rhsa-2023_0803
Vulnerability from csaf_redhat
Published
2023-02-17 03:46
Modified
2024-12-17 09:05
Summary
Red Hat Security Advisory: Red Hat OpenShift GitOps security update
Notes
Topic
An update is now available for Red Hat OpenShift GitOps 1.7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Security Fix(es):
* goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be (CVE-2021-4238)
* go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents (CVE-2022-3064)
* ArgoCD: Users with any cluster secret update access may update out-of-bounds cluster secrets (CVE-2023-23947)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat OpenShift GitOps 1.7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Security Fix(es):\n\n* goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be (CVE-2021-4238)\n\n* go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents (CVE-2022-3064)\n\n* ArgoCD: Users with any cluster secret update access may update out-of-bounds cluster secrets (CVE-2023-23947)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:0803", "url": "https://access.redhat.com/errata/RHSA-2023:0803" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2156729", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156729" }, { "category": "external", "summary": "2163037", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163037" }, { "category": "external", "summary": "2167819", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167819" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0803.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift GitOps security update", "tracking": { "current_release_date": "2024-12-17T09:05:33+00:00", "generator": { "date": "2024-12-17T09:05:33+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2023:0803", "initial_release_date": "2023-02-17T03:46:17+00:00", "revision_history": [ { "date": "2023-02-17T03:46:17+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-02-17T03:46:17+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-17T09:05:33+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift GitOps 1.7", "product": { "name": "Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_gitops:1.7::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift GitOps" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-1/argocd-rhel8@sha256:eb9a7c5dcc7ef24a113743cbae3749830be6cf9116fffd591c8e244f47a5b3c8_ppc64le", "product": { "name": "openshift-gitops-1/argocd-rhel8@sha256:eb9a7c5dcc7ef24a113743cbae3749830be6cf9116fffd591c8e244f47a5b3c8_ppc64le", "product_id": "openshift-gitops-1/argocd-rhel8@sha256:eb9a7c5dcc7ef24a113743cbae3749830be6cf9116fffd591c8e244f47a5b3c8_ppc64le", "product_identification_helper": { "purl": "pkg:oci/argocd-rhel8@sha256:eb9a7c5dcc7ef24a113743cbae3749830be6cf9116fffd591c8e244f47a5b3c8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.7.2-5" } } }, { "category": "product_version", "name": "openshift-gitops-1/console-plugin-rhel8@sha256:243698a0d707846209c9fbdccfc27d856c69c7fedc986244e67e15b3753c376e_ppc64le", "product": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:243698a0d707846209c9fbdccfc27d856c69c7fedc986244e67e15b3753c376e_ppc64le", "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:243698a0d707846209c9fbdccfc27d856c69c7fedc986244e67e15b3753c376e_ppc64le", "product_identification_helper": { "purl": "pkg:oci/console-plugin-rhel8@sha256:243698a0d707846209c9fbdccfc27d856c69c7fedc986244e67e15b3753c376e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.7.2-5" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8@sha256:7847ed11dda4ee9dda0cc5acf4e1a2d53daee2f7eb1eeceed107d9f5f0eafdeb_ppc64le", "product": { "name": "openshift-gitops-1/gitops-rhel8@sha256:7847ed11dda4ee9dda0cc5acf4e1a2d53daee2f7eb1eeceed107d9f5f0eafdeb_ppc64le", "product_id": "openshift-gitops-1/gitops-rhel8@sha256:7847ed11dda4ee9dda0cc5acf4e1a2d53daee2f7eb1eeceed107d9f5f0eafdeb_ppc64le", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8@sha256:7847ed11dda4ee9dda0cc5acf4e1a2d53daee2f7eb1eeceed107d9f5f0eafdeb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.7.2-5" } } }, { "category": "product_version", "name": "openshift-gitops-1/dex-rhel8@sha256:c113d9688c45115124e4b54e670ac23309214a8bbc7be45dd247e01144bada1b_ppc64le", "product": { "name": "openshift-gitops-1/dex-rhel8@sha256:c113d9688c45115124e4b54e670ac23309214a8bbc7be45dd247e01144bada1b_ppc64le", "product_id": "openshift-gitops-1/dex-rhel8@sha256:c113d9688c45115124e4b54e670ac23309214a8bbc7be45dd247e01144bada1b_ppc64le", "product_identification_helper": { "purl": "pkg:oci/dex-rhel8@sha256:c113d9688c45115124e4b54e670ac23309214a8bbc7be45dd247e01144bada1b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.7.2-5" } } }, { "category": "product_version", "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:6cb64efe25cd6c41abe9a58176ec103a9801a8e72594396988865995cef01279_ppc64le", "product": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:6cb64efe25cd6c41abe9a58176ec103a9801a8e72594396988865995cef01279_ppc64le", "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:6cb64efe25cd6c41abe9a58176ec103a9801a8e72594396988865995cef01279_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kam-delivery-rhel8@sha256:6cb64efe25cd6c41abe9a58176ec103a9801a8e72594396988865995cef01279?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.7.2-5" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:bbf970d916e70f6c355a0f46d5aebac7a40bb7a8d0f3c88e54b4c9594a148609_ppc64le", "product": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:bbf970d916e70f6c355a0f46d5aebac7a40bb7a8d0f3c88e54b4c9594a148609_ppc64le", "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:bbf970d916e70f6c355a0f46d5aebac7a40bb7a8d0f3c88e54b4c9594a148609_ppc64le", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8-operator@sha256:bbf970d916e70f6c355a0f46d5aebac7a40bb7a8d0f3c88e54b4c9594a148609?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.7.2-5" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-1/argocd-rhel8@sha256:98f30bf044386bb6343a266829e40b4fdc9bd83ad4f8139d103f939b5a527b7d_amd64", "product": { "name": "openshift-gitops-1/argocd-rhel8@sha256:98f30bf044386bb6343a266829e40b4fdc9bd83ad4f8139d103f939b5a527b7d_amd64", "product_id": "openshift-gitops-1/argocd-rhel8@sha256:98f30bf044386bb6343a266829e40b4fdc9bd83ad4f8139d103f939b5a527b7d_amd64", "product_identification_helper": { "purl": "pkg:oci/argocd-rhel8@sha256:98f30bf044386bb6343a266829e40b4fdc9bd83ad4f8139d103f939b5a527b7d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.7.2-5" } } }, { "category": "product_version", "name": "openshift-gitops-1/console-plugin-rhel8@sha256:91462e656b5eb2a043dd47730bdf143eceb9f92f14dff3ea88f6a622e8cdbc1b_amd64", "product": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:91462e656b5eb2a043dd47730bdf143eceb9f92f14dff3ea88f6a622e8cdbc1b_amd64", "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:91462e656b5eb2a043dd47730bdf143eceb9f92f14dff3ea88f6a622e8cdbc1b_amd64", "product_identification_helper": { "purl": "pkg:oci/console-plugin-rhel8@sha256:91462e656b5eb2a043dd47730bdf143eceb9f92f14dff3ea88f6a622e8cdbc1b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.7.2-5" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8@sha256:1bad76a860f3797db87162a6f5ecb62779211dff9aaefdce00cf18cff1eec04f_amd64", "product": { "name": "openshift-gitops-1/gitops-rhel8@sha256:1bad76a860f3797db87162a6f5ecb62779211dff9aaefdce00cf18cff1eec04f_amd64", "product_id": "openshift-gitops-1/gitops-rhel8@sha256:1bad76a860f3797db87162a6f5ecb62779211dff9aaefdce00cf18cff1eec04f_amd64", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8@sha256:1bad76a860f3797db87162a6f5ecb62779211dff9aaefdce00cf18cff1eec04f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.7.2-5" } } }, { "category": "product_version", "name": "openshift-gitops-1/dex-rhel8@sha256:599d4876fdd9154183ea550dedbd29e2f62bc54ebef39f863c4e6340caa321cc_amd64", "product": { "name": "openshift-gitops-1/dex-rhel8@sha256:599d4876fdd9154183ea550dedbd29e2f62bc54ebef39f863c4e6340caa321cc_amd64", "product_id": "openshift-gitops-1/dex-rhel8@sha256:599d4876fdd9154183ea550dedbd29e2f62bc54ebef39f863c4e6340caa321cc_amd64", "product_identification_helper": { "purl": "pkg:oci/dex-rhel8@sha256:599d4876fdd9154183ea550dedbd29e2f62bc54ebef39f863c4e6340caa321cc?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.7.2-5" } } }, { "category": "product_version", "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:6239f8b5efd6839cd1dfc8f032b005cc5cefcb7a94dba9508d749cbbe7306e30_amd64", "product": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:6239f8b5efd6839cd1dfc8f032b005cc5cefcb7a94dba9508d749cbbe7306e30_amd64", "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:6239f8b5efd6839cd1dfc8f032b005cc5cefcb7a94dba9508d749cbbe7306e30_amd64", "product_identification_helper": { "purl": "pkg:oci/kam-delivery-rhel8@sha256:6239f8b5efd6839cd1dfc8f032b005cc5cefcb7a94dba9508d749cbbe7306e30?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.7.2-5" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-operator-bundle@sha256:ec0dba75d110318fe1513346982468591412b61e40e9dd8c9436f586977f0225_amd64", "product": { "name": "openshift-gitops-1/gitops-operator-bundle@sha256:ec0dba75d110318fe1513346982468591412b61e40e9dd8c9436f586977f0225_amd64", "product_id": "openshift-gitops-1/gitops-operator-bundle@sha256:ec0dba75d110318fe1513346982468591412b61e40e9dd8c9436f586977f0225_amd64", "product_identification_helper": { "purl": "pkg:oci/gitops-operator-bundle@sha256:ec0dba75d110318fe1513346982468591412b61e40e9dd8c9436f586977f0225?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-operator-bundle\u0026tag=v1.7.2-5" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:e1ad747e6897f848bb678149f793381ba939580b6ea3d3e402862730e0167bbf_amd64", "product": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:e1ad747e6897f848bb678149f793381ba939580b6ea3d3e402862730e0167bbf_amd64", "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:e1ad747e6897f848bb678149f793381ba939580b6ea3d3e402862730e0167bbf_amd64", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8-operator@sha256:e1ad747e6897f848bb678149f793381ba939580b6ea3d3e402862730e0167bbf?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.7.2-5" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-1/argocd-rhel8@sha256:1162e57874f39e1edbed8db181ec06edef1585a2f643f0121fcdd291059345d8_s390x", "product": { "name": "openshift-gitops-1/argocd-rhel8@sha256:1162e57874f39e1edbed8db181ec06edef1585a2f643f0121fcdd291059345d8_s390x", "product_id": "openshift-gitops-1/argocd-rhel8@sha256:1162e57874f39e1edbed8db181ec06edef1585a2f643f0121fcdd291059345d8_s390x", "product_identification_helper": { "purl": "pkg:oci/argocd-rhel8@sha256:1162e57874f39e1edbed8db181ec06edef1585a2f643f0121fcdd291059345d8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.7.2-5" } } }, { "category": "product_version", "name": "openshift-gitops-1/console-plugin-rhel8@sha256:d14e75f35f7379306ed5c2bdde1faedf5f2a9f2ddee9e7e287e9e4a488578997_s390x", "product": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:d14e75f35f7379306ed5c2bdde1faedf5f2a9f2ddee9e7e287e9e4a488578997_s390x", "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:d14e75f35f7379306ed5c2bdde1faedf5f2a9f2ddee9e7e287e9e4a488578997_s390x", "product_identification_helper": { "purl": "pkg:oci/console-plugin-rhel8@sha256:d14e75f35f7379306ed5c2bdde1faedf5f2a9f2ddee9e7e287e9e4a488578997?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.7.2-5" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8@sha256:e8d07649283ee58baee5787fb91be7306a4647ceafda8e29e34c164910af5de0_s390x", "product": { "name": "openshift-gitops-1/gitops-rhel8@sha256:e8d07649283ee58baee5787fb91be7306a4647ceafda8e29e34c164910af5de0_s390x", "product_id": "openshift-gitops-1/gitops-rhel8@sha256:e8d07649283ee58baee5787fb91be7306a4647ceafda8e29e34c164910af5de0_s390x", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8@sha256:e8d07649283ee58baee5787fb91be7306a4647ceafda8e29e34c164910af5de0?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.7.2-5" } } }, { "category": "product_version", "name": "openshift-gitops-1/dex-rhel8@sha256:87ea07546cd74311850546c8a798d49c6d206b6bf40971981d6c9449aeb5399c_s390x", "product": { "name": "openshift-gitops-1/dex-rhel8@sha256:87ea07546cd74311850546c8a798d49c6d206b6bf40971981d6c9449aeb5399c_s390x", "product_id": "openshift-gitops-1/dex-rhel8@sha256:87ea07546cd74311850546c8a798d49c6d206b6bf40971981d6c9449aeb5399c_s390x", "product_identification_helper": { "purl": "pkg:oci/dex-rhel8@sha256:87ea07546cd74311850546c8a798d49c6d206b6bf40971981d6c9449aeb5399c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.7.2-5" } } }, { "category": "product_version", "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:0512e79564b78645f9f5c9eefb81c2c22f13a1b320dbd4eb5eb25f6c66096b25_s390x", "product": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:0512e79564b78645f9f5c9eefb81c2c22f13a1b320dbd4eb5eb25f6c66096b25_s390x", "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:0512e79564b78645f9f5c9eefb81c2c22f13a1b320dbd4eb5eb25f6c66096b25_s390x", "product_identification_helper": { "purl": "pkg:oci/kam-delivery-rhel8@sha256:0512e79564b78645f9f5c9eefb81c2c22f13a1b320dbd4eb5eb25f6c66096b25?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.7.2-5" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:b5cb00fc43571269aad5ecf0a778ec139a86ee5dcea0f9ab0f9aa8359a8cd544_s390x", "product": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:b5cb00fc43571269aad5ecf0a778ec139a86ee5dcea0f9ab0f9aa8359a8cd544_s390x", "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:b5cb00fc43571269aad5ecf0a778ec139a86ee5dcea0f9ab0f9aa8359a8cd544_s390x", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8-operator@sha256:b5cb00fc43571269aad5ecf0a778ec139a86ee5dcea0f9ab0f9aa8359a8cd544?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.7.2-5" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argocd-rhel8@sha256:1162e57874f39e1edbed8db181ec06edef1585a2f643f0121fcdd291059345d8_s390x as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:1162e57874f39e1edbed8db181ec06edef1585a2f643f0121fcdd291059345d8_s390x" }, "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:1162e57874f39e1edbed8db181ec06edef1585a2f643f0121fcdd291059345d8_s390x", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argocd-rhel8@sha256:98f30bf044386bb6343a266829e40b4fdc9bd83ad4f8139d103f939b5a527b7d_amd64 as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:98f30bf044386bb6343a266829e40b4fdc9bd83ad4f8139d103f939b5a527b7d_amd64" }, "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:98f30bf044386bb6343a266829e40b4fdc9bd83ad4f8139d103f939b5a527b7d_amd64", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argocd-rhel8@sha256:eb9a7c5dcc7ef24a113743cbae3749830be6cf9116fffd591c8e244f47a5b3c8_ppc64le as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:eb9a7c5dcc7ef24a113743cbae3749830be6cf9116fffd591c8e244f47a5b3c8_ppc64le" }, "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:eb9a7c5dcc7ef24a113743cbae3749830be6cf9116fffd591c8e244f47a5b3c8_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:243698a0d707846209c9fbdccfc27d856c69c7fedc986244e67e15b3753c376e_ppc64le as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:243698a0d707846209c9fbdccfc27d856c69c7fedc986244e67e15b3753c376e_ppc64le" }, "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:243698a0d707846209c9fbdccfc27d856c69c7fedc986244e67e15b3753c376e_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:91462e656b5eb2a043dd47730bdf143eceb9f92f14dff3ea88f6a622e8cdbc1b_amd64 as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:91462e656b5eb2a043dd47730bdf143eceb9f92f14dff3ea88f6a622e8cdbc1b_amd64" }, "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:91462e656b5eb2a043dd47730bdf143eceb9f92f14dff3ea88f6a622e8cdbc1b_amd64", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:d14e75f35f7379306ed5c2bdde1faedf5f2a9f2ddee9e7e287e9e4a488578997_s390x as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:d14e75f35f7379306ed5c2bdde1faedf5f2a9f2ddee9e7e287e9e4a488578997_s390x" }, "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:d14e75f35f7379306ed5c2bdde1faedf5f2a9f2ddee9e7e287e9e4a488578997_s390x", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/dex-rhel8@sha256:599d4876fdd9154183ea550dedbd29e2f62bc54ebef39f863c4e6340caa321cc_amd64 as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:599d4876fdd9154183ea550dedbd29e2f62bc54ebef39f863c4e6340caa321cc_amd64" }, "product_reference": "openshift-gitops-1/dex-rhel8@sha256:599d4876fdd9154183ea550dedbd29e2f62bc54ebef39f863c4e6340caa321cc_amd64", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/dex-rhel8@sha256:87ea07546cd74311850546c8a798d49c6d206b6bf40971981d6c9449aeb5399c_s390x as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:87ea07546cd74311850546c8a798d49c6d206b6bf40971981d6c9449aeb5399c_s390x" }, "product_reference": "openshift-gitops-1/dex-rhel8@sha256:87ea07546cd74311850546c8a798d49c6d206b6bf40971981d6c9449aeb5399c_s390x", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/dex-rhel8@sha256:c113d9688c45115124e4b54e670ac23309214a8bbc7be45dd247e01144bada1b_ppc64le as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:c113d9688c45115124e4b54e670ac23309214a8bbc7be45dd247e01144bada1b_ppc64le" }, "product_reference": "openshift-gitops-1/dex-rhel8@sha256:c113d9688c45115124e4b54e670ac23309214a8bbc7be45dd247e01144bada1b_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-operator-bundle@sha256:ec0dba75d110318fe1513346982468591412b61e40e9dd8c9436f586977f0225_amd64 as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-operator-bundle@sha256:ec0dba75d110318fe1513346982468591412b61e40e9dd8c9436f586977f0225_amd64" }, "product_reference": "openshift-gitops-1/gitops-operator-bundle@sha256:ec0dba75d110318fe1513346982468591412b61e40e9dd8c9436f586977f0225_amd64", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:b5cb00fc43571269aad5ecf0a778ec139a86ee5dcea0f9ab0f9aa8359a8cd544_s390x as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:b5cb00fc43571269aad5ecf0a778ec139a86ee5dcea0f9ab0f9aa8359a8cd544_s390x" }, "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:b5cb00fc43571269aad5ecf0a778ec139a86ee5dcea0f9ab0f9aa8359a8cd544_s390x", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:bbf970d916e70f6c355a0f46d5aebac7a40bb7a8d0f3c88e54b4c9594a148609_ppc64le as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:bbf970d916e70f6c355a0f46d5aebac7a40bb7a8d0f3c88e54b4c9594a148609_ppc64le" }, "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:bbf970d916e70f6c355a0f46d5aebac7a40bb7a8d0f3c88e54b4c9594a148609_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:e1ad747e6897f848bb678149f793381ba939580b6ea3d3e402862730e0167bbf_amd64 as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:e1ad747e6897f848bb678149f793381ba939580b6ea3d3e402862730e0167bbf_amd64" }, "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:e1ad747e6897f848bb678149f793381ba939580b6ea3d3e402862730e0167bbf_amd64", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8@sha256:1bad76a860f3797db87162a6f5ecb62779211dff9aaefdce00cf18cff1eec04f_amd64 as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:1bad76a860f3797db87162a6f5ecb62779211dff9aaefdce00cf18cff1eec04f_amd64" }, "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:1bad76a860f3797db87162a6f5ecb62779211dff9aaefdce00cf18cff1eec04f_amd64", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8@sha256:7847ed11dda4ee9dda0cc5acf4e1a2d53daee2f7eb1eeceed107d9f5f0eafdeb_ppc64le as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:7847ed11dda4ee9dda0cc5acf4e1a2d53daee2f7eb1eeceed107d9f5f0eafdeb_ppc64le" }, "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:7847ed11dda4ee9dda0cc5acf4e1a2d53daee2f7eb1eeceed107d9f5f0eafdeb_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8@sha256:e8d07649283ee58baee5787fb91be7306a4647ceafda8e29e34c164910af5de0_s390x as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:e8d07649283ee58baee5787fb91be7306a4647ceafda8e29e34c164910af5de0_s390x" }, "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:e8d07649283ee58baee5787fb91be7306a4647ceafda8e29e34c164910af5de0_s390x", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:0512e79564b78645f9f5c9eefb81c2c22f13a1b320dbd4eb5eb25f6c66096b25_s390x as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:0512e79564b78645f9f5c9eefb81c2c22f13a1b320dbd4eb5eb25f6c66096b25_s390x" }, "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:0512e79564b78645f9f5c9eefb81c2c22f13a1b320dbd4eb5eb25f6c66096b25_s390x", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:6239f8b5efd6839cd1dfc8f032b005cc5cefcb7a94dba9508d749cbbe7306e30_amd64 as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:6239f8b5efd6839cd1dfc8f032b005cc5cefcb7a94dba9508d749cbbe7306e30_amd64" }, "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:6239f8b5efd6839cd1dfc8f032b005cc5cefcb7a94dba9508d749cbbe7306e30_amd64", "relates_to_product_reference": "8Base-GitOps-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:6cb64efe25cd6c41abe9a58176ec103a9801a8e72594396988865995cef01279_ppc64le as a component of Red Hat OpenShift GitOps 1.7", "product_id": "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:6cb64efe25cd6c41abe9a58176ec103a9801a8e72594396988865995cef01279_ppc64le" }, "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:6cb64efe25cd6c41abe9a58176ec103a9801a8e72594396988865995cef01279_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.7" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-4238", "cwe": { "id": "CWE-331", "name": "Insufficient Entropy" }, "discovery_date": "2022-12-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:243698a0d707846209c9fbdccfc27d856c69c7fedc986244e67e15b3753c376e_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:91462e656b5eb2a043dd47730bdf143eceb9f92f14dff3ea88f6a622e8cdbc1b_amd64", "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:d14e75f35f7379306ed5c2bdde1faedf5f2a9f2ddee9e7e287e9e4a488578997_s390x", "8Base-GitOps-1.7:openshift-gitops-1/gitops-operator-bundle@sha256:ec0dba75d110318fe1513346982468591412b61e40e9dd8c9436f586977f0225_amd64", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:1bad76a860f3797db87162a6f5ecb62779211dff9aaefdce00cf18cff1eec04f_amd64", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:7847ed11dda4ee9dda0cc5acf4e1a2d53daee2f7eb1eeceed107d9f5f0eafdeb_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:e8d07649283ee58baee5787fb91be7306a4647ceafda8e29e34c164910af5de0_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156729" } ], "notes": [ { "category": "description", "text": "A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issue significantly reduces the amount of entropy generated in short strings by these functions.", "title": "Vulnerability description" }, { "category": "summary", "text": "goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:1162e57874f39e1edbed8db181ec06edef1585a2f643f0121fcdd291059345d8_s390x", "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:98f30bf044386bb6343a266829e40b4fdc9bd83ad4f8139d103f939b5a527b7d_amd64", "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:eb9a7c5dcc7ef24a113743cbae3749830be6cf9116fffd591c8e244f47a5b3c8_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:599d4876fdd9154183ea550dedbd29e2f62bc54ebef39f863c4e6340caa321cc_amd64", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:87ea07546cd74311850546c8a798d49c6d206b6bf40971981d6c9449aeb5399c_s390x", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:c113d9688c45115124e4b54e670ac23309214a8bbc7be45dd247e01144bada1b_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:b5cb00fc43571269aad5ecf0a778ec139a86ee5dcea0f9ab0f9aa8359a8cd544_s390x", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:bbf970d916e70f6c355a0f46d5aebac7a40bb7a8d0f3c88e54b4c9594a148609_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:e1ad747e6897f848bb678149f793381ba939580b6ea3d3e402862730e0167bbf_amd64", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:0512e79564b78645f9f5c9eefb81c2c22f13a1b320dbd4eb5eb25f6c66096b25_s390x", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:6239f8b5efd6839cd1dfc8f032b005cc5cefcb7a94dba9508d749cbbe7306e30_amd64", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:6cb64efe25cd6c41abe9a58176ec103a9801a8e72594396988865995cef01279_ppc64le" ], "known_not_affected": [ "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:243698a0d707846209c9fbdccfc27d856c69c7fedc986244e67e15b3753c376e_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:91462e656b5eb2a043dd47730bdf143eceb9f92f14dff3ea88f6a622e8cdbc1b_amd64", "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:d14e75f35f7379306ed5c2bdde1faedf5f2a9f2ddee9e7e287e9e4a488578997_s390x", "8Base-GitOps-1.7:openshift-gitops-1/gitops-operator-bundle@sha256:ec0dba75d110318fe1513346982468591412b61e40e9dd8c9436f586977f0225_amd64", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:1bad76a860f3797db87162a6f5ecb62779211dff9aaefdce00cf18cff1eec04f_amd64", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:7847ed11dda4ee9dda0cc5acf4e1a2d53daee2f7eb1eeceed107d9f5f0eafdeb_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:e8d07649283ee58baee5787fb91be7306a4647ceafda8e29e34c164910af5de0_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-4238" }, { "category": "external", "summary": "RHBZ#2156729", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156729" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-4238", "url": "https://www.cve.org/CVERecord?id=CVE-2021-4238" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4238", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4238" }, { "category": "external", "summary": "https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1", "url": "https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-3839-6r69-m497", "url": "https://github.com/advisories/GHSA-3839-6r69-m497" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2022-0411", "url": "https://pkg.go.dev/vuln/GO-2022-0411" } ], "release_date": "2022-12-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-02-17T03:46:17+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:1162e57874f39e1edbed8db181ec06edef1585a2f643f0121fcdd291059345d8_s390x", "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:98f30bf044386bb6343a266829e40b4fdc9bd83ad4f8139d103f939b5a527b7d_amd64", "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:eb9a7c5dcc7ef24a113743cbae3749830be6cf9116fffd591c8e244f47a5b3c8_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:599d4876fdd9154183ea550dedbd29e2f62bc54ebef39f863c4e6340caa321cc_amd64", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:87ea07546cd74311850546c8a798d49c6d206b6bf40971981d6c9449aeb5399c_s390x", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:c113d9688c45115124e4b54e670ac23309214a8bbc7be45dd247e01144bada1b_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:b5cb00fc43571269aad5ecf0a778ec139a86ee5dcea0f9ab0f9aa8359a8cd544_s390x", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:bbf970d916e70f6c355a0f46d5aebac7a40bb7a8d0f3c88e54b4c9594a148609_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:e1ad747e6897f848bb678149f793381ba939580b6ea3d3e402862730e0167bbf_amd64", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:0512e79564b78645f9f5c9eefb81c2c22f13a1b320dbd4eb5eb25f6c66096b25_s390x", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:6239f8b5efd6839cd1dfc8f032b005cc5cefcb7a94dba9508d749cbbe7306e30_amd64", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:6cb64efe25cd6c41abe9a58176ec103a9801a8e72594396988865995cef01279_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0803" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:1162e57874f39e1edbed8db181ec06edef1585a2f643f0121fcdd291059345d8_s390x", "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:98f30bf044386bb6343a266829e40b4fdc9bd83ad4f8139d103f939b5a527b7d_amd64", "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:eb9a7c5dcc7ef24a113743cbae3749830be6cf9116fffd591c8e244f47a5b3c8_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:243698a0d707846209c9fbdccfc27d856c69c7fedc986244e67e15b3753c376e_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:91462e656b5eb2a043dd47730bdf143eceb9f92f14dff3ea88f6a622e8cdbc1b_amd64", "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:d14e75f35f7379306ed5c2bdde1faedf5f2a9f2ddee9e7e287e9e4a488578997_s390x", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:599d4876fdd9154183ea550dedbd29e2f62bc54ebef39f863c4e6340caa321cc_amd64", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:87ea07546cd74311850546c8a798d49c6d206b6bf40971981d6c9449aeb5399c_s390x", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:c113d9688c45115124e4b54e670ac23309214a8bbc7be45dd247e01144bada1b_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/gitops-operator-bundle@sha256:ec0dba75d110318fe1513346982468591412b61e40e9dd8c9436f586977f0225_amd64", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:b5cb00fc43571269aad5ecf0a778ec139a86ee5dcea0f9ab0f9aa8359a8cd544_s390x", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:bbf970d916e70f6c355a0f46d5aebac7a40bb7a8d0f3c88e54b4c9594a148609_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:e1ad747e6897f848bb678149f793381ba939580b6ea3d3e402862730e0167bbf_amd64", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:1bad76a860f3797db87162a6f5ecb62779211dff9aaefdce00cf18cff1eec04f_amd64", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:7847ed11dda4ee9dda0cc5acf4e1a2d53daee2f7eb1eeceed107d9f5f0eafdeb_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:e8d07649283ee58baee5787fb91be7306a4647ceafda8e29e34c164910af5de0_s390x", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:0512e79564b78645f9f5c9eefb81c2c22f13a1b320dbd4eb5eb25f6c66096b25_s390x", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:6239f8b5efd6839cd1dfc8f032b005cc5cefcb7a94dba9508d749cbbe7306e30_amd64", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:6cb64efe25cd6c41abe9a58176ec103a9801a8e72594396988865995cef01279_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be" }, { "cve": "CVE-2022-3064", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-01-23T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:243698a0d707846209c9fbdccfc27d856c69c7fedc986244e67e15b3753c376e_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:91462e656b5eb2a043dd47730bdf143eceb9f92f14dff3ea88f6a622e8cdbc1b_amd64", "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:d14e75f35f7379306ed5c2bdde1faedf5f2a9f2ddee9e7e287e9e4a488578997_s390x", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:599d4876fdd9154183ea550dedbd29e2f62bc54ebef39f863c4e6340caa321cc_amd64", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:87ea07546cd74311850546c8a798d49c6d206b6bf40971981d6c9449aeb5399c_s390x", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:c113d9688c45115124e4b54e670ac23309214a8bbc7be45dd247e01144bada1b_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/gitops-operator-bundle@sha256:ec0dba75d110318fe1513346982468591412b61e40e9dd8c9436f586977f0225_amd64", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:b5cb00fc43571269aad5ecf0a778ec139a86ee5dcea0f9ab0f9aa8359a8cd544_s390x", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:bbf970d916e70f6c355a0f46d5aebac7a40bb7a8d0f3c88e54b4c9594a148609_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:e1ad747e6897f848bb678149f793381ba939580b6ea3d3e402862730e0167bbf_amd64", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:1bad76a860f3797db87162a6f5ecb62779211dff9aaefdce00cf18cff1eec04f_amd64", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:7847ed11dda4ee9dda0cc5acf4e1a2d53daee2f7eb1eeceed107d9f5f0eafdeb_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:e8d07649283ee58baee5787fb91be7306a4647ceafda8e29e34c164910af5de0_s390x", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:0512e79564b78645f9f5c9eefb81c2c22f13a1b320dbd4eb5eb25f6c66096b25_s390x", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:6239f8b5efd6839cd1dfc8f032b005cc5cefcb7a94dba9508d749cbbe7306e30_amd64", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:6cb64efe25cd6c41abe9a58176ec103a9801a8e72594396988865995cef01279_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2163037" } ], "notes": [ { "category": "description", "text": "A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document.", "title": "Vulnerability description" }, { "category": "summary", "text": "go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:1162e57874f39e1edbed8db181ec06edef1585a2f643f0121fcdd291059345d8_s390x", "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:98f30bf044386bb6343a266829e40b4fdc9bd83ad4f8139d103f939b5a527b7d_amd64", "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:eb9a7c5dcc7ef24a113743cbae3749830be6cf9116fffd591c8e244f47a5b3c8_ppc64le" ], "known_not_affected": [ "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:243698a0d707846209c9fbdccfc27d856c69c7fedc986244e67e15b3753c376e_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:91462e656b5eb2a043dd47730bdf143eceb9f92f14dff3ea88f6a622e8cdbc1b_amd64", "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:d14e75f35f7379306ed5c2bdde1faedf5f2a9f2ddee9e7e287e9e4a488578997_s390x", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:599d4876fdd9154183ea550dedbd29e2f62bc54ebef39f863c4e6340caa321cc_amd64", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:87ea07546cd74311850546c8a798d49c6d206b6bf40971981d6c9449aeb5399c_s390x", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:c113d9688c45115124e4b54e670ac23309214a8bbc7be45dd247e01144bada1b_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/gitops-operator-bundle@sha256:ec0dba75d110318fe1513346982468591412b61e40e9dd8c9436f586977f0225_amd64", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:b5cb00fc43571269aad5ecf0a778ec139a86ee5dcea0f9ab0f9aa8359a8cd544_s390x", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:bbf970d916e70f6c355a0f46d5aebac7a40bb7a8d0f3c88e54b4c9594a148609_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:e1ad747e6897f848bb678149f793381ba939580b6ea3d3e402862730e0167bbf_amd64", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:1bad76a860f3797db87162a6f5ecb62779211dff9aaefdce00cf18cff1eec04f_amd64", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:7847ed11dda4ee9dda0cc5acf4e1a2d53daee2f7eb1eeceed107d9f5f0eafdeb_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:e8d07649283ee58baee5787fb91be7306a4647ceafda8e29e34c164910af5de0_s390x", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:0512e79564b78645f9f5c9eefb81c2c22f13a1b320dbd4eb5eb25f6c66096b25_s390x", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:6239f8b5efd6839cd1dfc8f032b005cc5cefcb7a94dba9508d749cbbe7306e30_amd64", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:6cb64efe25cd6c41abe9a58176ec103a9801a8e72594396988865995cef01279_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3064" }, { "category": "external", "summary": "RHBZ#2163037", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163037" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3064", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3064" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3064", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3064" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-6q6q-88xp-6f2r", "url": "https://github.com/advisories/GHSA-6q6q-88xp-6f2r" }, { "category": "external", "summary": "https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5", "url": "https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5" }, { "category": "external", "summary": "https://github.com/go-yaml/yaml/releases/tag/v2.2.4", "url": "https://github.com/go-yaml/yaml/releases/tag/v2.2.4" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2022-0956", "url": "https://pkg.go.dev/vuln/GO-2022-0956" } ], "release_date": "2022-08-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-02-17T03:46:17+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:1162e57874f39e1edbed8db181ec06edef1585a2f643f0121fcdd291059345d8_s390x", "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:98f30bf044386bb6343a266829e40b4fdc9bd83ad4f8139d103f939b5a527b7d_amd64", "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:eb9a7c5dcc7ef24a113743cbae3749830be6cf9116fffd591c8e244f47a5b3c8_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0803" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:1162e57874f39e1edbed8db181ec06edef1585a2f643f0121fcdd291059345d8_s390x", "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:98f30bf044386bb6343a266829e40b4fdc9bd83ad4f8139d103f939b5a527b7d_amd64", "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:eb9a7c5dcc7ef24a113743cbae3749830be6cf9116fffd591c8e244f47a5b3c8_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:243698a0d707846209c9fbdccfc27d856c69c7fedc986244e67e15b3753c376e_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:91462e656b5eb2a043dd47730bdf143eceb9f92f14dff3ea88f6a622e8cdbc1b_amd64", "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:d14e75f35f7379306ed5c2bdde1faedf5f2a9f2ddee9e7e287e9e4a488578997_s390x", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:599d4876fdd9154183ea550dedbd29e2f62bc54ebef39f863c4e6340caa321cc_amd64", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:87ea07546cd74311850546c8a798d49c6d206b6bf40971981d6c9449aeb5399c_s390x", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:c113d9688c45115124e4b54e670ac23309214a8bbc7be45dd247e01144bada1b_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/gitops-operator-bundle@sha256:ec0dba75d110318fe1513346982468591412b61e40e9dd8c9436f586977f0225_amd64", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:b5cb00fc43571269aad5ecf0a778ec139a86ee5dcea0f9ab0f9aa8359a8cd544_s390x", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:bbf970d916e70f6c355a0f46d5aebac7a40bb7a8d0f3c88e54b4c9594a148609_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:e1ad747e6897f848bb678149f793381ba939580b6ea3d3e402862730e0167bbf_amd64", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:1bad76a860f3797db87162a6f5ecb62779211dff9aaefdce00cf18cff1eec04f_amd64", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:7847ed11dda4ee9dda0cc5acf4e1a2d53daee2f7eb1eeceed107d9f5f0eafdeb_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:e8d07649283ee58baee5787fb91be7306a4647ceafda8e29e34c164910af5de0_s390x", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:0512e79564b78645f9f5c9eefb81c2c22f13a1b320dbd4eb5eb25f6c66096b25_s390x", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:6239f8b5efd6839cd1dfc8f032b005cc5cefcb7a94dba9508d749cbbe7306e30_amd64", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:6cb64efe25cd6c41abe9a58176ec103a9801a8e72594396988865995cef01279_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents" }, { "cve": "CVE-2023-23947", "discovery_date": "2023-02-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:243698a0d707846209c9fbdccfc27d856c69c7fedc986244e67e15b3753c376e_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:91462e656b5eb2a043dd47730bdf143eceb9f92f14dff3ea88f6a622e8cdbc1b_amd64", "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:d14e75f35f7379306ed5c2bdde1faedf5f2a9f2ddee9e7e287e9e4a488578997_s390x", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:599d4876fdd9154183ea550dedbd29e2f62bc54ebef39f863c4e6340caa321cc_amd64", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:87ea07546cd74311850546c8a798d49c6d206b6bf40971981d6c9449aeb5399c_s390x", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:c113d9688c45115124e4b54e670ac23309214a8bbc7be45dd247e01144bada1b_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/gitops-operator-bundle@sha256:ec0dba75d110318fe1513346982468591412b61e40e9dd8c9436f586977f0225_amd64", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:b5cb00fc43571269aad5ecf0a778ec139a86ee5dcea0f9ab0f9aa8359a8cd544_s390x", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:bbf970d916e70f6c355a0f46d5aebac7a40bb7a8d0f3c88e54b4c9594a148609_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:e1ad747e6897f848bb678149f793381ba939580b6ea3d3e402862730e0167bbf_amd64", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:1bad76a860f3797db87162a6f5ecb62779211dff9aaefdce00cf18cff1eec04f_amd64", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:7847ed11dda4ee9dda0cc5acf4e1a2d53daee2f7eb1eeceed107d9f5f0eafdeb_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:e8d07649283ee58baee5787fb91be7306a4647ceafda8e29e34c164910af5de0_s390x", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:0512e79564b78645f9f5c9eefb81c2c22f13a1b320dbd4eb5eb25f6c66096b25_s390x", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:6239f8b5efd6839cd1dfc8f032b005cc5cefcb7a94dba9508d749cbbe7306e30_amd64", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:6cb64efe25cd6c41abe9a58176ec103a9801a8e72594396988865995cef01279_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2167819" } ], "notes": [ { "category": "description", "text": "A flaw was found in ArgoCD. An improper authorization bug may allow an attacker to update at least one cluster secret, enabling them to change any other cluster secret. The attacker must know the URL for the targeted cluster and additionally it should be authenticated within the ArgoCD API server with enough privileges to update at least one cluster. A successful attack may lead to privilege escalations or denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "ArgoCD: Users with any cluster secret update access may update out-of-bounds cluster secrets", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:1162e57874f39e1edbed8db181ec06edef1585a2f643f0121fcdd291059345d8_s390x", "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:98f30bf044386bb6343a266829e40b4fdc9bd83ad4f8139d103f939b5a527b7d_amd64", "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:eb9a7c5dcc7ef24a113743cbae3749830be6cf9116fffd591c8e244f47a5b3c8_ppc64le" ], "known_not_affected": [ "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:243698a0d707846209c9fbdccfc27d856c69c7fedc986244e67e15b3753c376e_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:91462e656b5eb2a043dd47730bdf143eceb9f92f14dff3ea88f6a622e8cdbc1b_amd64", "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:d14e75f35f7379306ed5c2bdde1faedf5f2a9f2ddee9e7e287e9e4a488578997_s390x", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:599d4876fdd9154183ea550dedbd29e2f62bc54ebef39f863c4e6340caa321cc_amd64", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:87ea07546cd74311850546c8a798d49c6d206b6bf40971981d6c9449aeb5399c_s390x", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:c113d9688c45115124e4b54e670ac23309214a8bbc7be45dd247e01144bada1b_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/gitops-operator-bundle@sha256:ec0dba75d110318fe1513346982468591412b61e40e9dd8c9436f586977f0225_amd64", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:b5cb00fc43571269aad5ecf0a778ec139a86ee5dcea0f9ab0f9aa8359a8cd544_s390x", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:bbf970d916e70f6c355a0f46d5aebac7a40bb7a8d0f3c88e54b4c9594a148609_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:e1ad747e6897f848bb678149f793381ba939580b6ea3d3e402862730e0167bbf_amd64", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:1bad76a860f3797db87162a6f5ecb62779211dff9aaefdce00cf18cff1eec04f_amd64", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:7847ed11dda4ee9dda0cc5acf4e1a2d53daee2f7eb1eeceed107d9f5f0eafdeb_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:e8d07649283ee58baee5787fb91be7306a4647ceafda8e29e34c164910af5de0_s390x", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:0512e79564b78645f9f5c9eefb81c2c22f13a1b320dbd4eb5eb25f6c66096b25_s390x", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:6239f8b5efd6839cd1dfc8f032b005cc5cefcb7a94dba9508d749cbbe7306e30_amd64", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:6cb64efe25cd6c41abe9a58176ec103a9801a8e72594396988865995cef01279_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-23947" }, { "category": "external", "summary": "RHBZ#2167819", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167819" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23947", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23947" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23947", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23947" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-3jfq-742w-xg8j", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-3jfq-742w-xg8j" } ], "release_date": "2023-02-16T20:51:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-02-17T03:46:17+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:1162e57874f39e1edbed8db181ec06edef1585a2f643f0121fcdd291059345d8_s390x", "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:98f30bf044386bb6343a266829e40b4fdc9bd83ad4f8139d103f939b5a527b7d_amd64", "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:eb9a7c5dcc7ef24a113743cbae3749830be6cf9116fffd591c8e244f47a5b3c8_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0803" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:1162e57874f39e1edbed8db181ec06edef1585a2f643f0121fcdd291059345d8_s390x", "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:98f30bf044386bb6343a266829e40b4fdc9bd83ad4f8139d103f939b5a527b7d_amd64", "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:eb9a7c5dcc7ef24a113743cbae3749830be6cf9116fffd591c8e244f47a5b3c8_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:243698a0d707846209c9fbdccfc27d856c69c7fedc986244e67e15b3753c376e_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:91462e656b5eb2a043dd47730bdf143eceb9f92f14dff3ea88f6a622e8cdbc1b_amd64", "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:d14e75f35f7379306ed5c2bdde1faedf5f2a9f2ddee9e7e287e9e4a488578997_s390x", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:599d4876fdd9154183ea550dedbd29e2f62bc54ebef39f863c4e6340caa321cc_amd64", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:87ea07546cd74311850546c8a798d49c6d206b6bf40971981d6c9449aeb5399c_s390x", "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:c113d9688c45115124e4b54e670ac23309214a8bbc7be45dd247e01144bada1b_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/gitops-operator-bundle@sha256:ec0dba75d110318fe1513346982468591412b61e40e9dd8c9436f586977f0225_amd64", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:b5cb00fc43571269aad5ecf0a778ec139a86ee5dcea0f9ab0f9aa8359a8cd544_s390x", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:bbf970d916e70f6c355a0f46d5aebac7a40bb7a8d0f3c88e54b4c9594a148609_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:e1ad747e6897f848bb678149f793381ba939580b6ea3d3e402862730e0167bbf_amd64", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:1bad76a860f3797db87162a6f5ecb62779211dff9aaefdce00cf18cff1eec04f_amd64", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:7847ed11dda4ee9dda0cc5acf4e1a2d53daee2f7eb1eeceed107d9f5f0eafdeb_ppc64le", "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:e8d07649283ee58baee5787fb91be7306a4647ceafda8e29e34c164910af5de0_s390x", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:0512e79564b78645f9f5c9eefb81c2c22f13a1b320dbd4eb5eb25f6c66096b25_s390x", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:6239f8b5efd6839cd1dfc8f032b005cc5cefcb7a94dba9508d749cbbe7306e30_amd64", "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:6cb64efe25cd6c41abe9a58176ec103a9801a8e72594396988865995cef01279_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "ArgoCD: Users with any cluster secret update access may update out-of-bounds cluster secrets" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.