831548b12c38797cb2430b8286b_ppc64le as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:5cca52e075a7eb625170bec1c6c4b3cc9ca2e831548b12c38797cb2430b8286b_ppc64le"
        },
        "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:5cca52e075a7eb625170bec1c6c4b3cc9ca2e831548b12c38797cb2430b8286b_ppc64le",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/gitops-rhel8@sha256:acacaa3a5164793fd5b8be4dad07b256372ccab79c5a9ca8742f95a6529f6fec_amd64 as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:acacaa3a5164793fd5b8be4dad07b256372ccab79c5a9ca8742f95a6529f6fec_amd64"
        },
        "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:acacaa3a5164793fd5b8be4dad07b256372ccab79c5a9ca8742f95a6529f6fec_amd64",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:28674aa8339f438392b8a22764454d8fe6b84824198168eebd654c67217f1e19_s390x as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:28674aa8339f438392b8a22764454d8fe6b84824198168eebd654c67217f1e19_s390x"
        },
        "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:28674aa8339f438392b8a22764454d8fe6b84824198168eebd654c67217f1e19_s390x",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:cb0c68dc9fd79ce19f32b3f58a98af084158b4254d7e2884f5036d66328baefe_amd64 as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:cb0c68dc9fd79ce19f32b3f58a98af084158b4254d7e2884f5036d66328baefe_amd64"
        },
        "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:cb0c68dc9fd79ce19f32b3f58a98af084158b4254d7e2884f5036d66328baefe_amd64",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:df3b6cb8ae5c120c915415dcd087fc73135ba1da0963c071a581f62d73dc9e6c_ppc64le as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:df3b6cb8ae5c120c915415dcd087fc73135ba1da0963c071a581f62d73dc9e6c_ppc64le"
        },
        "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:df3b6cb8ae5c120c915415dcd087fc73135ba1da0963c071a581f62d73dc9e6c_ppc64le",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-22482",
      "discovery_date": "2023-01-12T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:1aee3b28612788811761b00bcffb97f899643b1ed2d624c4f5c023f2920b9164_amd64",
            "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:dd0451c26897a5e03632b073f0e5b2e10d9665f160e071cff66d065c87bc1662_s390x",
            "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:f31c15b113daafc9f52c3f3027ded69c45e69868c0ec7f4d51e498de38551e31_ppc64le",
            "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:441063b467825b620cec873df9edfc5895580c7cd35852d121d15ac8901dc35a_ppc64le",
            "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:a765f97e626340b468f37693caf160b9960520d54694dd66251e3d6221769abd_amd64",
            "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:d24444f16c81aeeed12c4bce743c66bd4e754beb3d22a7e95e0e541b6b308688_s390x",
            "8Base-GitOps-1.7:openshift-gitops-1/gitops-operator-bundle@sha256:633538bbab3eb3e19e03ef72334547c8ac8456a5468822aab8afe4d5b05217ac_amd64",
            "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:8290826e6b7d74c3128228469c4d65e7a888a748bb3ebfdc2a39e19e7a621e5d_s390x",
            "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:e042760919b6ccdc275f84bebd782155125ee059ebbbc81a61427ce2a41ea883_ppc64le",
            "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:e9baa10af98c0829ff5e1e34df62b19f7b75775fb80327610911a6ad74cdd041_amd64",
            "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:139f2fe77640e8adfed2f94089863c6326f15eb7d346f66345dbee8aa296670c_s390x",
            "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:5cca52e075a7eb625170bec1c6c4b3cc9ca2e831548b12c38797cb2430b8286b_ppc64le",
            "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:acacaa3a5164793fd5b8be4dad07b256372ccab79c5a9ca8742f95a6529f6fec_amd64",
            "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:28674aa8339f438392b8a22764454d8fe6b84824198168eebd654c67217f1e19_s390x",
            "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:cb0c68dc9fd79ce19f32b3f58a98af084158b4254d7e2884f5036d66328baefe_amd64",
            "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:df3b6cb8ae5c120c915415dcd087fc73135ba1da0963c071a581f62d73dc9e6c_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2160492"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in ArgoCD. GitOps is vulnerable to an improper authorization bug where the API may accept invalid tokens. ID providers include an audience claim in signed tokens, which may be used to restrict which services can accept the token. ArgoCD doesn\u0027t properly validate the audience claim in such scenarios; if the ID provider used with ArgoCD is also being used with other audiences, it will accept tokens that may not be intended to access the ArgoCD cluster.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "ArgoCD: JWT audience claim is not verified",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:5b2ffb708f897def6a30ce79bdd2a0752f9dc94604aa1cc00c3c09888d01dd9b_ppc64le",
          "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:697fe3260ad43dd554f6092346c3f0106af0215211771e9b2172de8d24fd53d0_amd64",
          "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:cdda42e902ec80fa1011d50f0a92bfb1c4664eb2b7fc3c0973d0784f759b06b2_s390x"
        ],
        "known_not_affected": [
          "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:1aee3b28612788811761b00bcffb97f899643b1ed2d624c4f5c023f2920b9164_amd64",
          "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:dd0451c26897a5e03632b073f0e5b2e10d9665f160e071cff66d065c87bc1662_s390x",
          "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:f31c15b113daafc9f52c3f3027ded69c45e69868c0ec7f4d51e498de38551e31_ppc64le",
          "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:441063b467825b620cec873df9edfc5895580c7cd35852d121d15ac8901dc35a_ppc64le",
          "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:a765f97e626340b468f37693caf160b9960520d54694dd66251e3d6221769abd_amd64",
          "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:d24444f16c81aeeed12c4bce743c66bd4e754beb3d22a7e95e0e541b6b308688_s390x",
          "8Base-GitOps-1.7:openshift-gitops-1/gitops-operator-bundle@sha256:633538bbab3eb3e19e03ef72334547c8ac8456a5468822aab8afe4d5b05217ac_amd64",
          "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:8290826e6b7d74c3128228469c4d65e7a888a748bb3ebfdc2a39e19e7a621e5d_s390x",
          "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:e042760919b6ccdc275f84bebd782155125ee059ebbbc81a61427ce2a41ea883_ppc64le",
          "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:e9baa10af98c0829ff5e1e34df62b19f7b75775fb80327610911a6ad74cdd041_amd64",
          "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:139f2fe77640e8adfed2f94089863c6326f15eb7d346f66345dbee8aa296670c_s390x",
          "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:5cca52e075a7eb625170bec1c6c4b3cc9ca2e831548b12c38797cb2430b8286b_ppc64le",
          "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:acacaa3a5164793fd5b8be4dad07b256372ccab79c5a9ca8742f95a6529f6fec_amd64",
          "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:28674aa8339f438392b8a22764454d8fe6b84824198168eebd654c67217f1e19_s390x",
          "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:cb0c68dc9fd79ce19f32b3f58a98af084158b4254d7e2884f5036d66328baefe_amd64",
          "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:df3b6cb8ae5c120c915415dcd087fc73135ba1da0963c071a581f62d73dc9e6c_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-22482"
        },
        {
          "category": "external",
          "summary": "RHBZ#2160492",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160492"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-22482",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-22482"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-22482",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22482"
        },
        {
          "category": "external",
          "summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-q9hr-j4rf-8fjc",
          "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-q9hr-j4rf-8fjc"
        }
      ],
      "release_date": "2023-01-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:5b2ffb708f897def6a30ce79bdd2a0752f9dc94604aa1cc00c3c09888d01dd9b_ppc64le",
            "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:697fe3260ad43dd554f6092346c3f0106af0215211771e9b2172de8d24fd53d0_amd64",
            "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:cdda42e902ec80fa1011d50f0a92bfb1c4664eb2b7fc3c0973d0784f759b06b2_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0467"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:5b2ffb708f897def6a30ce79bdd2a0752f9dc94604aa1cc00c3c09888d01dd9b_ppc64le",
            "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:697fe3260ad43dd554f6092346c3f0106af0215211771e9b2172de8d24fd53d0_amd64",
            "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:cdda42e902ec80fa1011d50f0a92bfb1c4664eb2b7fc3c0973d0784f759b06b2_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "ArgoCD: JWT audience claim is not verified"
    },
    {
      "cve": "CVE-2023-22736",
      "discovery_date": "2023-01-19T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:1aee3b28612788811761b00bcffb97f899643b1ed2d624c4f5c023f2920b9164_amd64",
            "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:dd0451c26897a5e03632b073f0e5b2e10d9665f160e071cff66d065c87bc1662_s390x",
            "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:f31c15b113daafc9f52c3f3027ded69c45e69868c0ec7f4d51e498de38551e31_ppc64le",
            "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:441063b467825b620cec873df9edfc5895580c7cd35852d121d15ac8901dc35a_ppc64le",
            "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:a765f97e626340b468f37693caf160b9960520d54694dd66251e3d6221769abd_amd64",
            "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:d24444f16c81aeeed12c4bce743c66bd4e754beb3d22a7e95e0e541b6b308688_s390x",
            "8Base-GitOps-1.7:openshift-gitops-1/gitops-operator-bundle@sha256:633538bbab3eb3e19e03ef72334547c8ac8456a5468822aab8afe4d5b05217ac_amd64",
            "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:8290826e6b7d74c3128228469c4d65e7a888a748bb3ebfdc2a39e19e7a621e5d_s390x",
            "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:e042760919b6ccdc275f84bebd782155125ee059ebbbc81a61427ce2a41ea883_ppc64le",
            "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:e9baa10af98c0829ff5e1e34df62b19f7b75775fb80327610911a6ad74cdd041_amd64",
            "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:139f2fe77640e8adfed2f94089863c6326f15eb7d346f66345dbee8aa296670c_s390x",
            "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:5cca52e075a7eb625170bec1c6c4b3cc9ca2e831548b12c38797cb2430b8286b_ppc64le",
            "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:acacaa3a5164793fd5b8be4dad07b256372ccab79c5a9ca8742f95a6529f6fec_amd64",
            "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:28674aa8339f438392b8a22764454d8fe6b84824198168eebd654c67217f1e19_s390x",
            "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:cb0c68dc9fd79ce19f32b3f58a98af084158b4254d7e2884f5036d66328baefe_amd64",
            "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:df3b6cb8ae5c120c915415dcd087fc73135ba1da0963c071a581f62d73dc9e6c_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2162517"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Red Hat GitOps, which is vulnerable to an authorization bypass in ArgoCD. This flaw allows users to deploy applications outside the allowed namespaces. The issue happens due to a logic error when interpreting the comma-separated namespaces list. To complete the attack, the attacker must have enough privileges to update deployed applications.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "argocd: Controller reconciles apps outside configured namespaces when sharding is enabled",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue only affects Red Hat GitOps version 1.7, as the vulnerability was introduced in ArgoCD-2.5.\nThis vulnerability affects only deployments with \"apps-in-any-namespace\" feature by setting application.namespaces in the argocd-cmd-params-cm ConfigMap or otherwise setting the --application-namespaces flags on the Application controller and API server components.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:5b2ffb708f897def6a30ce79bdd2a0752f9dc94604aa1cc00c3c09888d01dd9b_ppc64le",
          "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:697fe3260ad43dd554f6092346c3f0106af0215211771e9b2172de8d24fd53d0_amd64",
          "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:cdda42e902ec80fa1011d50f0a92bfb1c4664eb2b7fc3c0973d0784f759b06b2_s390x"
        ],
        "known_not_affected": [
          "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:1aee3b28612788811761b00bcffb97f899643b1ed2d624c4f5c023f2920b9164_amd64",
          "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:dd0451c26897a5e03632b073f0e5b2e10d9665f160e071cff66d065c87bc1662_s390x",
          "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:f31c15b113daafc9f52c3f3027ded69c45e69868c0ec7f4d51e498de38551e31_ppc64le",
          "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:441063b467825b620cec873df9edfc5895580c7cd35852d121d15ac8901dc35a_ppc64le",
          "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:a765f97e626340b468f37693caf160b9960520d54694dd66251e3d6221769abd_amd64",
          "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:d24444f16c81aeeed12c4bce743c66bd4e754beb3d22a7e95e0e541b6b308688_s390x",
          "8Base-GitOps-1.7:openshift-gitops-1/gitops-operator-bundle@sha256:633538bbab3eb3e19e03ef72334547c8ac8456a5468822aab8afe4d5b05217ac_amd64",
          "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:8290826e6b7d74c3128228469c4d65e7a888a748bb3ebfdc2a39e19e7a621e5d_s390x",
          "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:e042760919b6ccdc275f84bebd782155125ee059ebbbc81a61427ce2a41ea883_ppc64le",
          "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:e9baa10af98c0829ff5e1e34df62b19f7b75775fb80327610911a6ad74cdd041_amd64",
          "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:139f2fe77640e8adfed2f94089863c6326f15eb7d346f66345dbee8aa296670c_s390x",
          "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:5cca52e075a7eb625170bec1c6c4b3cc9ca2e831548b12c38797cb2430b8286b_ppc64le",
          "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:acacaa3a5164793fd5b8be4dad07b256372ccab79c5a9ca8742f95a6529f6fec_amd64",
          "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:28674aa8339f438392b8a22764454d8fe6b84824198168eebd654c67217f1e19_s390x",
          "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:cb0c68dc9fd79ce19f32b3f58a98af084158b4254d7e2884f5036d66328baefe_amd64",
          "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:df3b6cb8ae5c120c915415dcd087fc73135ba1da0963c071a581f62d73dc9e6c_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-22736"
        },
        {
          "category": "external",
          "summary": "RHBZ#2162517",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162517"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-22736",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-22736"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-22736",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22736"
        },
        {
          "category": "external",
          "summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-6p4m-hw2h-6gmw",
          "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-6p4m-hw2h-6gmw"
        }
      ],
      "release_date": "2023-01-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:5b2ffb708f897def6a30ce79bdd2a0752f9dc94604aa1cc00c3c09888d01dd9b_ppc64le",
            "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:697fe3260ad43dd554f6092346c3f0106af0215211771e9b2172de8d24fd53d0_amd64",
            "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:cdda42e902ec80fa1011d50f0a92bfb1c4664eb2b7fc3c0973d0784f759b06b2_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0467"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:5b2ffb708f897def6a30ce79bdd2a0752f9dc94604aa1cc00c3c09888d01dd9b_ppc64le",
            "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:697fe3260ad43dd554f6092346c3f0106af0215211771e9b2172de8d24fd53d0_amd64",
            "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:cdda42e902ec80fa1011d50f0a92bfb1c4664eb2b7fc3c0973d0784f759b06b2_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "argocd: Controller reconciles apps outside configured namespaces when sharding is enabled"
    }
  ]
}

cve-2023-22482

Vulnerability from cvelistv5

Published

2023-01-25 18:25

Modified

2024-08-02 10:13

Severity

9.0 (Critical) - cvssV3_1 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Summary

JWT audience claim is not verified

References

URL	Tags
https://github.com/argoproj/argo-cd/security/advisories/GHSA-q9hr-j4rf-8fjc	x_refsource_CONFIRM

Impacted products

Vendor	Product
argoproj	argo-cd

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:13:48.469Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-q9hr-j4rf-8fjc",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-q9hr-j4rf-8fjc"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "argo-cd",
          "vendor": "argoproj",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.8.2, \u003c 2.3.13"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.4.0-rc1, \u003c 2.4.19"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.5.0-rc1, \u003c 2.5.6"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.6.0-rc1, \u003c 2.6.0-rc3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions of Argo CD starting with v1.8.2 and prior to 2.3.13, 2.4.19, 2.5.6, and 2.6.0-rc-3  are vulnerable to an improper authorization bug causing the API to accept certain invalid tokens. OIDC providers include an `aud` (audience) claim in signed tokens. The value of that claim specifies the intended audience(s) of the token (i.e. the service or services which are meant to accept the token). Argo CD _does_ validate that the token was signed by Argo CD\u0027s configured OIDC provider. But Argo CD _does not_ validate the audience claim, so it will accept tokens that are not intended for Argo CD. If Argo CD\u0027s configured OIDC provider also serves other audiences (for example, a file storage service), then Argo CD will accept a token intended for one of those other audiences. Argo CD will grant the user privileges based on the token\u0027s `groups` claim, even though those groups were not intended to be used by Argo CD. This bug also increases the impact of a stolen token. If an attacker steals a valid token for a different audience, they can use it to access Argo CD. A patch for this vulnerability has been released in versions 2.6.0-rc3, 2.5.6, 2.4.19, and 2.3.13. There are no workarounds."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-25T18:25:15.287Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-q9hr-j4rf-8fjc",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-q9hr-j4rf-8fjc"
        }
      ],
      "source": {
        "advisory": "GHSA-q9hr-j4rf-8fjc",
        "discovery": "UNKNOWN"
      },
      "title": "JWT audience claim is not verified"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-22482",
    "datePublished": "2023-01-25T18:25:15.287Z",
    "dateReserved": "2022-12-29T17:41:28.088Z",
    "dateUpdated": "2024-08-02T10:13:48.469Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-22736

Vulnerability from cvelistv5

Published

2023-01-26 03:35

Modified

2024-08-02 10:13

Severity

8.5 (High) - cvssV3_1 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Summary

argo-cd Controller reconciles apps outside configured namespaces when sharding is enabled

References

URL	Tags
https://github.com/argoproj/argo-cd/security/advisories/GHSA-6p4m-hw2h-6gmw	x_refsource_CONFIRM

Impacted products

Vendor	Product
argoproj	argo-cd

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:13:50.215Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-6p4m-hw2h-6gmw",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-6p4m-hw2h-6gmw"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "argo-cd",
          "vendor": "argoproj",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 2.5.0=rc1, \u003c 2.5.8"
            },
            {
              "status": "affected",
              "version": "= 2.6.0-rc4, \u003c 2.6.0-rc5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions starting with 2.5.0-rc1 and above, prior to 2.5.8, and version 2.6.0-rc4, are vulnerable to an authorization bypass bug which allows a malicious Argo CD user to deploy Applications outside the configured allowed namespaces. Reconciled Application namespaces are specified as a comma-delimited list of glob patterns. When sharding is enabled on the Application controller, it does not enforce that list of patterns when reconciling Applications. For example, if Application namespaces are configured to be argocd-*, the Application controller may reconcile an Application installed in a namespace called other, even though it does not start with argocd-. Reconciliation of the out-of-bounds Application is only triggered when the Application is updated, so the attacker must be able to cause an update operation on the Application resource. This bug only applies to users who have explicitly enabled the \"apps-in-any-namespace\" feature by setting `application.namespaces` in the argocd-cmd-params-cm ConfigMap or otherwise setting the `--application-namespaces` flags on the Application controller and API server components. The apps-in-any-namespace feature is in beta as of this Security Advisory\u0027s publish date. The bug is also limited to Argo CD instances where sharding is enabled by increasing the `replicas` count for the Application controller. Finally, the AppProjects\u0027 `sourceNamespaces` field acts as a secondary check against this exploit. To cause reconciliation of an Application in an out-of-bounds namespace, an AppProject must be available which permits Applications in the out-of-bounds namespace. A patch for this vulnerability has been released in versions 2.5.8 and 2.6.0-rc5. As a workaround, running only one replica of the Application controller will prevent exploitation of this bug. Making sure all AppProjects\u0027 sourceNamespaces are restricted within the confines of the configured Application namespaces will also prevent exploitation of this bug."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862: Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-26T03:35:27.309Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-6p4m-hw2h-6gmw",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-6p4m-hw2h-6gmw"
        }
      ],
      "source": {
        "advisory": "GHSA-6p4m-hw2h-6gmw",
        "discovery": "UNKNOWN"
      },
      "title": "argo-cd Controller reconciles apps outside configured namespaces when sharding is enabled"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-22736",
    "datePublished": "2023-01-26T03:35:27.309Z",
    "dateReserved": "2023-01-06T14:21:05.892Z",
    "dateUpdated": "2024-08-02T10:13:50.215Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Action not permitted

rhsa-2023_0467

Vulnerability from csaf_redhat

cve-2023-22482

Vulnerability from cvelistv5

cve-2023-22736

Vulnerability from cvelistv5

Tags