Issued:: 2024-02-05
Updated:: 2024-03-22

RHSA-2024:0692 - Security Advisory

Overview
Updated Images

Synopsis

Critical: Errata Advisory for Red Hat OpenShift GitOps 1.10.2 security update

Type/Severity

Security Advisory: Critical

Topic

An update is now available for Red Hat OpenShift GitOps v1.10.2.

Red Hat Product Security has rated this update as having a security impact of
Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Description

RErrata Advisory for Red Hat OpenShift GitOps v1.10.2.

Security Fix(es):

argo-cd: vulnerable to a cross-server request forgery (CSRF)

attack (CVE-2024-22424)

go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients (CVE-2023-49569)
go-git: Maliciously crafted Git server replies can cause DoS on go-git clients (CVE-2023-49568)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenShift GitOps 1.10 x86_64
Red Hat OpenShift GitOps for IBM Power, little endian 1.10 ppc64le
Red Hat OpenShift GitOps for IBM Z and LinuxONE 1.10 s390x
Red Hat OpenShift GitOps for ARM 64 1.10 aarch64

Fixes

BZ - 2258143 - CVE-2023-49569 go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients
BZ - 2258165 - CVE-2023-49568 go-git: Maliciously crafted Git server replies can cause DoS on go-git clients
BZ - 2259105 - CVE-2024-22424 argo-cd: vulnerable to a cross-server request forgery (CSRF) attack

References

aarch64

openshift-gitops-1/argo-rollouts-rhel8@sha256:176051467cd043fb8be19f955774b7d86db1e8e04c2b696fdba1f2bf38607ba2

openshift-gitops-1/argocd-rhel8@sha256:6a5b94652937a1e328f2a696ec16a9f6cd46e3f9d80c0e37d2b8a65a3f6b7c94

openshift-gitops-1/console-plugin-rhel8@sha256:1cee897edd81a6074b9f419830bf827d26d57c2e92985ab173523fafd29d43d9

openshift-gitops-1/dex-rhel8@sha256:07a4fa68489c0c0a9146a86d459467b572701e90615ac464aef0bd004c023e35

openshift-gitops-1/gitops-rhel8@sha256:1cd5828e815804cd263b03943845d86b50af6e83e50862a2f9afa5d68502df45

openshift-gitops-1/gitops-rhel8-operator@sha256:4b9fabb5a3b6dca56f224e949ed896ebda71e0a95f84eefa0513131e4fc7be13

openshift-gitops-1/kam-delivery-rhel8@sha256:9426722272fa084e9a65218e11b70ed80c7ce3a614a65f1b0d67b6820edc09de

openshift-gitops-1/must-gather-rhel8@sha256:595524a658d71e31dca3a58d0b88769e34a8283980744984ec4105460515bd81

ppc64le

openshift-gitops-1/argo-rollouts-rhel8@sha256:e01da16ac5214203a64214949fc6cfc594dd2ba7735e4b87164307d49826b06d

openshift-gitops-1/argocd-rhel8@sha256:1e6c0ade5679cef406fa40d60dbe33d43cee40c63cc26340cf134fd6f27bbf2f

openshift-gitops-1/console-plugin-rhel8@sha256:6bc125652fcbe50f1a4e6b575e964ce32c79cdab0f2ac2f67e9823c99b5bb8cc

openshift-gitops-1/dex-rhel8@sha256:897dd9a0a82aa69f2f199133d2e2c02c3b3572ff77de69da5ea09041f6d986fe

openshift-gitops-1/gitops-rhel8@sha256:84b7f4574e1b0dd6df243c0d0f2cb0fbee7c86b85ba377e800f8381ed283391e

openshift-gitops-1/gitops-rhel8-operator@sha256:7a459bb0e75f6fa50dad469f3cc4f0dae4f47c49aa30c7c5db7cd5d866dd3bbd

openshift-gitops-1/kam-delivery-rhel8@sha256:32c8bf92454a20f6e0f7458f781acaa807f4943ad74b6c5d005db441166290b0

openshift-gitops-1/must-gather-rhel8@sha256:34659d09f4fa02893009641926ae256d21a6bf5632263719c488803bfaa261c4

s390x

openshift-gitops-1/argo-rollouts-rhel8@sha256:0d7f359ac63b8a4409990cfe083ca23a108fd3f6ea8d1bd36c6566181d9dcd8a

openshift-gitops-1/argocd-rhel8@sha256:5533770b712f4be8cbeb9e9333d6ca965f3399b2f95000ec25b79e15cb3d2488

openshift-gitops-1/console-plugin-rhel8@sha256:d409129e5af678a5a8073b8a973556944c05701a6f8a1c128fb7613b6998b15c

openshift-gitops-1/dex-rhel8@sha256:84974ed36e68173fc02e18159240b019cc0fbf9409e99e32ca9138750f0a03b3

openshift-gitops-1/gitops-rhel8@sha256:62982ae8c97406319475b6ecac08405103647fa260d1d8ffb615c10ed96e9823

openshift-gitops-1/gitops-rhel8-operator@sha256:24957afa1e02946318a742bd0d8a952480eef95191a7042acf3bd2d5acaba1a4

openshift-gitops-1/kam-delivery-rhel8@sha256:194c7209f7423288d0a7d219165f367561356bc0f1a9dd08452e4e8b23d4d046

openshift-gitops-1/must-gather-rhel8@sha256:1f7304d7790306cabf52a938573f4d356e529f3317495ac724a75e4012ed387b

x86_64

openshift-gitops-1/argo-rollouts-rhel8@sha256:0f7bfd12844a8a085389f1e83710771bbb773c45b4831db097baf3f9ee6fbfea

openshift-gitops-1/argocd-rhel8@sha256:553cce4966543b941e25502d6bd6f206e16ff6719c6293c928427551032ea39f

openshift-gitops-1/console-plugin-rhel8@sha256:b7fa6ddd7db480c140c0915e2eace3bbe2908e6976c9c326ca3895c5e28a26ef

openshift-gitops-1/dex-rhel8@sha256:ef48a70c736ca8e34f47ed22faea4661dbbee4599ea2ee3eecfb5a8b36c7cf28

openshift-gitops-1/gitops-operator-bundle@sha256:068284fc4f37d48851394b4f966065cec1abb8b8f291f147a02d932f151bd5bd

openshift-gitops-1/gitops-rhel8@sha256:736e44bfa058eb2daa436d657def53198269b1017e0a4f188ce3361ded6289ea

openshift-gitops-1/gitops-rhel8-operator@sha256:3effdb2fffcce607ceca00b06198b01377f5a3d504a23f0e4d797a41589ee5d5

openshift-gitops-1/kam-delivery-rhel8@sha256:1cf22055695a55462fd1701f61fdea77162c6c601248b82ee4e688dfb76b1949

openshift-gitops-1/must-gather-rhel8@sha256:ee1aec3cfa415a2135797d4beb1795948c98ecdc0e568b9c6f8c3d8bc31eb1ae

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation