Red Hat Product Errata RHSA-2024:1441 - Security Advisory
Issued:
2024-03-20
Updated:
2024-03-20

RHSA-2024:1441 - Security Advisory

Synopsis

Important: Errata Advisory for Red Hat OpenShift GitOps v1.12.0 security update

Type/Severity

Security Advisory: Important

Topic

An update is now available for Red Hat OpenShift GitOps v1.12.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Errata Advisory for Red Hat OpenShift GitOps v1.12.0.

Security Fix(es):

  • argo-cd: XSS vulnerabilityin application summary component (CVE-2024-28175)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenShift GitOps 1.12 for RHEL 9 x86_64
  • Red Hat OpenShift GitOps 1.12 for RHEL 8 x86_64
  • Red Hat OpenShift GitOps for IBM Power, little endian 1.12 ppc64le
  • Red Hat OpenShift GitOps for IBM Z and LinuxONE 1.12 s390x
  • Red Hat OpenShift GitOps for ARM 64 1.12 for RHEL 9 aarch64
  • Red Hat OpenShift GitOps for ARM 64 1.12 for RHEL 8 aarch64

Fixes

  • BZ - 2268518 - CVE-2024-28175 argo-cd: XSS vulnerability in application summary component
  • GITOPS-2304 - Notifications should be configurable via CR
  • GITOPS-2677 - [Dynamic Plugin] Environments card lingers after deletion
  • GITOPS-2746 - [Bug] Dynamic plugin does not handle cleanup well
  • GITOPS-2867 - ArgoCD notifications not using correct repo-server service
  • GITOPS-3581 - Updating password of default ArgoCD admin user does not have intended effect.
  • GITOPS-3617 - Create Job from Cronjob feature failing with error cannot create resource "jobs"
  • GITOPS-3618 - Notification GA
  • GITOPS-3754 - Support applicationsets in any namespace
  • GITOPS-3762 - Expand argocd-server permissions to manage applicationsets
  • GITOPS-3935 - Add support for using wildcard chars in sourceNamespaces for ArgoCD Operator
  • GITOPS-4016 - Add support for changing log level of manager
  • GITOPS-4180 - [Bug-RC v1.12.0-3] Helm version not updated
  • GITOPS-4182 - [Bug-RC v1.12.0-3] Missing `.metadata.name` field while creating argocd instance
  • GITOPS-4183 - [Bug RC-v1.12.0-3] `Create Job` from ArgoCD UI fails
  • GITOPS-4186 - [Bug-RC-v1.12.0-7] Helm version mismatch
  • GITOPS-4130 - Implement new custom resource for Notifications configuration

aarch64

openshift-gitops-1/argo-rollouts-rhel8@sha256:589c46f1f84ca37ffc5056664cbb2b8e3088c909ba692e6eb417c5e48b0b6ea2
openshift-gitops-1/argocd-rhel8@sha256:696c295db4d9361bd51a3717dc9be30dcff8fe987a69681887f507fce363f0c0
openshift-gitops-1/argocd-rhel9@sha256:10cab4a6326e29f823c80a517579d6bcebc9748b6d6d3263d652cd99a5e0dae2
openshift-gitops-1/console-plugin-rhel8@sha256:0856ba2cd85a65096a347430c3f5485b3d187676ed504fa51c4d810da541cf27
openshift-gitops-1/dex-rhel8@sha256:905129bd083d122e33286838a86a698d885c2836fbb406e2f536ea9ea143cbe2
openshift-gitops-1/gitops-rhel8@sha256:6c1ffb8fc7f7390761211b251804e581028683190f93fb40d0b7c35ec3750836
openshift-gitops-1/gitops-rhel8-operator@sha256:e2ea24a3e0795955166f479ef8545268056997a62f556b56c2a3211732c6791a
openshift-gitops-1/kam-delivery-rhel8@sha256:d638a775bc9c6e762a18ce0560433124156dd04173a7efd13cd853de6e963c27
openshift-gitops-1/must-gather-rhel8@sha256:5da50a56663ac92c55cd0d544db04489ce2ba75c094152d56ce3c07c3f05ad2f

ppc64le

openshift-gitops-1/argo-rollouts-rhel8@sha256:23dea23bb02398d4f0603d4dd1453e6538e215f219581be3df32195db77d52c5
openshift-gitops-1/argocd-rhel8@sha256:8cb78b85acbdc3a2cae1f69111459cbef89b267dcd7a6eb258294fe511b0bb1c
openshift-gitops-1/console-plugin-rhel8@sha256:35b9a9e3733386db48c6e4f712e67391cb773242c778b91f9039750d70639bf6
openshift-gitops-1/dex-rhel8@sha256:a898eae11184e7e1988c79eece786794799066c1bd9c2c527331d8ea741ba24a
openshift-gitops-1/gitops-rhel8@sha256:a8cac5416ebc0528347507b4083cdbdb76c8ecb5f2c1a0d7580847ae33903036
openshift-gitops-1/gitops-rhel8-operator@sha256:adeb0ff5dafd71aff367577ef12333e38d6a78f749cc264b469119cfaea8746b
openshift-gitops-1/kam-delivery-rhel8@sha256:0a7cd1e4d604c307caff702c2cf711c38408420931b08bc9af229ac4a98df445
openshift-gitops-1/must-gather-rhel8@sha256:c104543c300865dcb1c9407cb56f6af1f29b1bb21f77debdc520a6a72d9dff71

s390x

openshift-gitops-1/argo-rollouts-rhel8@sha256:b48b411238c378711308662f564c4fc3c4cd01f34cfd84db3d6acfad542d75a7
openshift-gitops-1/argocd-rhel8@sha256:81368be3ab45e859dfa16d4c4edda6b26bca73cb139dfd5c881fbdb47f63561d
openshift-gitops-1/console-plugin-rhel8@sha256:8ad7ff412448cc284d359276aa2dbd65bf9e74d2cf8acb4288377698896dad3a
openshift-gitops-1/dex-rhel8@sha256:43b90f34345634fe435a6388eaa1fd21d7cc3e461a3a800bdbe981a2b8bc8188
openshift-gitops-1/gitops-rhel8@sha256:904000843e5ed6f5cc312b78c8205c34174e04739f0795d2a41c275b0ba5afa5
openshift-gitops-1/gitops-rhel8-operator@sha256:13eb0110861b96f5379eff1ca55a3901d29441a0b5fcd8147b32541a045fd1ab
openshift-gitops-1/kam-delivery-rhel8@sha256:00adf47877aa2d626503fe010d3f4a8de57b791b99880286e6f6181106c615ec
openshift-gitops-1/must-gather-rhel8@sha256:c3271f5067b347b69e15e451a47ce3fa906f823e8df649b5838a5fc2c92c8794

x86_64

openshift-gitops-1/argo-rollouts-rhel8@sha256:86498b25f993730dbbc998a3e656efc1ad190bbdbf6b82ca32baa42187f16a4d
openshift-gitops-1/argocd-rhel8@sha256:6ba83aab265e6939d438046144084636b3864e015991e3b94f152369154b48f4
openshift-gitops-1/argocd-rhel9@sha256:1a3a345e4b179beeb486fcbb88bace058a98ad25353e0c62c42174e8a5e21148
openshift-gitops-1/console-plugin-rhel8@sha256:ff944e86886a24c422d1631a7fc5863f1cab471c5f9620f71b10c80d58153e1a
openshift-gitops-1/dex-rhel8@sha256:89d842bd5c2e43682e9af0adbbaa7de5ba0677df8404cdf03f5246f00cd170a8
openshift-gitops-1/gitops-operator-bundle@sha256:3fa644bec41139a112afab1213c66ca234b57ab2314066d1c758a36f091d9497
openshift-gitops-1/gitops-rhel8@sha256:14ea7dd3f4ac63a554da457318968b62e8cce78442215591ec9501797a365424
openshift-gitops-1/gitops-rhel8-operator@sha256:b47116db28d6584ea80f61e4de15b720be0f27cb6e24089da7234973dd16ba39
openshift-gitops-1/kam-delivery-rhel8@sha256:a3ab6b4c0b1d05a5e22582b38b06816743534dae4e0a81c87f89e88559c8caaa
openshift-gitops-1/must-gather-rhel8@sha256:8eda7612a62cc144d83ed150974a0bc88f3409ea02ecd9f4c25a0159a6d9e150

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.