Issued:: 2023-03-23
Updated:: 2023-03-23

RHSA-2023:1453 - Security Advisory

Overview
Updated Images

Synopsis

Moderate: Red Hat OpenShift GitOps security update

Type/Severity

Security Advisory: Moderate

Topic

An update is now available for Red Hat OpenShift GitOps 1.6.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Security Fix(es):

ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API (CVE-2022-41354)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenShift GitOps 1.6 x86_64
Red Hat OpenShift GitOps for IBM Power, little endian 1.6 ppc64le
Red Hat OpenShift GitOps for IBM Z and LinuxONE 1.6 s390x

Fixes

BZ - 2167820 - CVE-2022-41354 ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API

CVEs

References

https://access.redhat.com/security/updates/classification/#moderate

ppc64le

openshift-gitops-1/argocd-rhel8@sha256:79c519c218fd5f3ec14b2f9b263553626ca3bc05141463a5deb9814644291044

openshift-gitops-1/dex-rhel8@sha256:ad064ab1165f73f00ca1984a4736738a7fbfe9771ceda37043118333a6801e50

openshift-gitops-1/gitops-rhel8@sha256:77a0917c97f5aa5430693c00653fe066f90de786911e6b2744ed8fc2dec69e81

openshift-gitops-1/gitops-rhel8-operator@sha256:a807e500c68bc01c05cc7614adf973eb383384b5ba907be9e158fdaf76737fbe

openshift-gitops-1/kam-delivery-rhel8@sha256:9e2d4d35ed9e9155311c4c0823ca6f471968d3c668f41d4ae6a88772fee949fa

s390x

openshift-gitops-1/argocd-rhel8@sha256:363e64753141b70b05cbe1a212aa4626cd7001e136d2a7a30ce995acefb79918

openshift-gitops-1/dex-rhel8@sha256:74c182734ae54034b314c9b2adc0c3ef74688e3a5ec3c05b8cc0f07ef88460a4

openshift-gitops-1/gitops-rhel8@sha256:cfd94ed64a41fd2aa9c73d5f125eda68da3c6a920270eb3e2a603fae15caad11

openshift-gitops-1/gitops-rhel8-operator@sha256:04a3258fe00fe8ea9e0b48e5911a7c148f6c6dbc0cbb2d5b6d5071d0f27064b2

openshift-gitops-1/kam-delivery-rhel8@sha256:99c4f2d3c76af623dcc2f362ce5342d6e3ca5f68985990347192e7757557b7b4

x86_64

openshift-gitops-1/argocd-rhel8@sha256:1bd43dbaa0b53789699d46e22280ffb314a589caa924b713c55d3ff0f3579cf3

openshift-gitops-1/dex-rhel8@sha256:e4a938f215d754b1de7c974b1b43e5959def4b3224907ab5fd30ca44d0c4f0bc

openshift-gitops-1/gitops-operator-bundle@sha256:b22190de3162d3e03481cae8904ce563912756eea7ac7e7feec0acbbdae5e6f6

openshift-gitops-1/gitops-rhel8@sha256:3b5b34b740ddb442af9eee77e47c009710c953cdd1c7998d946c115c71250b86

openshift-gitops-1/gitops-rhel8-operator@sha256:8c7dcf0bc33c767474b7a637a6dd744b0b677011ac9cdc3471c889611e265046

openshift-gitops-1/kam-delivery-rhel8@sha256:46fcd72037b36b4201d9b69c553efa843eeb84ccc276d42ace16c9b3ba16000e

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation