rhsa-2024_2816
Vulnerability from csaf_redhat
Published
2024-05-10 19:16
Modified
2024-09-18 13:42
Summary
Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.12.2 security update
Notes
Topic
An update is now available for Red Hat OpenShift GitOps v1.12.2 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Errata Advisory for Red Hat OpenShift GitOps v1.12.2.
Security Fix(es):
* argo-cd: webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180).
* argo-cd: API server does not enforce project sourceNamespaces (CVE-2024-31990).
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
1. Fix for a critical bug reported by customers where IgnoreDifferences Option in Sync Options was not working for array fields in ArgoCD. This fix will allow the users to ignore specific fields in the array when specified in ignoreDifferences during Sync.
2. Added support for rollouts in gitops-must-gather which will allow customers to gather data and logs about their rollout installation.
3. A fix that enables customer to add clusters hosted on GCP to ArgoCD.
4. A fix to allow users to configure Notification Context in NotificationsConfigurationCR.
5. Another fix to enable scheduling console-plugin workloads on Infra nodes.
6. A fix to resolve customer bug which will now allow the users to create ArgoCD from Developer Console.
7. An important customer fix that ensures that Argo CD correctly reports support for these host key algorithms during the handshake process, allowing the pull from Azure DevOps Repos to succeed.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift GitOps v1.12.2 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Errata Advisory for Red Hat OpenShift GitOps v1.12.2.\n\nSecurity Fix(es):\n\n* argo-cd: webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180).\n\n* argo-cd: API server does not enforce project sourceNamespaces (CVE-2024-31990).\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n1. Fix for a critical bug reported by customers where IgnoreDifferences Option in Sync Options was not working for array fields in ArgoCD. This fix will allow the users to ignore specific fields in the array when specified in ignoreDifferences during Sync.\n\n2. Added support for rollouts in gitops-must-gather which will allow customers to gather data and logs about their rollout installation.\n\n3. A fix that enables customer to add clusters hosted on GCP to ArgoCD.\n\n4. A fix to allow users to configure Notification Context in NotificationsConfigurationCR.\n\n5. Another fix to enable scheduling console-plugin workloads on Infra nodes.\n\n6. A fix to resolve customer bug which will now allow the users to create ArgoCD from Developer Console.\n\n7. An important customer fix that ensures that Argo CD correctly reports support for these host key algorithms during the handshake process, allowing the pull from Azure DevOps Repos to succeed.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2816",
"url": "https://access.redhat.com/errata/RHSA-2024:2816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.openshift.com/gitops/1.12/release_notes/gitops-release-notes.html",
"url": "https://docs.openshift.com/gitops/1.12/release_notes/gitops-release-notes.html"
},
{
"category": "external",
"summary": "https://docs.openshift.com/gitops/1.12/understanding_openshift_gitops/about-redhat-openshift-gitops.html",
"url": "https://docs.openshift.com/gitops/1.12/understanding_openshift_gitops/about-redhat-openshift-gitops.html"
},
{
"category": "external",
"summary": "2270863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
},
{
"category": "external",
"summary": "2275189",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275189"
},
{
"category": "external",
"summary": "GITOPS-3736",
"url": "https://issues.redhat.com/browse/GITOPS-3736"
},
{
"category": "external",
"summary": "GITOPS-3947",
"url": "https://issues.redhat.com/browse/GITOPS-3947"
},
{
"category": "external",
"summary": "GITOPS-4226",
"url": "https://issues.redhat.com/browse/GITOPS-4226"
},
{
"category": "external",
"summary": "GITOPS-4303",
"url": "https://issues.redhat.com/browse/GITOPS-4303"
},
{
"category": "external",
"summary": "GITOPS-4358",
"url": "https://issues.redhat.com/browse/GITOPS-4358"
},
{
"category": "external",
"summary": "GITOPS-4496",
"url": "https://issues.redhat.com/browse/GITOPS-4496"
},
{
"category": "external",
"summary": "GITOPS-4513",
"url": "https://issues.redhat.com/browse/GITOPS-4513"
},
{
"category": "external",
"summary": "GITOPS-4543",
"url": "https://issues.redhat.com/browse/GITOPS-4543"
},
{
"category": "external",
"summary": "GITOPS-4645",
"url": "https://issues.redhat.com/browse/GITOPS-4645"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2816.json"
}
],
"title": "Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.12.2 security update",
"tracking": {
"current_release_date": "2024-09-18T13:42:47+00:00",
"generator": {
"date": "2024-09-18T13:42:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2024:2816",
"initial_release_date": "2024-05-10T19:16:32+00:00",
"revision_history": [
{
"date": "2024-05-10T19:16:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-10T19:16:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-18T13:42:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.12",
"product": {
"name": "Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_gitops:1.12::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift GitOps"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64",
"product": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64",
"product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64",
"product": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64",
"product_id": "openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.12.2-1"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64",
"product": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64",
"product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64",
"product": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64",
"product_id": "openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64",
"product": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64",
"product_id": "openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-operator-bundle\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.12.2-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le",
"product": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le",
"product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le",
"product": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le",
"product_id": "openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.12.2-1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x",
"product": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x",
"product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x",
"product": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x",
"product_id": "openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.12.2-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.12.2-1"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x"
},
"product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le"
},
"product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64"
},
"product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64"
},
"product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64"
},
"product_reference": "openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64"
},
"product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x"
},
"product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64 as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64"
},
"product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64",
"relates_to_product_reference": "8Base-GitOps-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le as a component of Red Hat OpenShift GitOps 1.12",
"product_id": "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le"
},
"product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-29180",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2024-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270863"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer\u0027s machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webpack-dev-middleware: lack of URL validation may lead to file leak",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29180"
},
{
"category": "external",
"summary": "RHBZ#2270863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180"
},
{
"category": "external",
"summary": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6",
"url": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6"
}
],
"release_date": "2024-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2816"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webpack-dev-middleware: lack of URL validation may lead to file leak"
},
{
"acknowledgments": [
{
"names": [
"Michael Crenshaw"
]
}
],
"cve": "CVE-2024-31990",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2024-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2275189"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Argo CD. The API server does not enforce project sourceNamespaces, which can allow an attacker to use the UI to edit resources which should only be mutable via gitops.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "argo-cd: API server does not enforce project sourceNamespaces",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-31990"
},
{
"category": "external",
"summary": "RHBZ#2275189",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275189"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-31990",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-31990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31990"
}
],
"release_date": "2024-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2816"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:23399344b865d1db11bcf2b74d021dbfac707ccf2722e5fc0da3511eaa48130d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:251d05db9b6a9a626d0086dcf85e3bb8225e64a1cb0148c978b1ee3527d12375_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:33f1f01b97f90da1fb3138b3b1db86dc05126d735680767f84059507fac2096c_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8c2c40cd200cce09738a49ff145832e690e7554ca45654f35f60f495142cca34_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3d5674747ac23b12acf91e27840fd12b17238496ae35e6da1d542384a0ea36cf_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:8dbd73933f9cced7e580927d02e4e6e33216a8c1d667bd782ebf615fca0d97f6_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:a9d112fe811e101f4fce4a813690aa11198fcef50494bb89f44b61b828e0e0ec_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:f8243ed3de6cfb18c3ef0c8fdee38e0299555aa1a7281d1819cf0170798df68f_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:430fb91e9a2cd14b137906055e9e8ecc01565d6f8ee8ed92674df8b5333701fd_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:5698dd6e2c6c5ac2b49ac57892a19e3824896400590aa83b9431f22564b79210_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b864774b472a9d3bfa3dd89ad2adea8e63b1732ae6f2e14a5436e06e5aaf56eb_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:dd392ae925a7d653c8d094e533f73c56193458dc017eacd60f6225638ca5dcb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:322b5eac54a36a69c0d1749f9c6a0d03cf3faee1a2b1a09cba8c574d65f77195_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:5350ce75a769f8c4918a5e218f93e62402ac4d879e3e4a1c4324f3cd7029ea5d_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:539128ab62b677a27fae6c0b6bb47bac971bbb8b7c04160611a48dbfbc29b323_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:825605739b945e56322e9d74dcb130a6615a55d43eaa4c88ad6241e4e24d3f4c_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:979af763119468cc4a8923b7c990273dbff274f53f64ff3d27b1505326442425_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:0167f73c8281d35a4802d83a3b91ffb6f15de0996a2a1964adc9d830a7b53360_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:4d8b5466648852aa7a5644186b7881ce6c22ca71592a34f1cdc6d29a5b5d0f5d_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:713dd3b04041f3d48e9d5826c665f421bd650fb828aa65efff31e01bcdd30f5e_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:c6db9a93c024b68604bb2fdab055b9f9544302e7660cd4ea71a31c12d678d25d_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:447160e9a36521f977e9ef519aed5bb410ee7f1dc17f35243e8c319480d882d6_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:75d1db21f1281631e932c06ca99c026d271cf2fe6bee00313fdc3c2196fa5485_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:8ac7b3fd6edc96e2c6fe6f6c232102d433afe691b1afb3ea5e682f4a8bcb7c62_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:f33ff06f272f8a55f39d60aef698eb4dc75512f319a70a73eccfc8f905da64e2_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:03ef00d6c7b2e4f20ccdbb0ace77c48c6dc94eb3c9334958e950a70d17435654_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:38c90f88f4d6e4e4bd7325687e04a98e47d75db2164e0adfb77cd7947bb706aa_ppc64le",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:5f0bd1f47bb37e6911d72b1a2fa10fcbae7d07caecc6546def8e754ea04c729f_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:e0a81b48335d4f6f9ced10ae2d7b9d054ca6b8ea9854b9965789ac731ebd8eb2_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:3479df92b2563ba57ab864834d5a93566a893f5bbb74dfd8943cbae4413ada02_amd64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:34a3d6ac0c9369b3905ecb98e13c5d85c511a10a545b79246089054e1a6dc17a_s390x",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:bdea754c9fae794f050ea1006e090c0526a6bd969a0380bc1ad0db1bf0fdd871_arm64",
"8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:de61c3a123104d8ce06b29c241970e92f316ecd3d678222c88299fae885d389a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "argo-cd: API server does not enforce project sourceNamespaces"
}
]
}
Loading...