Red Hat Product Errata RHSA-2025:15388 - Security Advisory
Issued:
2025-09-04
Updated:
2025-09-04

RHSA-2025:15388 - Security Advisory

Synopsis

Red Hat OpenShift GitOps security update

Type/Severity

Security Advisory: Important

Topic

Red Hat OpenShift GitOps v1.16.3 release

Description

An update is now available for Red Hat OpenShift GitOps.

Security Fix(es): * openshift-gitops-1/argocd-rhel8: Project API Token Exposes Repository Credentials [gitops-1.16](CVE-2025-55190) * openshift-gitops-1/argocd-rhel9: Project API Token Exposes Repository Credentials [gitops-1.16](CVE-2025-55190) * openshift-gitops-1/gitops-operator-bundle: Project API Token Exposes Repository Credentials [gitops-1.16](CVE-2025-55190) * openshift-gitops-1/gitops-rhel8-operator: Project API Token Exposes Repository Credentials [gitops-1.16](CVE-2025-55190)

Bug Fix(es): * ose-kube-rbac-proxy in OpenShift GitOps pulling from outdated v4.13 stream * Update must gather base image * Update Argo CD to latest 2.14.z

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258

amd64

registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:48eee951cbabfec9d37ba7b04b241670f745cbc20eb565288c7171a34780223b
registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:3f7a2401b6f4da215e3b0d352019c41ba4c31f5040b3ec26665afa4c98376054
registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:38c944cfe3fedad8ba6e990434fb1fb022c95c30b2b28463ccbd6cb1b0f61fc2
registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:49fe9c4b12f6129de8ec99925c0a1a38ee3a8012e194184bff7dbb9bca646168
registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:55de007dd40b3d5e3371e69721ae75e4456733bda005c226581af947ddcdb788
registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:baddfca57c757a026a2525f09a7703a28428dc6a7fedf9d2bcfb4c5626b243d3
registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:a6de2725ed8aa347e319d6db9e0f65f3cc85891410be966f587442fd468f4d02
registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:40996793e427b0aa84160a97c1d9082c68ed8533ac14f15030ec40fda4bfa80d
registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:8441322a0fce02df407573675b5b5d92d56de97c8aec72541b33d2dadc4050d5
registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:5a556966e020f5b7832a9620bfebd7b68b8183eda133ecd5768c123a880c3117

arm64

registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:2771ea6380ba369a8e75496d74e68cbcd5d348b20795c472476607a4f4f63235
registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:e10c83269c2f5926b92b8a89a27b7a78aa058fa05bafab3a7ee2b33b2e7fdac3
registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:a2816b9319ee4d63bade79526b6b5e854060100566a0e185b97ec22409e614ab
registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:ded65e6e08ab3212abb5ff0d71c037e3618c489be8eabb9f80d8a66843127121
registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:4eab46b8986a801d51b9b73b2c34cecb9993abe6244be71ad58a545eaf8f291c
registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:68992fbff93c43684499104dd11c032bb617bad462f153899de3942aff4d8fa0
registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:388a74f4ebe2f43a16ca90ad4c1ae44bf91b7a41fed92d9f364a3f63877262c6
registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:677b024505587954b9fec113bafdd9b1fa5652166c24ee9bc5740854ef0564dd
registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:0c45e0c60e271c72f868f7a02dde9b7401532d07dfb177d87758c333a1cb67e9

ppc64le

registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:02e37856d6ab99b57f2e4194eee49b03c83a8bfcbac14ea6ae109e24ad17588b
registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:57454ab07da46d3c720a410fe4c29dba97a18890dcc34270369b86bbf9631076
registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:2340d128769dc7bff69802b987bb42167dc745705b1b82ca24c3bf4320034d97
registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:dfeb1c7f71ac3860b5d1e64ff6fbe0c395138c79852a0c2c21107e73ed1b0367
registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:f82e2de614ea1842012f0a6faebeb6d43dbcc9058298f0dc077da7c6ff3334f3
registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:0085aca8b9f709937b9962673e1d712eb2180c0c482155cfab4c85fcd14e66bf
registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:d6f90b4526afe4ffee20ff6b70caa2beb3f100771a2fb20598b844bfba3716b6
registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:9b7b062ea6abd5c95ff00f7cb5ff1e1fd51b459601eed7118a1d95fc79337629
registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:2da231f6c551b0d43595caa2ea37f9e9cb52c04efaff58d74e3e51de2db09ede

s390x

registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:f6a913fec5f96fbe64ba8e598240fa916f94a6fa519e0cbe1aa6844fc487bee0
registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:8f55c12424af5750a1d468c9ac9d7a60afcbeb1ed8a4e378de27b3407d630a85
registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:cbf2bb606414cc943413cb539d335e78d154fd30e4db457130dc38a28fb1c3b9
registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:97ad3e6b07cf63d55e3b847c5a2e4082d4ae2aefa7624bf040ddc89f72e55cba
registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:c22c5d493fd5055e8769d9dd69ac2b460ac1461eee060ddb3d938a8d0ce70904
registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:e2b19485c86eed4cacd8117154e85742b34bedd9daaf864245ece471e7b09dcf
registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:097b41a941b869c782b400091be27f0de8f7a05ea8f35b523e6426fe88799b10
registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:7e3c793fe99b7f83f630e65bed529d83e3243d3da1d19ab8452de444c22c9c74
registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:7b2fa7b4dbc64fa937d525ed708ae23447fc84b9e7a70966b4d19e5a7c3a4e78

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.