Red Hat Product Errata RHSA-2024:4891 - Security Advisory
Issued:
2024-07-26
Updated:
2024-07-26

RHSA-2024:4891 - Security Advisory

Synopsis

Important: Errata Advisory for Red Hat OpenShift GitOps v1.13.1 security update

Type/Severity

Security Advisory: Important

Topic

An update is now available for Red Hat OpenShift GitOps v1.13.1. Red Hat
Product Security has rated this update as having a security impact of Important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Errata Advisory for Red Hat OpenShift GitOps v1.13.1.

Security Fix(es):

  • openshift-gitops-argocd-container: Unauthenticated Denial of Service Vulnerability via /api/webhook Endpoint in Argo CD [gitops-1.13](CVE-2024-40634)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • In argoCD Version 2.11.3 webhook api endpoint is not working for Bitbucket and Azure DevOps

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenShift GitOps 1.13 for RHEL 9 x86_64
  • Red Hat OpenShift GitOps 1.13 for RHEL 8 x86_64
  • Red Hat OpenShift GitOps for IBM Power, little endian 1.13 for RHEL 9 ppc64le
  • Red Hat OpenShift GitOps for IBM Power, little endian 1.13 for RHEL 8 ppc64le
  • Red Hat OpenShift GitOps for IBM Z and LinuxONE 1.13 for RHEL 9 s390x
  • Red Hat OpenShift GitOps for IBM Z and LinuxONE 1.13 for RHEL 8 s390x
  • Red Hat OpenShift GitOps for ARM 64 1.13 for RHEL 9 aarch64
  • Red Hat OpenShift GitOps for ARM 64 1.13 for RHEL 8 aarch64

Fixes

  • GITOPS-5045 - in argoCD Version 2.11.3 webhook api endpoint is not working for Bitbucket and Azure DevOps

aarch64

openshift-gitops-1/argo-rollouts-rhel8@sha256:204979b5d35350c0f055d9203a6ba2260b3240a5ecee5f9bb43f5468076a69f3
openshift-gitops-1/argocd-rhel8@sha256:8814381fb164cc04ff0764a45c4ab36bbf95c64950c6667e78ba3b7dbef85a57
openshift-gitops-1/argocd-rhel9@sha256:47bf94148d5c374326ebf24e0a5e5a2eefd57f8cd55611e1b9bca787d5690992
openshift-gitops-1/console-plugin-rhel8@sha256:01159dc5aad803a0812003320a9cca4b23a34e8b1d037dbe5437b064a41a5a33
openshift-gitops-1/dex-rhel8@sha256:63625a8587f9836d55817fbefce372cf294ce5ed3c7d0c4ca1738762aef0b892
openshift-gitops-1/gitops-rhel8@sha256:bda876b4b557ab3e1a0a9d422d784eeb8bd830cb988932eb9b0f6388631ad738
openshift-gitops-1/gitops-rhel8-operator@sha256:26796accb8e20fc14ea607742a828818cfad7d32a390f71c6cd9ea8e20079f85
openshift-gitops-1/kam-delivery-rhel8@sha256:731ef52b2be3f011a77d153740e3eac09f84e5098f7fbf78584c399d498a9f8d
openshift-gitops-1/must-gather-rhel8@sha256:bfb27b8b743b72b93a8e92db93a11a589ee17cdef2d94bdfeeda4c79a20862c4

ppc64le

openshift-gitops-1/argo-rollouts-rhel8@sha256:1597d12f5d487572ecd9afe88e512e1f620599a6a47312cdb0e5ea6fcc4c9b36
openshift-gitops-1/argocd-rhel8@sha256:343c542d45bf52fda4742183d60422d36c15615105f990a180fee0b15dcd82d0
openshift-gitops-1/console-plugin-rhel8@sha256:5e2c4a47afa8f147b140abac309cdb1f6c92186170a0180f76acff3526557fde
openshift-gitops-1/dex-rhel8@sha256:94a08e73f086c275689d3b0da814f7cda6f011a991db0aa1312d3f025d866924
openshift-gitops-1/gitops-rhel8@sha256:ba0877e9ea66210a3a47d33369919e425b3e39879832d0425971af56b04da716
openshift-gitops-1/gitops-rhel8-operator@sha256:f010f82179b4081c06c367227211252b1cdcf664b90da44a0cba15e0000f110a
openshift-gitops-1/kam-delivery-rhel8@sha256:ca6139f39423508388f5f8493430113e343e41b4215560b48d7ccb088ab05f1a
openshift-gitops-1/must-gather-rhel8@sha256:5444ffeeeac5446b3212b06d99256e736048e876125fc65753ce6de9017c25fd

s390x

openshift-gitops-1/argo-rollouts-rhel8@sha256:7a90a484902bfc7148217914cd65f0a1d7e79218a238abc479a6d9ccef96f4cf
openshift-gitops-1/argocd-rhel8@sha256:8738e84b087318aa8b9a3d2fa851e018897af0b646de58cde3be0861c3a2b3fd
openshift-gitops-1/console-plugin-rhel8@sha256:f241386d6775eda56cc4965fc798b3c955c8ad37fbab5c0b9d2a047322df3c8c
openshift-gitops-1/dex-rhel8@sha256:7b5b7193324c2bf732cb5680b08344d80c6fc36f0994c7f672e8a494e02c5af6
openshift-gitops-1/gitops-rhel8@sha256:4b1708affdaeb5e9916da886b1fe9819e2ff05950e462ce34222a426e66a581e
openshift-gitops-1/gitops-rhel8-operator@sha256:25424a9311ba9557e8d07bb199a3bf4a341c5d86be36417728687b417c52cfbf
openshift-gitops-1/kam-delivery-rhel8@sha256:fe61e21f90bdfa11451947a3f4ab59adc0e9056414ffdfdfedf7ad79a94c617a
openshift-gitops-1/must-gather-rhel8@sha256:ed9f5f7d1db149ff01c4d545728008ee9c0eee77b1f5feede99b68ba8b56c0fa

x86_64

openshift-gitops-1/argo-rollouts-rhel8@sha256:19f678df553293e30b56f28ed32e90f72648649a5d5b89c4be59dcf912c6e9fa
openshift-gitops-1/argocd-rhel8@sha256:65bcc82d88275ce84eb21c2a88a6f4d32bbb8c5e28d34e7de4ee19cc3dddedac
openshift-gitops-1/argocd-rhel9@sha256:3cfd0ec979b85445f44648d03118591e3c87f6502a33e27812955151151a9654
openshift-gitops-1/console-plugin-rhel8@sha256:a8399eae8d0e6810a1a340bb80df08ae49ff1c0eff4eea39c8c929ef5a5d6e37
openshift-gitops-1/dex-rhel8@sha256:983356f0dbd9205281f335f3eb3fe2b6d9a82559d0329f622e3d309974fd7ef2
openshift-gitops-1/gitops-operator-bundle@sha256:b19fb714784fa74033214d26a368ec13b26452772c0c0384c569c266392234bd
openshift-gitops-1/gitops-rhel8@sha256:e36a69825f19867f5f455816f9aca377ae0572f32729ab035b66adce8bcef70c
openshift-gitops-1/gitops-rhel8-operator@sha256:738ad84244e4845d985d3f211f3bdc887b89ca562d54909042813c2291345ce2
openshift-gitops-1/kam-delivery-rhel8@sha256:0c8ce44b0860558edb8e8cc27e9c54b92b34b6b3517f4f357455085eb3d9d30d
openshift-gitops-1/must-gather-rhel8@sha256:a20821b1e70daa6d6c89d477584ef65ec421eb0e76a9fca6d00e74d2bed620ef

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.