Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2024:4163 - Security Advisory
Issued:
2024-06-27
Updated:
2024-06-27

RHSA-2024:4163 - Security Advisory

  • Overview
  • Updated Images

Synopsis

Moderate: Errata Advisory for Red Hat OpenShift GitOps v1.12.4 security update

Type/Severity

Security Advisory: Moderate

Topic

An update is now available for Red Hat OpenShift GitOps v1.12.4. Red Hat
Product Security has rated this update as having a security impact of Moderate.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Errata Advisory for Red Hat OpenShift GitOps v1.12.4.

Security Fix(es):

  • openshift-gitops-argocd-container: golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON [gitops-1.12](CVE-2024-24786)
  • openshift-gitops-argocd-container: helm: Dependency management path traversal [gitops-1.12] (CVE-2024-25620)
  • openshift-gitops-argocd-container: helm: Missing YAML Content Leads To Panic [gitops-1.12] (CVE-2024-26147)
  • OpenShift GitOps 1.12.1 is using 2 year old openshift4/ose-haproxy-router

image

  • Multiple CVEs in openshift-gitops-redis container

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

Bug Fix(es):

  • TLS termination policy for ArgoCD server route changed to reencrypt in version 1.12.3 blocking ArgoCD login

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenShift GitOps 1.12 for RHEL 9 x86_64
  • Red Hat OpenShift GitOps 1.12 for RHEL 8 x86_64
  • Red Hat OpenShift GitOps for IBM Power, little endian 1.12 ppc64le
  • Red Hat OpenShift GitOps for IBM Z and LinuxONE 1.12 s390x
  • Red Hat OpenShift GitOps for ARM 64 1.12 for RHEL 9 aarch64
  • Red Hat OpenShift GitOps for ARM 64 1.12 for RHEL 8 aarch64

Fixes

  • BZ - 2264336 - CVE-2024-25620 helm: Dependency management path traversal
  • BZ - 2265440 - CVE-2024-26147 helm: Missing YAML Content Leads To Panic
  • BZ - 2268046 - CVE-2024-24786 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON
  • GITOPS-4758 - TLS termination policy for ArgoCD server route changed to reencrypt in version 1.12.3 blocking ArgoCD login

CVEs

  • CVE-2021-25220
  • CVE-2022-2795
  • CVE-2022-3094
  • CVE-2023-4408
  • CVE-2023-6597
  • CVE-2023-45288
  • CVE-2023-45289
  • CVE-2023-45290
  • CVE-2023-50387
  • CVE-2023-50868
  • CVE-2023-52425
  • CVE-2024-0450
  • CVE-2024-2961
  • CVE-2024-24783
  • CVE-2024-24786
  • CVE-2024-25062
  • CVE-2024-25620
  • CVE-2024-26147
  • CVE-2024-28834
  • CVE-2024-33599
  • CVE-2024-33600
  • CVE-2024-33601
  • CVE-2024-33602

References

  • https://access.redhat.com/security/updates/classification/#moderate

aarch64

openshift-gitops-1/argo-rollouts-rhel8@sha256:e6f8fe1d2e92dd4af70e2065cf12f523c09ed6f507dcbb5b1cde74281a5a7c29
openshift-gitops-1/argocd-rhel8@sha256:3f7a36417f2244c65c594c1ba27dfe27c481ddc9cd77b6725bea34ffffa7c094
openshift-gitops-1/argocd-rhel9@sha256:e98f1849f7a3bb3642ef4974b3005780abe91a6542e96eb81745aa25fdebe8df
openshift-gitops-1/console-plugin-rhel8@sha256:13ba08737b47085c9fdb2430f1ec7d21d8954ac54d71f2cb4964886f683247ab
openshift-gitops-1/dex-rhel8@sha256:f8bc86210129a6175f03d583a8afa9fb119fce94151dfadbaa1e36c0b02c3272
openshift-gitops-1/gitops-rhel8@sha256:ef8468c42e18c898f413670aa5ec63253d68ad0acbaf4ff4a05007c452e63dff
openshift-gitops-1/gitops-rhel8-operator@sha256:10b81029e3248a29f6d5197abb06d11224ce2473f5e37b1cbb3d7c0ecaa740da
openshift-gitops-1/kam-delivery-rhel8@sha256:e18ffcb6830998c4d0951990367169a5cf0dab2ac71058583621751d67e37ea2
openshift-gitops-1/must-gather-rhel8@sha256:d35eee966920abe462d75dff86cac80bff006953bdbc06cf55921df6584536c9

ppc64le

openshift-gitops-1/argo-rollouts-rhel8@sha256:9a9553e940da983030f1d06b1a73afbbe69dd2afbaf35aca85d022786810891e
openshift-gitops-1/argocd-rhel8@sha256:d88f18509bc4eba0e0b6e8c914f3c653a62d478ccddb836857da3dc250751537
openshift-gitops-1/console-plugin-rhel8@sha256:d77164505154f55d8e67a2d90e7657b0ca6135bcb15458336bc50096f78eec5e
openshift-gitops-1/dex-rhel8@sha256:b300a9c26f0c00a7f90bb74877ab9b27fe8ff018a3cd2ad718be179cd96e651a
openshift-gitops-1/gitops-rhel8@sha256:ae59a9812bf7e68d80702d76065b1a88a49477adcbc415cd51836bdefbd623ad
openshift-gitops-1/gitops-rhel8-operator@sha256:2ebc3132162b1bb7cd2deedcda77552b2611e3cfb13d236d015bdd1aa5caadac
openshift-gitops-1/kam-delivery-rhel8@sha256:2d7e96f437a5c7ecdcdd1f6bdd1a9a9d512224aa1013d6f66e49146d0e5b39a0
openshift-gitops-1/must-gather-rhel8@sha256:e6a74044aa3f8d25ca5523faa6f803b5c38fda75b61f28116fac739484dee8f1

s390x

openshift-gitops-1/argo-rollouts-rhel8@sha256:03a9a34183ed581ef6c37bfd2628fa5cac699deb1dbccfa69f4ffa7c8bd5cdfa
openshift-gitops-1/argocd-rhel8@sha256:981f233c89dc451d6d4773888f3aeaf467856bfe4b6e599e1dc36ce949ff1e94
openshift-gitops-1/console-plugin-rhel8@sha256:9ec2cd87111e0cec02104604c8e95c9cb63aae9a44303fb6ebfd6d55f689591e
openshift-gitops-1/dex-rhel8@sha256:6e4ff694e827da331903dfaeeb2bbe0fbf259e22c5fdde0c5253163ec45e4a10
openshift-gitops-1/gitops-rhel8@sha256:146022a7303958f0117d5a727c8a57560a90bf6884b8ccaff4b86700cb9cec68
openshift-gitops-1/gitops-rhel8-operator@sha256:ad44cf803432d8edef7b01f6690bdcba40a2e7de11fa449aa5088e7e64eb32df
openshift-gitops-1/kam-delivery-rhel8@sha256:f6107229b5d9a50ff74304fe3f672d9b23e051fcd055b422c99f7a86aded3930
openshift-gitops-1/must-gather-rhel8@sha256:65c3c01e488bdde99ac3a7bd8010b98dc5e6e1982a10a7db124b1664afe03548

x86_64

openshift-gitops-1/argo-rollouts-rhel8@sha256:aa3b1517f6b15456d6ca8796379aa9318fd349027ec05aa7bdc1123719b60f16
openshift-gitops-1/argocd-rhel8@sha256:c60b04f5b7603e1ab96648db23d95ac95c2548facae1c1252acf634a42fb411d
openshift-gitops-1/argocd-rhel9@sha256:c89c5f5c91dfdc7fe821878c113bd49e3150eab70e6b6792b79e03b6159a1ba3
openshift-gitops-1/console-plugin-rhel8@sha256:28daa3253c3bccc8b661c40abd04c87dfa498e04821d30ea3036312b76fe5a4e
openshift-gitops-1/dex-rhel8@sha256:ebb14930583daf011b306fabc9c67687c6ef263f17dd1a9095fabe52847a6425
openshift-gitops-1/gitops-operator-bundle@sha256:9bb74df8ca3491846b6df8313c96f99d58334c1bee8004f816777c39838ae54a
openshift-gitops-1/gitops-rhel8@sha256:93f89ba5dc766ad377bbe00c44850b814deaa4e66c64c665fbee12433f41819c
openshift-gitops-1/gitops-rhel8-operator@sha256:c321a8b1eeca0560e647df668c780e443d81555ab433613000993689a7fe7e02
openshift-gitops-1/kam-delivery-rhel8@sha256:107fa77ba6a551e324fcf7339b3cedfe2a47a669a59adf4a6559d187ea723850
openshift-gitops-1/must-gather-rhel8@sha256:d8df9c69adbce76ce6ef683685cf1d3bfb44d02c5cf84ba43d02cedc89b9de51

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility