- Issued:
- 2025-05-28
- Updated:
- 2025-05-28
RHSA-2025:8278 - Security Advisory
Synopsis
Important: Errata Advisory for Red Hat OpenShift GitOps v1.16.1 security update
Type/Severity
Security Advisory: Important
Topic
Errata Advisory for Red Hat OpenShift GitOps v1.16.1 security update.
Description
Errata Advisory for Red Hat OpenShift GitOps v1.16.1 security release.
Security Fix(es):
- openshift-gitops-argocd-container: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS) [gitops-1.16](CVE-2025-47933)
- openshift-gitops-1/gitops-operator-bundle: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS) [gitops-1.16](CVE-2025-47933)
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat OpenShift GitOps 1.16 for RHEL 9 x86_64
- Red Hat OpenShift GitOps 1.16 for RHEL 8 x86_64
- Red Hat OpenShift GitOps for IBM Power, little endian 1.16 for RHEL 9 ppc64le
- Red Hat OpenShift GitOps for IBM Power, little endian 1.16 for RHEL 8 ppc64le
- Red Hat OpenShift GitOps for IBM Z and LinuxONE 1.16 for RHEL 9 s390x
- Red Hat OpenShift GitOps for IBM Z and LinuxONE 1.16 for RHEL 8 s390x
- Red Hat OpenShift GitOps for ARM 64 1.16 for RHEL 9 aarch64
- Red Hat OpenShift GitOps for ARM 64 1.16 for RHEL 8 aarch64
Fixes
- GITOPS-6721 - rhel9/redis-7 image in GitOps 1.16.0 flagged for CVE-2020-11023
- GITOPS-6759 - [cherry-pick]- Redis HA Server StatefulSet SecurityContext Not Updated During Upgrade
CVEs
aarch64
| openshift-gitops-1/argo-rollouts-rhel8@sha256:5ec3f9ecac054ad51bf46e806ae7bf12fc16ff45af9ca29c3ae997b9ce165299 |
| openshift-gitops-1/argocd-extensions-rhel8@sha256:e25f5fac790ac1056d7c6618331f8b50030f7da701b9be70974afd6240b7760f |
| openshift-gitops-1/argocd-rhel8@sha256:9640a72f66ffef7329b164734db8057be531ea280b4fb27709ffc58a129a15f6 |
| openshift-gitops-1/argocd-rhel9@sha256:e9f89c838a37794fe47d6aa5496f9db2d604e38ed51193e236191dbff0e41c92 |
| openshift-gitops-1/console-plugin-rhel8@sha256:e0dd5fa23e8aa5cb8b9ff221fc417cc1b93bcbe2e51a768590c25186c7b41bbf |
| openshift-gitops-1/dex-rhel8@sha256:c92e995de334e4318c4993cd1faac5c307af31fa9378ac7fac0ebec4ae62a5c9 |
| openshift-gitops-1/gitops-rhel8@sha256:e0d4da573364c3412da85ec2ec38e105bd1c53db44cb62f9abc297427739c468 |
| openshift-gitops-1/gitops-rhel8-operator@sha256:88d72dc49076d2983ed43311ece085067d468579e0c5aae49a638d2101ca7f6f |
| openshift-gitops-1/must-gather-rhel8@sha256:982a66ff060285fd15ef6c599634283f4166e31bed73d01b245fca0c8413a6ab |
ppc64le
| openshift-gitops-1/argo-rollouts-rhel8@sha256:aae8095403bd38e54074ec528f427218bb3794cde315df01b926f872311f6061 |
| openshift-gitops-1/argocd-extensions-rhel8@sha256:4ebab81f7caa4c7322f0f6c0bac90c1b9a97265d6e7e23b68d1afd6bffe9b30b |
| openshift-gitops-1/argocd-rhel8@sha256:ddf1b016616ba297a8bfd962f390e84bd00a9d855fc3b87910cb866800374023 |
| openshift-gitops-1/console-plugin-rhel8@sha256:a4e8ff1f135c636a67ddc90cb9f907d71b7b9df49818ebb1819e289154c9d0ac |
| openshift-gitops-1/dex-rhel8@sha256:a1529921e12066e73493cd8c7f6e98014bab714790eee5cb6868d86c95f63726 |
| openshift-gitops-1/gitops-rhel8@sha256:890ad2638a1ac4679d70ff4075f7be46d5b78a158cee7bdcf179698df3e4195c |
| openshift-gitops-1/gitops-rhel8-operator@sha256:a0d4da0651c88891561941b7a3450fc15db55a3fbc7b5d825b60fc07b4c6452a |
| openshift-gitops-1/must-gather-rhel8@sha256:a741a5785a9502466d074cda2002bd63dc1955a844abcb7558e45a017c5045e0 |
s390x
| openshift-gitops-1/argo-rollouts-rhel8@sha256:721d7cbb275153b809ab58848f93930ee72c99316544ce2c0bf7c9246f3c768c |
| openshift-gitops-1/argocd-extensions-rhel8@sha256:8807044d6ab60f36a7d15a281921a911d9749bf83c3de9a900322ef265a98bdf |
| openshift-gitops-1/argocd-rhel8@sha256:296a1efdfe6c79d09e2774a1f14fc0071fd34dd4dec3e20704bd04fd9d92d252 |
| openshift-gitops-1/console-plugin-rhel8@sha256:9016be790965bfb51168aa3f32c314f97db6d9810cd1fc5043539075df76abae |
| openshift-gitops-1/dex-rhel8@sha256:6f4c6009d3347fc4ea7a0797c4742507f76e81e3f3a188a10d697a51fa947813 |
| openshift-gitops-1/gitops-rhel8@sha256:064ee457d8654c3ca85684a2bdef3f07bba2e21afd27857e98284a287108f14b |
| openshift-gitops-1/gitops-rhel8-operator@sha256:5fffd4c7810ad8347cc0ce5c74512b5dfba20e498437b8b872c9f4020450b3a0 |
| openshift-gitops-1/must-gather-rhel8@sha256:2edc9ba7f87bb47d718a8cfb9e62b7d3c83d0920992c3cb13403be78042f5222 |
x86_64
| openshift-gitops-1/argo-rollouts-rhel8@sha256:b104df2409598b052bbd6bd768038f189bad29ca326386d8f5c997d70f45de69 |
| openshift-gitops-1/argocd-extensions-rhel8@sha256:b30edc331dcdbbb4147593f6fc433273478b3200c587abfd4e09d26e92a39218 |
| openshift-gitops-1/argocd-rhel8@sha256:33bd2d4b94056f4e3b732d7e0ef78f58ed0d4b3fe31e2a1bff2e26d5426b95f5 |
| openshift-gitops-1/argocd-rhel9@sha256:78c0715198d0d9dc8f4fc25197423412eabd5fd4d82151a41f3568a74c4e7317 |
| openshift-gitops-1/console-plugin-rhel8@sha256:fa2dc8d8feb489209b4250d509f3a3dcbbf087fc6be437300a885d4b139f5483 |
| openshift-gitops-1/dex-rhel8@sha256:65cb265ba3180c0f8e198bce2bb305e62a7b1b8d9a2e649c44129eeee2977a84 |
| openshift-gitops-1/gitops-operator-bundle@sha256:432bb516e3e7a06087f3f40b2455845a1009ff22f030b120dc01fbbd1715be02 |
| openshift-gitops-1/gitops-rhel8@sha256:548018330614afa2d60e157817eb5bb234975d01c681ef75ccf27a04a3e5d7bc |
| openshift-gitops-1/gitops-rhel8-operator@sha256:1ea32d9afba50cc967cc0c4ffc474f1d7e1bd3907d23aa722205fddd139fabde |
| openshift-gitops-1/must-gather-rhel8@sha256:2f0dd107ba451c5e88eb9c89b5cb8c887499c8e95153a8eaaa3f486a0dc90307 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
