rhsa-2023_0467
Vulnerability from csaf_redhat
Published
2023-01-25 20:31
Modified
2024-09-16 10:08
Summary
Red Hat Security Advisory: Red Hat OpenShift GitOps security update
Notes
Topic
An update is now available for Red Hat OpenShift GitOps 1.7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.
Security Fix(es):
* ArgoCD: JWT audience claim is not verified (CVE-2023-22482)
* ArgoCD: authorization bypass (CVE-2023-22736)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat OpenShift GitOps 1.7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.\n\nSecurity Fix(es):\n\n* ArgoCD: JWT audience claim is not verified (CVE-2023-22482)\n\n* ArgoCD: authorization bypass (CVE-2023-22736)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:0467", "url": "https://access.redhat.com/errata/RHSA-2023:0467" }, { "category": "external", "summary": "https://docs.openshift.com/container-platform/latest/cicd/gitops/understanding-openshift-gitops.html", "url": "https://docs.openshift.com/container-platform/latest/cicd/gitops/understanding-openshift-gitops.html" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2160492", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160492" }, { "category": "external", "summary": "2162517", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162517" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_0467.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift GitOps security update", "tracking": { "current_release_date": "2024-09-16T10:08:19+00:00", "generator": { "date": "2024-09-16T10:08:19+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2023:0467", "initial_release_date": "2023-01-25T20:31:53+00:00", "revision_history": [ { "date": "2023-01-25T20:31:53+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-01-25T20:31:53+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-16T10:08:19+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift GitOps 1.7", "product": { "name": "Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_gitops:1.7::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift GitOps" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-1/argocd-rhel8@sha256:697fe3260ad43dd554f6092346c3f0106af0215211771e9b2172de8d24fd53d0_amd64", "product": { "name": "openshift-gitops-1/argocd-rhel8@sha256:697fe3260ad43dd554f6092346c3f0106af0215211771e9b2172de8d24fd53d0_amd64", "product_id": "openshift-gitops-1/argocd-rhel8@sha256:697fe3260ad43dd554f6092346c3f0106af0215211771e9b2172de8d24fd53d0_amd64", "product_identification_helper": { "purl": "pkg:oci/argocd-rhel8@sha256:697fe3260ad43dd554f6092346c3f0106af0215211771e9b2172de8d24fd53d0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.7.1-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/console-plugin-rhel8@sha256:1aee3b28612788811761b00bcffb97f899643b1ed2d624c4f5c023f2920b9164_amd64", "product": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:1aee3b28612788811761b00bcffb97f899643b1ed2d624c4f5c023f2920b9164_amd64", "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:1aee3b28612788811761b00bcffb97f899643b1ed2d624c4f5c023f2920b9164_amd64", "product_identification_helper": { "purl": "pkg:oci/console-plugin-rhel8@sha256:1aee3b28612788811761b00bcffb97f899643b1ed2d624c4f5c023f2920b9164?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.7.1-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8@sha256:acacaa3a5164793fd5b8be4dad07b256372ccab79c5a9ca8742f95a6529f6fec_amd64", "product": { "name": "openshift-gitops-1/gitops-rhel8@sha256:acacaa3a5164793fd5b8be4dad07b256372ccab79c5a9ca8742f95a6529f6fec_amd64", "product_id": "openshift-gitops-1/gitops-rhel8@sha256:acacaa3a5164793fd5b8be4dad07b256372ccab79c5a9ca8742f95a6529f6fec_amd64", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8@sha256:acacaa3a5164793fd5b8be4dad07b256372ccab79c5a9ca8742f95a6529f6fec?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.7.1-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/dex-rhel8@sha256:a765f97e626340b468f37693caf160b9960520d54694dd66251e3d6221769abd_amd64", "product": { "name": "openshift-gitops-1/dex-rhel8@sha256:a765f97e626340b468f37693caf160b9960520d54694dd66251e3d6221769abd_amd64", "product_id": "openshift-gitops-1/dex-rhel8@sha256:a765f97e626340b468f37693caf160b9960520d54694dd66251e3d6221769abd_amd64", "product_identification_helper": { "purl": "pkg:oci/dex-rhel8@sha256:a765f97e626340b468f37693caf160b9960520d54694dd66251e3d6221769abd?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.7.1-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:cb0c68dc9fd79ce19f32b3f58a98af084158b4254d7e2884f5036d66328baefe_amd64", "product": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:cb0c68dc9fd79ce19f32b3f58a98af084158b4254d7e2884f5036d66328baefe_amd64", "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:cb0c68dc9fd79ce19f32b3f58a98af084158b4254d7e2884f5036d66328baefe_amd64", "product_identification_helper": { "purl": "pkg:oci/kam-delivery-rhel8@sha256:cb0c68dc9fd79ce19f32b3f58a98af084158b4254d7e2884f5036d66328baefe?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.7.1-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-operator-bundle@sha256:633538bbab3eb3e19e03ef72334547c8ac8456a5468822aab8afe4d5b05217ac_amd64", "product": { "name": "openshift-gitops-1/gitops-operator-bundle@sha256:633538bbab3eb3e19e03ef72334547c8ac8456a5468822aab8afe4d5b05217ac_amd64", "product_id": "openshift-gitops-1/gitops-operator-bundle@sha256:633538bbab3eb3e19e03ef72334547c8ac8456a5468822aab8afe4d5b05217ac_amd64", "product_identification_helper": { "purl": "pkg:oci/gitops-operator-bundle@sha256:633538bbab3eb3e19e03ef72334547c8ac8456a5468822aab8afe4d5b05217ac?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-operator-bundle\u0026tag=v1.7.1-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:e9baa10af98c0829ff5e1e34df62b19f7b75775fb80327610911a6ad74cdd041_amd64", "product": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:e9baa10af98c0829ff5e1e34df62b19f7b75775fb80327610911a6ad74cdd041_amd64", "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:e9baa10af98c0829ff5e1e34df62b19f7b75775fb80327610911a6ad74cdd041_amd64", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8-operator@sha256:e9baa10af98c0829ff5e1e34df62b19f7b75775fb80327610911a6ad74cdd041?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.7.1-2" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-1/argocd-rhel8@sha256:5b2ffb708f897def6a30ce79bdd2a0752f9dc94604aa1cc00c3c09888d01dd9b_ppc64le", "product": { "name": "openshift-gitops-1/argocd-rhel8@sha256:5b2ffb708f897def6a30ce79bdd2a0752f9dc94604aa1cc00c3c09888d01dd9b_ppc64le", "product_id": "openshift-gitops-1/argocd-rhel8@sha256:5b2ffb708f897def6a30ce79bdd2a0752f9dc94604aa1cc00c3c09888d01dd9b_ppc64le", "product_identification_helper": { "purl": "pkg:oci/argocd-rhel8@sha256:5b2ffb708f897def6a30ce79bdd2a0752f9dc94604aa1cc00c3c09888d01dd9b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.7.1-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/console-plugin-rhel8@sha256:f31c15b113daafc9f52c3f3027ded69c45e69868c0ec7f4d51e498de38551e31_ppc64le", "product": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:f31c15b113daafc9f52c3f3027ded69c45e69868c0ec7f4d51e498de38551e31_ppc64le", "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:f31c15b113daafc9f52c3f3027ded69c45e69868c0ec7f4d51e498de38551e31_ppc64le", "product_identification_helper": { "purl": "pkg:oci/console-plugin-rhel8@sha256:f31c15b113daafc9f52c3f3027ded69c45e69868c0ec7f4d51e498de38551e31?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.7.1-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8@sha256:5cca52e075a7eb625170bec1c6c4b3cc9ca2e831548b12c38797cb2430b8286b_ppc64le", "product": { "name": "openshift-gitops-1/gitops-rhel8@sha256:5cca52e075a7eb625170bec1c6c4b3cc9ca2e831548b12c38797cb2430b8286b_ppc64le", "product_id": "openshift-gitops-1/gitops-rhel8@sha256:5cca52e075a7eb625170bec1c6c4b3cc9ca2e831548b12c38797cb2430b8286b_ppc64le", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8@sha256:5cca52e075a7eb625170bec1c6c4b3cc9ca2e831548b12c38797cb2430b8286b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.7.1-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/dex-rhel8@sha256:441063b467825b620cec873df9edfc5895580c7cd35852d121d15ac8901dc35a_ppc64le", "product": { "name": "openshift-gitops-1/dex-rhel8@sha256:441063b467825b620cec873df9edfc5895580c7cd35852d121d15ac8901dc35a_ppc64le", "product_id": "openshift-gitops-1/dex-rhel8@sha256:441063b467825b620cec873df9edfc5895580c7cd35852d121d15ac8901dc35a_ppc64le", "product_identification_helper": { "purl": "pkg:oci/dex-rhel8@sha256:441063b467825b620cec873df9edfc5895580c7cd35852d121d15ac8901dc35a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.7.1-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:df3b6cb8ae5c120c915415dcd087fc73135ba1da0963c071a581f62d73dc9e6c_ppc64le", "product": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:df3b6cb8ae5c120c915415dcd087fc73135ba1da0963c071a581f62d73dc9e6c_ppc64le", "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:df3b6cb8ae5c120c915415dcd087fc73135ba1da0963c071a581f62d73dc9e6c_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kam-delivery-rhel8@sha256:df3b6cb8ae5c120c915415dcd087fc73135ba1da0963c071a581f62d73dc9e6c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.7.1-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:e042760919b6ccdc275f84bebd782155125ee059ebbbc81a61427ce2a41ea883_ppc64le", "product": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:e042760919b6ccdc275f84bebd782155125ee059ebbbc81a61427ce2a41ea883_ppc64le", "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:e042760919b6ccdc275f84bebd782155125ee059ebbbc81a61427ce2a41ea883_ppc64le", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8-operator@sha256:e042760919b6ccdc275f84bebd782155125ee059ebbbc81a61427ce2a41ea883?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.7.1-2" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-1/argocd-rhel8@sha256:cdda42e902ec80fa1011d50f0a92bfb1c4664eb2b7fc3c0973d0784f759b06b2_s390x", "product": { "name": "openshift-gitops-1/argocd-rhel8@sha256:cdda42e902ec80fa1011d50f0a92bfb1c4664eb2b7fc3c0973d0784f759b06b2_s390x", "product_id": "openshift-gitops-1/argocd-rhel8@sha256:cdda42e902ec80fa1011d50f0a92bfb1c4664eb2b7fc3c0973d0784f759b06b2_s390x", "product_identification_helper": { "purl": "pkg:oci/argocd-rhel8@sha256:cdda42e902ec80fa1011d50f0a92bfb1c4664eb2b7fc3c0973d0784f759b06b2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.7.1-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/console-plugin-rhel8@sha256:dd0451c26897a5e03632b073f0e5b2e10d9665f160e071cff66d065c87bc1662_s390x", "product": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:dd0451c26897a5e03632b073f0e5b2e10d9665f160e071cff66d065c87bc1662_s390x", "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:dd0451c26897a5e03632b073f0e5b2e10d9665f160e071cff66d065c87bc1662_s390x", "product_identification_helper": { "purl": "pkg:oci/console-plugin-rhel8@sha256:dd0451c26897a5e03632b073f0e5b2e10d9665f160e071cff66d065c87bc1662?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.7.1-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8@sha256:139f2fe77640e8adfed2f94089863c6326f15eb7d346f66345dbee8aa296670c_s390x", "product": { "name": "openshift-gitops-1/gitops-rhel8@sha256:139f2fe77640e8adfed2f94089863c6326f15eb7d346f66345dbee8aa296670c_s390x", "product_id": "openshift-gitops-1/gitops-rhel8@sha256:139f2fe77640e8adfed2f94089863c6326f15eb7d346f66345dbee8aa296670c_s390x", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8@sha256:139f2fe77640e8adfed2f94089863c6326f15eb7d346f66345dbee8aa296670c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.7.1-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/dex-rhel8@sha256:d24444f16c81aeeed12c4bce743c66bd4e754beb3d22a7e95e0e541b6b308688_s390x", "product": { "name": "openshift-gitops-1/dex-rhel8@sha256:d24444f16c81aeeed12c4bce743c66bd4e754beb3d22a7e95e0e541b6b308688_s390x", "product_id": "openshift-gitops-1/dex-rhel8@sha256:d24444f16c81aeeed12c4bce743c66bd4e754beb3d22a7e95e0e541b6b308688_s390x", "product_identification_helper": { "purl": "pkg:oci/dex-rhel8@sha256:d24444f16c81aeeed12c4bce743c66bd4e754beb3d22a7e95e0e541b6b308688?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.7.1-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:28674aa8339f438392b8a22764454d8fe6b84824198168eebd654c67217f1e19_s390x", "product": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:28674aa8339f438392b8a22764454d8fe6b84824198168eebd654c67217f1e19_s390x", "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:28674aa8339f438392b8a22764454d8fe6b84824198168eebd654c67217f1e19_s390x", "product_identification_helper": { "purl": "pkg:oci/kam-delivery-rhel8@sha256:28674aa8339f438392b8a22764454d8fe6b84824198168eebd654c67217f1e19?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.7.1-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:8290826e6b7d74c3128228469c4d65e7a888a748bb3ebfdc2a39e19e7a621e5d_s390x", "product": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:8290826e6b7d74c3128228469c4d65e7a888a748bb3ebfdc2a39e19e7a621e5d_s390x", "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:8290826e6b7d74c3128228469c4d65e7a888a748bb3ebfdc2a39e19e7a621e5d_s390x", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8-operator@sha256:8290826e6b7d74c3128228469c4d65e7a888a748bb3ebfdc2a39e19e7a621e5d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.7.1-2" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argocd-rhel8@sha256:5b2ffb708f897def6a30ce79bdd2a0752f9dc94604aa1cc00c3c09888d01dd9b_ppc64le as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:5b2ffb708f897def6a30ce79bdd2a0752f9dc94604aa1cc00c3c09888d01dd9b_ppc64le" }, "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:5b2ffb708f897def6a30ce79bdd2a0752f9dc94604aa1cc00c3c09888d01dd9b_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argocd-rhel8@sha256:697fe3260ad43dd554f6092346c3f0106af0215211771e9b2172de8d24fd53d0_amd64 as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:697fe3260ad43dd554f6092346c3f0106af0215211771e9b2172de8d24fd53d0_amd64" }, "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:697fe3260ad43dd554f6092346c3f0106af0215211771e9b2172de8d24fd53d0_amd64", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argocd-rhel8@sha256:cdda42e902ec80fa1011d50f0a92bfb1c4664eb2b7fc3c0973d0784f759b06b2_s390x as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:cdda42e902ec80fa1011d50f0a92bfb1c4664eb2b7fc3c0973d0784f759b06b2_s390x" }, "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:cdda42e902ec80fa1011d50f0a92bfb1c4664eb2b7fc3c0973d0784f759b06b2_s390x", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:1aee3b28612788811761b00bcffb97f899643b1ed2d624c4f5c023f2920b9164_amd64 as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:1aee3b28612788811761b00bcffb97f899643b1ed2d624c4f5c023f2920b9164_amd64" }, "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:1aee3b28612788811761b00bcffb97f899643b1ed2d624c4f5c023f2920b9164_amd64", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:dd0451c26897a5e03632b073f0e5b2e10d9665f160e071cff66d065c87bc1662_s390x as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:dd0451c26897a5e03632b073f0e5b2e10d9665f160e071cff66d065c87bc1662_s390x" }, "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:dd0451c26897a5e03632b073f0e5b2e10d9665f160e071cff66d065c87bc1662_s390x", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:f31c15b113daafc9f52c3f3027ded69c45e69868c0ec7f4d51e498de38551e31_ppc64le as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:f31c15b113daafc9f52c3f3027ded69c45e69868c0ec7f4d51e498de38551e31_ppc64le" }, "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:f31c15b113daafc9f52c3f3027ded69c45e69868c0ec7f4d51e498de38551e31_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/dex-rhel8@sha256:441063b467825b620cec873df9edfc5895580c7cd35852d121d15ac8901dc35a_ppc64le as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:441063b467825b620cec873df9edfc5895580c7cd35852d121d15ac8901dc35a_ppc64le" }, "product_reference": "openshift-gitops-1/dex-rhel8@sha256:441063b467825b620cec873df9edfc5895580c7cd35852d121d15ac8901dc35a_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/dex-rhel8@sha256:a765f97e626340b468f37693caf160b9960520d54694dd66251e3d6221769abd_amd64 as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:a765f97e626340b468f37693caf160b9960520d54694dd66251e3d6221769abd_amd64" }, "product_reference": "openshift-gitops-1/dex-rhel8@sha256:a765f97e626340b468f37693caf160b9960520d54694dd66251e3d6221769abd_amd64", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/dex-rhel8@sha256:d24444f16c81aeeed12c4bce743c66bd4e754beb3d22a7e95e0e541b6b308688_s390x as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:d24444f16c81aeeed12c4bce743c66bd4e754beb3d22a7e95e0e541b6b308688_s390x" }, "product_reference": "openshift-gitops-1/dex-rhel8@sha256:d24444f16c81aeeed12c4bce743c66bd4e754beb3d22a7e95e0e541b6b308688_s390x", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-operator-bundle@sha256:633538bbab3eb3e19e03ef72334547c8ac8456a5468822aab8afe4d5b05217ac_amd64 as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-operator-bundle@sha256:633538bbab3eb3e19e03ef72334547c8ac8456a5468822aab8afe4d5b05217ac_amd64" }, "product_reference": "openshift-gitops-1/gitops-operator-bundle@sha256:633538bbab3eb3e19e03ef72334547c8ac8456a5468822aab8afe4d5b05217ac_amd64", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:8290826e6b7d74c3128228469c4d65e7a888a748bb3ebfdc2a39e19e7a621e5d_s390x as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:8290826e6b7d74c3128228469c4d65e7a888a748bb3ebfdc2a39e19e7a621e5d_s390x" }, "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:8290826e6b7d74c3128228469c4d65e7a888a748bb3ebfdc2a39e19e7a621e5d_s390x", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:e042760919b6ccdc275f84bebd782155125ee059ebbbc81a61427ce2a41ea883_ppc64le as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:e042760919b6ccdc275f84bebd782155125ee059ebbbc81a61427ce2a41ea883_ppc64le" }, "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:e042760919b6ccdc275f84bebd782155125ee059ebbbc81a61427ce2a41ea883_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:e9baa10af98c0829ff5e1e34df62b19f7b75775fb80327610911a6ad74cdd041_amd64 as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:e9baa10af98c0829ff5e1e34df62b19f7b75775fb80327610911a6ad74cdd041_amd64" }, "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:e9baa10af98c0829ff5e1e34df62b19f7b75775fb80327610911a6ad74cdd041_amd64", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8@sha256:139f2fe77640e8adfed2f94089863c6326f15eb7d346f66345dbee8aa296670c_s390x as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:139f2fe77640e8adfed2f94089863c6326f15eb7d346f66345dbee8aa296670c_s390x" }, "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:139f2fe77640e8adfed2f94089863c6326f15eb7d346f66345dbee8aa296670c_s390x", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8@sha256:5cca52e075a7eb625170bec1c6c4b3cc9ca2e831548b12c38797cb2430b8286b_ppc64le as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:5cca52e075a7eb625170bec1c6c4b3cc9ca2e831548b12c38797cb2430b8286b_ppc64le" }, "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:5cca52e075a7eb625170bec1c6c4b3cc9ca2e831548b12c38797cb2430b8286b_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8@sha256:acacaa3a5164793fd5b8be4dad07b256372ccab79c5a9ca8742f95a6529f6fec_amd64 as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:acacaa3a5164793fd5b8be4dad07b256372ccab79c5a9ca8742f95a6529f6fec_amd64" }, "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:acacaa3a5164793fd5b8be4dad07b256372ccab79c5a9ca8742f95a6529f6fec_amd64", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:28674aa8339f438392b8a22764454d8fe6b84824198168eebd654c67217f1e19_s390x as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:28674aa8339f438392b8a22764454d8fe6b84824198168eebd654c67217f1e19_s390x" }, "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:28674aa8339f438392b8a22764454d8fe6b84824198168eebd654c67217f1e19_s390x", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:cb0c68dc9fd79ce19f32b3f58a98af084158b4254d7e2884f5036d66328baefe_amd64 as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:cb0c68dc9fd79ce19f32b3f58a98af084158b4254d7e2884f5036d66328baefe_amd64" }, "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:cb0c68dc9fd79ce19f32b3f58a98af084158b4254d7e2884f5036d66328baefe_amd64", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:df3b6cb8ae5c120c915415dcd087fc73135ba1da0963c071a581f62d73dc9e6c_ppc64le as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:df3b6cb8ae5c120c915415dcd087fc73135ba1da0963c071a581f62d73dc9e6c_ppc64le" }, "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:df3b6cb8ae5c120c915415dcd087fc73135ba1da0963c071a581f62d73dc9e6c_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.7" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-22482", "discovery_date": "2023-01-12T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:1aee3b28612788811761b00bcffb97f899643b1ed2d624c4f5c023f2920b9164_amd64", "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:dd0451c26897a5e03632b073f0e5b2e10d9665f160e071cff66d065c87bc1662_s390x", "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:f31c15b113daafc9f52c3f3027ded69c45e69868c0ec7f4d51e498de38551e31_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:441063b467825b620cec873df9edfc5895580c7cd35852d121d15ac8901dc35a_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:a765f97e626340b468f37693caf160b9960520d54694dd66251e3d6221769abd_amd64", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:d24444f16c81aeeed12c4bce743c66bd4e754beb3d22a7e95e0e541b6b308688_s390x", "8Base-GitOps-1.7:openshift-gitops-1/gitops-operator-bundle@sha256:633538bbab3eb3e19e03ef72334547c8ac8456a5468822aab8afe4d5b05217ac_amd64", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:8290826e6b7d74c3128228469c4d65e7a888a748bb3ebfdc2a39e19e7a621e5d_s390x", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:e042760919b6ccdc275f84bebd782155125ee059ebbbc81a61427ce2a41ea883_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:e9baa10af98c0829ff5e1e34df62b19f7b75775fb80327610911a6ad74cdd041_amd64", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:139f2fe77640e8adfed2f94089863c6326f15eb7d346f66345dbee8aa296670c_s390x", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:5cca52e075a7eb625170bec1c6c4b3cc9ca2e831548b12c38797cb2430b8286b_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:acacaa3a5164793fd5b8be4dad07b256372ccab79c5a9ca8742f95a6529f6fec_amd64", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:28674aa8339f438392b8a22764454d8fe6b84824198168eebd654c67217f1e19_s390x", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:cb0c68dc9fd79ce19f32b3f58a98af084158b4254d7e2884f5036d66328baefe_amd64", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:df3b6cb8ae5c120c915415dcd087fc73135ba1da0963c071a581f62d73dc9e6c_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2160492" } ], "notes": [ { "category": "description", "text": "A flaw was found in ArgoCD. GitOps is vulnerable to an improper authorization bug where the API may accept invalid tokens. ID providers include an audience claim in signed tokens, which may be used to restrict which services can accept the token. ArgoCD doesn\u0027t properly validate the audience claim in such scenarios; if the ID provider used with ArgoCD is also being used with other audiences, it will accept tokens that may not be intended to access the ArgoCD cluster.", "title": "Vulnerability description" }, { "category": "summary", "text": "ArgoCD: JWT audience claim is not verified", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:5b2ffb708f897def6a30ce79bdd2a0752f9dc94604aa1cc00c3c09888d01dd9b_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:697fe3260ad43dd554f6092346c3f0106af0215211771e9b2172de8d24fd53d0_amd64", "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:cdda42e902ec80fa1011d50f0a92bfb1c4664eb2b7fc3c0973d0784f759b06b2_s390x" ], "known_not_affected": [ "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:1aee3b28612788811761b00bcffb97f899643b1ed2d624c4f5c023f2920b9164_amd64", "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:dd0451c26897a5e03632b073f0e5b2e10d9665f160e071cff66d065c87bc1662_s390x", "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:f31c15b113daafc9f52c3f3027ded69c45e69868c0ec7f4d51e498de38551e31_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:441063b467825b620cec873df9edfc5895580c7cd35852d121d15ac8901dc35a_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:a765f97e626340b468f37693caf160b9960520d54694dd66251e3d6221769abd_amd64", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:d24444f16c81aeeed12c4bce743c66bd4e754beb3d22a7e95e0e541b6b308688_s390x", "8Base-GitOps-1.7:openshift-gitops-1/gitops-operator-bundle@sha256:633538bbab3eb3e19e03ef72334547c8ac8456a5468822aab8afe4d5b05217ac_amd64", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:8290826e6b7d74c3128228469c4d65e7a888a748bb3ebfdc2a39e19e7a621e5d_s390x", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:e042760919b6ccdc275f84bebd782155125ee059ebbbc81a61427ce2a41ea883_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:e9baa10af98c0829ff5e1e34df62b19f7b75775fb80327610911a6ad74cdd041_amd64", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:139f2fe77640e8adfed2f94089863c6326f15eb7d346f66345dbee8aa296670c_s390x", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:5cca52e075a7eb625170bec1c6c4b3cc9ca2e831548b12c38797cb2430b8286b_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:acacaa3a5164793fd5b8be4dad07b256372ccab79c5a9ca8742f95a6529f6fec_amd64", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:28674aa8339f438392b8a22764454d8fe6b84824198168eebd654c67217f1e19_s390x", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:cb0c68dc9fd79ce19f32b3f58a98af084158b4254d7e2884f5036d66328baefe_amd64", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:df3b6cb8ae5c120c915415dcd087fc73135ba1da0963c071a581f62d73dc9e6c_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-22482" }, { "category": "external", "summary": "RHBZ#2160492", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160492" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-22482", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22482" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-22482", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22482" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-q9hr-j4rf-8fjc", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-q9hr-j4rf-8fjc" } ], "release_date": "2023-01-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:5b2ffb708f897def6a30ce79bdd2a0752f9dc94604aa1cc00c3c09888d01dd9b_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:697fe3260ad43dd554f6092346c3f0106af0215211771e9b2172de8d24fd53d0_amd64", "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:cdda42e902ec80fa1011d50f0a92bfb1c4664eb2b7fc3c0973d0784f759b06b2_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0467" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:5b2ffb708f897def6a30ce79bdd2a0752f9dc94604aa1cc00c3c09888d01dd9b_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:697fe3260ad43dd554f6092346c3f0106af0215211771e9b2172de8d24fd53d0_amd64", "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:cdda42e902ec80fa1011d50f0a92bfb1c4664eb2b7fc3c0973d0784f759b06b2_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "ArgoCD: JWT audience claim is not verified" }, { "cve": "CVE-2023-22736", "discovery_date": "2023-01-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:1aee3b28612788811761b00bcffb97f899643b1ed2d624c4f5c023f2920b9164_amd64", "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:dd0451c26897a5e03632b073f0e5b2e10d9665f160e071cff66d065c87bc1662_s390x", "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:f31c15b113daafc9f52c3f3027ded69c45e69868c0ec7f4d51e498de38551e31_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:441063b467825b620cec873df9edfc5895580c7cd35852d121d15ac8901dc35a_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:a765f97e626340b468f37693caf160b9960520d54694dd66251e3d6221769abd_amd64", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:d24444f16c81aeeed12c4bce743c66bd4e754beb3d22a7e95e0e541b6b308688_s390x", "8Base-GitOps-1.7:openshift-gitops-1/gitops-operator-bundle@sha256:633538bbab3eb3e19e03ef72334547c8ac8456a5468822aab8afe4d5b05217ac_amd64", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:8290826e6b7d74c3128228469c4d65e7a888a748bb3ebfdc2a39e19e7a621e5d_s390x", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:e042760919b6ccdc275f84bebd782155125ee059ebbbc81a61427ce2a41ea883_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:e9baa10af98c0829ff5e1e34df62b19f7b75775fb80327610911a6ad74cdd041_amd64", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:139f2fe77640e8adfed2f94089863c6326f15eb7d346f66345dbee8aa296670c_s390x", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:5cca52e075a7eb625170bec1c6c4b3cc9ca2e831548b12c38797cb2430b8286b_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:acacaa3a5164793fd5b8be4dad07b256372ccab79c5a9ca8742f95a6529f6fec_amd64", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:28674aa8339f438392b8a22764454d8fe6b84824198168eebd654c67217f1e19_s390x", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:cb0c68dc9fd79ce19f32b3f58a98af084158b4254d7e2884f5036d66328baefe_amd64", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:df3b6cb8ae5c120c915415dcd087fc73135ba1da0963c071a581f62d73dc9e6c_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2162517" } ], "notes": [ { "category": "description", "text": "A flaw was found in Red Hat GitOps, which is vulnerable to an authorization bypass in ArgoCD. This flaw allows users to deploy applications outside the allowed namespaces. The issue happens due to a logic error when interpreting the comma-separated namespaces list. To complete the attack, the attacker must have enough privileges to update deployed applications.", "title": "Vulnerability description" }, { "category": "summary", "text": "argocd: Controller reconciles apps outside configured namespaces when sharding is enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue only affects Red Hat GitOps version 1.7, as the vulnerability was introduced in ArgoCD-2.5.\nThis vulnerability affects only deployments with \"apps-in-any-namespace\" feature by setting application.namespaces in the argocd-cmd-params-cm ConfigMap or otherwise setting the --application-namespaces flags on the Application controller and API server components.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:5b2ffb708f897def6a30ce79bdd2a0752f9dc94604aa1cc00c3c09888d01dd9b_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:697fe3260ad43dd554f6092346c3f0106af0215211771e9b2172de8d24fd53d0_amd64", "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:cdda42e902ec80fa1011d50f0a92bfb1c4664eb2b7fc3c0973d0784f759b06b2_s390x" ], "known_not_affected": [ "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:1aee3b28612788811761b00bcffb97f899643b1ed2d624c4f5c023f2920b9164_amd64", "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:dd0451c26897a5e03632b073f0e5b2e10d9665f160e071cff66d065c87bc1662_s390x", "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:f31c15b113daafc9f52c3f3027ded69c45e69868c0ec7f4d51e498de38551e31_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:441063b467825b620cec873df9edfc5895580c7cd35852d121d15ac8901dc35a_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:a765f97e626340b468f37693caf160b9960520d54694dd66251e3d6221769abd_amd64", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:d24444f16c81aeeed12c4bce743c66bd4e754beb3d22a7e95e0e541b6b308688_s390x", "8Base-GitOps-1.7:openshift-gitops-1/gitops-operator-bundle@sha256:633538bbab3eb3e19e03ef72334547c8ac8456a5468822aab8afe4d5b05217ac_amd64", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:8290826e6b7d74c3128228469c4d65e7a888a748bb3ebfdc2a39e19e7a621e5d_s390x", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:e042760919b6ccdc275f84bebd782155125ee059ebbbc81a61427ce2a41ea883_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:e9baa10af98c0829ff5e1e34df62b19f7b75775fb80327610911a6ad74cdd041_amd64", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:139f2fe77640e8adfed2f94089863c6326f15eb7d346f66345dbee8aa296670c_s390x", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:5cca52e075a7eb625170bec1c6c4b3cc9ca2e831548b12c38797cb2430b8286b_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:acacaa3a5164793fd5b8be4dad07b256372ccab79c5a9ca8742f95a6529f6fec_amd64", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:28674aa8339f438392b8a22764454d8fe6b84824198168eebd654c67217f1e19_s390x", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:cb0c68dc9fd79ce19f32b3f58a98af084158b4254d7e2884f5036d66328baefe_amd64", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:df3b6cb8ae5c120c915415dcd087fc73135ba1da0963c071a581f62d73dc9e6c_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-22736" }, { "category": "external", "summary": "RHBZ#2162517", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162517" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-22736", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22736" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-22736", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22736" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-6p4m-hw2h-6gmw", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-6p4m-hw2h-6gmw" } ], "release_date": "2023-01-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:5b2ffb708f897def6a30ce79bdd2a0752f9dc94604aa1cc00c3c09888d01dd9b_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:697fe3260ad43dd554f6092346c3f0106af0215211771e9b2172de8d24fd53d0_amd64", "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:cdda42e902ec80fa1011d50f0a92bfb1c4664eb2b7fc3c0973d0784f759b06b2_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0467" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:5b2ffb708f897def6a30ce79bdd2a0752f9dc94604aa1cc00c3c09888d01dd9b_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:697fe3260ad43dd554f6092346c3f0106af0215211771e9b2172de8d24fd53d0_amd64", "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:cdda42e902ec80fa1011d50f0a92bfb1c4664eb2b7fc3c0973d0784f759b06b2_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "argocd: Controller reconciles apps outside configured namespaces when sharding is enabled" } ] }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.