- Issued:
- 2025-09-04
- Updated:
- 2025-09-04
RHSA-2025:15387 - Security Advisory
Synopsis
Red Hat OpenShift GitOps security update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift GitOps v1.15.4 release
Description
An update is now available for Red Hat OpenShift GitOps.
Security Fix(es): * openshift-gitops-1/argocd-rhel8: Project API Token Exposes Repository Credentials [gitops-1.15](CVE-2025-55190) * openshift-gitops-1/argocd-rhel9: Project API Token Exposes Repository Credentials [gitops-1.15](CVE-2025-55190) * openshift-gitops-1/gitops-operator-bundle: Project API Token Exposes Repository Credentials [gitops-1.15](CVE-2025-55190) * openshift-gitops-1/gitops-rhel8-operator: Project API Token Exposes Repository Credentials [gitops-1.15](CVE-2025-55190)
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
CVEs
amd64
| registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:b79b74a5d78853eb8021375ad077e132637cd2f88a5563b8859718f023a5368d |
| registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:adcfa7a4c045cc547d55762336d6c34ee394c3101b7427d88ac5b87d87fa8596 |
| registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:a55c05f8e440af77e097758e137890dd1243f9d7d0b5705ced2f0fa6d79c7fa0 |
| registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:76e5274765fe2fdf545676104a6b8c28a175f16e91c7dd0049017cfd6bf48ccb |
| registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:131f05e52d3de9cb3e517d6df17026e63d9bb4d31902658e0fd35bd5f338aef7 |
| registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ebb0a00a617cba0786776de5671eaad6aef101a838fd3a1e2d6f4fa82a1b66aa |
| registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:589b7c2a48ab68b53a32a1609ab9a1cc6b994ef5a21c3ef41bb0b957cdedc84c |
| registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:8b729a2d5e6e77d7ade444322a81f2bdd378a7f43acfb7220a7d52a3768bfc34 |
| registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:0b1771f697a700263c5b827dbde56a5c9bab610e9d7df55ef93885a4e54cc0e9 |
| registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:a97ed1ecb6364b4cb90c381a315df9f84294d87edef3d51d7627b3aa55abe9c4 |
arm64
| registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:8dfd4b8f2896d9aa568e52b46e8faec2836f90d14ced4ab5ee9a84526031c25f |
| registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:84f102f730ed7bcdc4200a361a85c3d3cb2a03060b136aede0b2ae579602998d |
| registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:6a905d8ad60e8ee6316f28739a5265a5d8042deccb4b5975afae0f0a933bf547 |
| registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:d0fa7a7962990b70a3413de5de04682b8f3adcc16c1aea682c8a43425a1432fc |
| registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:9c82aecf70b4e9d20b5800f9dba19756b034fa728b94cb80b4a0df1e77473eca |
| registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:e6f46f508da09058a8a33e0946d8f80f53e711de41b2845ed71b76502bddcc31 |
| registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:e3300957101fec76e1b7accf60513c0628d89d7b3af0880e5e97c9864cb3817b |
| registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:d4c02e8766453f6413daea3dbaf0f25394cf3a4f61db24702374d60dac42cd4e |
| registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:4c29113d21f0dc0fb061cb8f9487edf55388ee45cb7d3bb7b5ca2b8df7be1fc2 |
ppc64le
| registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:15b37d4f22ecb4d6e784a824aaa9938cd541417766e1925e97943d3445dbb979 |
| registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a443905ff3d7749f67312eb6af70dfd1eb89949bbcf1aabba740b9d6509027c5 |
| registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:81f3128c0eaddd70caf4042807751cea2df8a5fbbdd932a68391ae76520756e8 |
| registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:a046b4012dfd148e0a3d8fef17b6216330982f46f91db01f96b147fac4913639 |
| registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:156e88ae807caa381c80b2971bec53cc6852f2ff64d1ff7187f0b31e07032c13 |
| registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:9b2ff5be3c2a95afbd1f37cd41ce9cc308c8bb12a5144f865bdbad01acfe7c36 |
| registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:c8c26a2ad875068095757ef28755b115b80d792050e2651b7fed3beff2a622c3 |
| registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e2e19523d9709469fd470aa3f41da43a1efb49fd92268a3eb68de1b7871490c0 |
| registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:9b7464e2f2c84850dd49c85f562143a349bec16670c386d1d81de2669ab1e387 |
s390x
| registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:02c9aa791eefa4d66aac4b95dd064c5e405bc603dd722e32fc8188096852b025 |
| registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a9b1fb90718087193a489f988ea1c0501bd2bf985ab1e49277d7da384b3656d8 |
| registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:309aea0e95d07973ed5ca9195a16a113e4715261a4c3f7562b52a1e7d13b7440 |
| registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:cb3bdb6897a28aa5c7c3094f8d76e215b2a0b1e18f5c53c5c096f2388f952c2e |
| registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:352adc4896500529efd4c96b20890986710f353602479548a6add46f2cf9c890 |
| registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:566e83648db07ebc34c8b9390f8922a903e69095b205a046ae6e5dcd50921932 |
| registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:158a4c2e5db626e1749b0a0dddc29446ea6bdea76b65ee67f067f00c0ffccdc9 |
| registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:0f704cdcda6d7055c8190423ef2082d7147e01559462926496e1060469104183 |
| registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:04f2619500822d8d1c3c5fbb989d48a7dc602e8f2d6ac7dd4740e46efcab9ca9 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
