- Issued:
- 2025-09-04
- Updated:
- 2025-09-04
RHSA-2025:15389 - Security Advisory
Synopsis
Red Hat OpenShift GitOps security update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift GitOps v1.17.1 release
Description
An update is now available for Red Hat OpenShift GitOps.
Security Fix(es): * openshift-gitops-1/argocd-rhel8: Project API Token Exposes Repository Credentials [gitops-1.17](CVE-2025-55190) * openshift-gitops-1/argocd-rhel9: Project API Token Exposes Repository Credentials [gitops-1.17](CVE-2025-55190) * openshift-gitops-1/gitops-operator-bundle: Project API Token Exposes Repository Credentials [gitops-1.17](CVE-2025-55190) * openshift-gitops-1/gitops-rhel8-operator: Project API Token Exposes Repository Credentials [gitops-1.17](CVE-2025-55190)
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
CVEs
amd64
| registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:f218700bb266c8a829f48204a6d1584dda3868d019f1dbb7f9253b431e668ce7 |
| registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:659989e3c3a700d90bc4968479a79d2d5b944f93d4634d26e50b0757bf60f4a4 |
| registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:1e510dee84868440bbf94acfbc8ebef079850dfee7d3d64847d84ad8cbdd6820 |
| registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:74ef02fc93c60da101e8321875dc119ad6c20b0292567c0e6fc3d34da7f26052 |
| registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:8472ab716575787f9a36748efbddb3298063b89ae473650a115b3fd5defcd627 |
| registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:60dd47c4dfef74013b934c979e33b67cc2ed8d50283cecec18af6d6c58017290 |
| registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:06d7f6c5f55bb65aebd82dd55a663a90256beea5faf2d39ec7c8fd1cbade8b14 |
| registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:8bd1ec1c6ee6a322441a37c5542afa3cb691802d6850ecf40b31ebb19449295a |
| registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e352456d961b55b1ffd4d4b1ba89cb9a10a7df989dc3f6b2d552a44befe8bf42 |
| registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:be93be0341649215fb001725aac0c3c5925343adbf1ad00c979b8c3d489512d6 |
| registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:9723c83b3412d35ef8bea2003dc1887e519cef0dec62feec1a9f67b990365cf7 |
arm64
| registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:16f8df6104924d51c7a1bc9a0d2da85d9269fb054841b8ba052288e0019bd510 |
| registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:cb0f6886d2a36cd5c21f921fe5900892128d7c4509d9fbe8a15ecd55a1791d10 |
| registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:6f81c0b2385f832827d757e9b6bdcbe0de74dfb63389f56f381963e2b8f1ff7d |
| registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:6c5021add875953fc688a860f65535d000992f839b8b109ce34d27433ce798c2 |
| registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:b56c1032c450f3f5272308cb115bbe290cc224c9622b221eba62d20e0b8dc98b |
| registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:a28ded354d264c65c51e2545144f54f660bc49e2ecdd23a295fcfb6642f8c669 |
| registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:fd3a6485c01b3aea55869dc2b63f5053841103b8f0a8592682841dac7de6ad25 |
| registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:9173bc6f6aeb1298f0bb70aa8a75a884418ab09b2fb76970eff94593e9ca3c6d |
| registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:904b7977aa903ffe6d73aef3d41cddd20fc4724df4721b93b8b81c21f78112f5 |
| registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:0dc0c4fc91bcb5dc1116e41cc5605463cc04d73b94e15590d86053913ecaf9ae |
ppc64le
| registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:5fca7fe841b546d8e742a7cf195384d3d7c51a922b057f2efc682f1baefde54e |
| registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:5da24ec5be58eb3d25dc98d5233aa1559571c27517f3d3581c224240b615e23c |
| registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:8ae514609cb508933712956a51933924db8c2a34cf6455349c1dccba33133998 |
| registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:92f763ecb368a5342f21da6116cf530326dc2978abc072ded1fcad2a671f72ce |
| registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:e5be04cefb75380187abcecba07da250905c58abc7aab04466756e9d0311fe60 |
| registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:d9ec58dff72830d32049913500aa787aae7c48060a489f063a6ae3fe8036179f |
| registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:9ec054001802a264e259617c0e40a1edba4466c0686269df3a5c39e6e1488689 |
| registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:bf1ca2214bdf41c0bf1b71e2c4fb2f31b7c7ff658218adc06fe85d3281dbd797 |
| registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:6120e3cfee5b7448a186b4aef7c301c629581a154bbc6ae3026f7aeaf8d73d7a |
| registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:861aca0dcf37cb27a329b909e7a088727d172436ae9372558ffe2ca88fa61e89 |
s390x
| registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:50cd5f4614d1f7a190194ed99df060fa42ed2d54748fd452e87fd5c0b230c984 |
| registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a4d5c65a0d2416322a3ff759b450b366a3ce6aa14c908ee7fa0f1d810915976b |
| registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:71f9b4a0e11183b04696e7eedbdc49ae45e4bb877f3fe234f2253a77864ebb32 |
| registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:7b94978d3db36198ed06bff7f3bda44aa4bb89a437dbc74531506d8a5999c501 |
| registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:1d33bb8bf6fe48db2a4dd82c3726a5ace22e292a8b2f1e3514fe33599d44d963 |
| registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:0fd6ce864344cd82ff022837149bae9d3d5983b6cd20c254a0523a85e15cd842 |
| registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:3c503105743a6a4b785be42aa9d7026b086c61bccc52dad3cf2d0b4952ece73b |
| registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:37fafa09adb07e146cce973831bc9c53a99d88e608b47a44bfa146722aceeeab |
| registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:12722a8a7feacff1852d8c309256522bd217f5c34c78871b5debbaa5e576eed9 |
| registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:3b0aa2245e52e0194ba6723991164168ec41e228851992e6a8a8256d4cda55cc |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
