- Issued:
- 2025-05-28
- Updated:
- 2025-05-28
RHSA-2025:8277 - Security Advisory
Synopsis
Important: Errata Advisory for Red Hat OpenShift GitOps v1.15.3 security update
Type/Severity
Security Advisory: Important
Topic
Errata Advisory for Red Hat OpenShift GitOps v1.15.3 security update.
Description
Errata Advisory for Red Hat OpenShift GitOps 1.15.3 security release.
Security Fix(es):
- openshift-gitops-argocd-container: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS) [gitops-1.15](CVE-2025-47933)
- openshift-gitops-1/argocd-rhel9: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS) [gitops-1.15](CVE-2025-47933)
- openshift-gitops-1/gitops-operator-bundle: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS) [gitops-1.15](CVE-2025-47933)
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat OpenShift GitOps 1.15 for RHEL 9 x86_64
- Red Hat OpenShift GitOps 1.15 for RHEL 8 x86_64
- Red Hat OpenShift GitOps for IBM Power, little endian 1.15 for RHEL 8 ppc64le
- Red Hat OpenShift GitOps for IBM Z and LinuxONE 1.15 for RHEL 8 s390x
- Red Hat OpenShift GitOps for ARM 64 1.15 for RHEL 9 aarch64
- Red Hat OpenShift GitOps for ARM 64 1.15 for RHEL 8 aarch64
Fixes
- GITOPS-5977 - openshift-gitops-controller-manager pod logs shoot up enabling keycloak
CVEs
aarch64
| openshift-gitops-1/argo-rollouts-rhel8@sha256:4c344603d539db58413b0a524b6dc19e4d16a2397127a2c0eee1f844a03fa986 |
| openshift-gitops-1/argocd-extensions-rhel8@sha256:2a44a47b2e5bb34247b8087f4eef53571a8568ab8ab077ca5347f15d6d0918b8 |
| openshift-gitops-1/argocd-rhel8@sha256:2ae9f86a78aab91d4cc4b90fd1445fe1dccc5832b250c3a3746f5017626d8194 |
| openshift-gitops-1/argocd-rhel9@sha256:217e0384e2bf4547e8ba9e3c41a48a36a56d0c124b9395873df22986baec74b8 |
| openshift-gitops-1/console-plugin-rhel8@sha256:be8efc14c6a3ca2465f955e029625aa1faa076848780225e06fb8c752726d788 |
| openshift-gitops-1/dex-rhel8@sha256:4a9647a20d639efcfbaf8ed7699d2c1344fc12c99d6947ef3eca8173d97981f8 |
| openshift-gitops-1/gitops-rhel8@sha256:52b2b85cced911f5b7dd5d34b6f41b19133d90e2fa9a427875f2291d29e4843a |
| openshift-gitops-1/gitops-rhel8-operator@sha256:adb65cb44f6a9bb46f6bd038dd1b6cf282c4fa18cdb9aa3b3967b530fdb80de9 |
| openshift-gitops-1/must-gather-rhel8@sha256:29fae808ed83c7540939f023494b9182f2ee3a9e41826d02bb11c32f38e31922 |
ppc64le
| openshift-gitops-1/argo-rollouts-rhel8@sha256:9bcbb795fe718845891db412d5e0a296a74f08ed063e66f6ddca1b128f0e5e8c |
| openshift-gitops-1/argocd-extensions-rhel8@sha256:3ca4f65624276812aeca087d94a7f2647f1f86518df6d91aa2e4ab61d7ddbb78 |
| openshift-gitops-1/argocd-rhel8@sha256:4266cdf5fdffd689d2454839e4dce7c1074f3e4f1d2d69795fc241117c88da77 |
| openshift-gitops-1/console-plugin-rhel8@sha256:e68c36a3a4d218c3a16ae99ce57fcbf837560a3a9cf2a00e237185be47857fbe |
| openshift-gitops-1/dex-rhel8@sha256:3b3b0c93bbcef63d45169b247a9c3fb2ee6ad88b1dbac4efe0eae19a72aedac1 |
| openshift-gitops-1/gitops-rhel8@sha256:c1a3eb6d9d1c25212eaad76c11fd854ab83caa91d6b314123b10137396dff139 |
| openshift-gitops-1/gitops-rhel8-operator@sha256:3449a1f2321ddda4df7b40cfcd81069b3984fe89cc02b0998537ef819116a604 |
| openshift-gitops-1/must-gather-rhel8@sha256:5e0a86e3d2c8e11f1accb54c094d40549d03e3e59d2604aa18a17e4fcf37e1cc |
s390x
| openshift-gitops-1/argo-rollouts-rhel8@sha256:b44e58a3c530141ad57f4bf35772825768545e9cf5a8158972fcdb21431ea193 |
| openshift-gitops-1/argocd-extensions-rhel8@sha256:b0e9c6058aee36561f551f38244de4877a0aa2a4943364a5c7242e6639200ace |
| openshift-gitops-1/argocd-rhel8@sha256:e731d545ad5cb98eb6136de57fce77231ea43a138e8d73f1ad093e59dae2a35d |
| openshift-gitops-1/console-plugin-rhel8@sha256:0173916d9d77cfd8f06b1dd08fec157973279b26adc56ab4fc0627bd4484ab2f |
| openshift-gitops-1/dex-rhel8@sha256:e3ac5bbd4d63c914facfcdf302d32b2be0cda4aa617ced830003ddf21923dd1c |
| openshift-gitops-1/gitops-rhel8@sha256:f1b7977f1a32fc101fabb479a44dfedd288c4e9803ec1d6bed3d625251a5f7dc |
| openshift-gitops-1/gitops-rhel8-operator@sha256:8383e1225608de37e5e58157287d28db6f3931489002c934fabd2283f3d6dff2 |
| openshift-gitops-1/must-gather-rhel8@sha256:cca78c77f32ada9a0ad63261253f1dd07bca33fd4843c23c7a629f2402a4b38d |
x86_64
| openshift-gitops-1/argo-rollouts-rhel8@sha256:50ab9013e309d5ea61017d2ced6893fa234a5e251f91054e5b6a320cb3110aea |
| openshift-gitops-1/argocd-extensions-rhel8@sha256:f61b8485a0eb8ba0040b8786a5011ca262e23b0c3d2b2392f38ae0cb71b0c565 |
| openshift-gitops-1/argocd-rhel8@sha256:043fcda29f079dc74d31260a987b761cc892aa916369f2a13a77592358cc2371 |
| openshift-gitops-1/argocd-rhel9@sha256:910d1bdb99d53373ffa79bec24f238715ddda9964d700ee4bf53986d33396cb4 |
| openshift-gitops-1/console-plugin-rhel8@sha256:6a90dacdb5b2837db151f27b7ed14d7f8f1dde33de769191f26b915fc73cdf31 |
| openshift-gitops-1/dex-rhel8@sha256:0d4cd66b25f856b5891924fd4aafcfd732b671d5e48c11c172c7f87c2fbf1281 |
| openshift-gitops-1/gitops-operator-bundle@sha256:13b1f4f62fc296180523178948e3cff2c341041d4612785dfc80f5e0c228f8e3 |
| openshift-gitops-1/gitops-rhel8@sha256:d99d8c676cce422a58a2db0ebe73ea62d0053f0158fc2ba45cac541823156f96 |
| openshift-gitops-1/gitops-rhel8-operator@sha256:d3ed6273e7fc258bc1d7a11ae1f3a0c01da4f0f8061fac089c14964edc8e8a9d |
| openshift-gitops-1/must-gather-rhel8@sha256:f06fe020be910cd9f71fa2a2df80c1ef33bf12c92c7077bdebe05e20680ab622 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
