Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2022-41354
Vulnerability from cvelistv5
Published
2023-03-27 00:00
Modified
2025-02-19 18:46
Severity ?
EPSS score ?
Summary
An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:42:45.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://argo.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/chunklhit/cve/blob/master/argo/argo-cd/application_enumeration.md"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41354",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T18:46:13.512199Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T18:46:38.230Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-27T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://argo.com"
},
{
"url": "https://github.com/chunklhit/cve/blob/master/argo/argo-cd/application_enumeration.md"
},
{
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-41354",
"datePublished": "2023-03-27T00:00:00.000Z",
"dateReserved": "2022-09-26T00:00:00.000Z",
"dateUpdated": "2025-02-19T18:46:38.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-41354\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2023-03-27T14:15:07.557\",\"lastModified\":\"2024-11-21T07:23:06.407\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-203\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:argo-cd:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.5.0\",\"versionEndExcluding\":\"2.4.28\",\"matchCriteriaId\":\"21D5448A-EB02-4357-9723-20F8EF1962E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:argo-cd:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.5.0\",\"versionEndExcluding\":\"2.5.16\",\"matchCriteriaId\":\"9A532628-AB91-4EC1-9FCB-9172F5CECC0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:argo-cd:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.6.0\",\"versionEndExcluding\":\"2.6.7\",\"matchCriteriaId\":\"8B951D1A-7B21-43E5-B715-138F9F4DCA37\"}]}]}],\"references\":[{\"url\":\"http://argo.com\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/chunklhit/cve/blob/master/argo/argo-cd/application_enumeration.md\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://argo.com\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/chunklhit/cve/blob/master/argo/argo-cd/application_enumeration.md\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://argo.com\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/chunklhit/cve/blob/master/argo/argo-cd/application_enumeration.md\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T12:42:45.688Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-41354\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-19T18:46:13.512199Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-19T18:46:20.408Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"http://argo.com\"}, {\"url\": \"https://github.com/chunklhit/cve/blob/master/argo/argo-cd/application_enumeration.md\"}, {\"url\": \"https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2023-03-27T00:00:00.000Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-41354\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-19T18:46:38.230Z\", \"dateReserved\": \"2022-09-26T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2023-03-27T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
rhsa-2023:1454
Vulnerability from csaf_redhat
Published
2023-03-23 19:11
Modified
2024-11-22 22:23
Summary
Red Hat Security Advisory: Red Hat OpenShift GitOps security update
Notes
Topic
An update is now available for Red Hat OpenShift GitOps 1.7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Security Fix(es):
* ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API (CVE-2022-41354)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift GitOps 1.7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security Fix(es):\n\n* ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API (CVE-2022-41354)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:1454",
"url": "https://access.redhat.com/errata/RHSA-2023:1454"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2167820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167820"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1454.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift GitOps security update",
"tracking": {
"current_release_date": "2024-11-22T22:23:43+00:00",
"generator": {
"date": "2024-11-22T22:23:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2023:1454",
"initial_release_date": "2023-03-23T19:11:10+00:00",
"revision_history": [
{
"date": "2023-03-23T19:11:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-03-23T19:11:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T22:23:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.7",
"product": {
"name": "Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_gitops:1.7::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift GitOps"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.7.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a_s390x",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a_s390x",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.7.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.7.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080_s390x",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080_s390x",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.7.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779_s390x",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779_s390x",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.7.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.7.3-4"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.7.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e_amd64",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e_amd64",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.7.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.7.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134_amd64",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134_amd64",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.7.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f_amd64",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f_amd64",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.7.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219_amd64",
"product": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219_amd64",
"product_id": "openshift-gitops-1/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-operator-bundle\u0026tag=v1.7.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.7.3-4"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.7.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99_ppc64le",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99_ppc64le",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.7.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.7.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f_ppc64le",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f_ppc64le",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.7.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2_ppc64le",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2_ppc64le",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.7.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.7.3-4"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64 as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99_ppc64le as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99_ppc64le"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e_amd64 as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e_amd64"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e_amd64",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a_s390x as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a_s390x"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a_s390x",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080_s390x as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080_s390x"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080_s390x",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f_ppc64le as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f_ppc64le"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134_amd64 as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134_amd64"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134_amd64",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219_amd64 as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219_amd64"
},
"product_reference": "openshift-gitops-1/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219_amd64",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920_s390x as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920_s390x",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa_ppc64le as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce_amd64 as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce_amd64",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5_s390x as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5_s390x",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3_amd64 as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3_amd64",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341_ppc64le as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2_ppc64le as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2_ppc64le"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779_s390x as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779_s390x"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779_s390x",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f_amd64 as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f_amd64"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f_amd64",
"relates_to_product_reference": "8Base-GitOps-1.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-41354",
"discovery_date": "2023-02-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e_amd64",
"8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134_amd64",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219_amd64",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce_amd64",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3_amd64",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2167820"
}
],
"notes": [
{
"category": "description",
"text": "An information disclosure flaw was found in Argo CD. This issue may allow unauthorized users to enumerate application names by inspecting API error messages and could use the discovered application names as the starting point of another attack. For example, the attacker might use their knowledge of an application name to convince an administrator to grant higher privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64"
],
"known_not_affected": [
"8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e_amd64",
"8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134_amd64",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219_amd64",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce_amd64",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3_amd64",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41354"
},
{
"category": "external",
"summary": "RHBZ#2167820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167820"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41354",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41354"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41354",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41354"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq",
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq"
}
],
"release_date": "2023-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-23T19:11:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1454"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API"
}
]
}
rhsa-2023_1453
Vulnerability from csaf_redhat
Published
2023-03-23 18:46
Modified
2024-11-22 22:23
Summary
Red Hat Security Advisory: Red Hat OpenShift GitOps security update
Notes
Topic
An update is now available for Red Hat OpenShift GitOps 1.6.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Security Fix(es):
* ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API (CVE-2022-41354)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift GitOps 1.6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security Fix(es):\n\n* ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API (CVE-2022-41354)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:1453",
"url": "https://access.redhat.com/errata/RHSA-2023:1453"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2167820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167820"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1453.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift GitOps security update",
"tracking": {
"current_release_date": "2024-11-22T22:23:53+00:00",
"generator": {
"date": "2024-11-22T22:23:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2023:1453",
"initial_release_date": "2023-03-23T18:46:43+00:00",
"revision_history": [
{
"date": "2023-03-23T18:46:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-03-23T18:46:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T22:23:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.6",
"product": {
"name": "Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_gitops:1.6::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift GitOps"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:363e64753141b70b05cbe1a212aa4626cd7001e136d2a7a30ce995acefb79918_s390x",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:363e64753141b70b05cbe1a212aa4626cd7001e136d2a7a30ce995acefb79918_s390x",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:363e64753141b70b05cbe1a212aa4626cd7001e136d2a7a30ce995acefb79918_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:363e64753141b70b05cbe1a212aa4626cd7001e136d2a7a30ce995acefb79918?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:cfd94ed64a41fd2aa9c73d5f125eda68da3c6a920270eb3e2a603fae15caad11_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:cfd94ed64a41fd2aa9c73d5f125eda68da3c6a920270eb3e2a603fae15caad11_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:cfd94ed64a41fd2aa9c73d5f125eda68da3c6a920270eb3e2a603fae15caad11_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:cfd94ed64a41fd2aa9c73d5f125eda68da3c6a920270eb3e2a603fae15caad11?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:74c182734ae54034b314c9b2adc0c3ef74688e3a5ec3c05b8cc0f07ef88460a4_s390x",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:74c182734ae54034b314c9b2adc0c3ef74688e3a5ec3c05b8cc0f07ef88460a4_s390x",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:74c182734ae54034b314c9b2adc0c3ef74688e3a5ec3c05b8cc0f07ef88460a4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:74c182734ae54034b314c9b2adc0c3ef74688e3a5ec3c05b8cc0f07ef88460a4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:99c4f2d3c76af623dcc2f362ce5342d6e3ca5f68985990347192e7757557b7b4_s390x",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:99c4f2d3c76af623dcc2f362ce5342d6e3ca5f68985990347192e7757557b7b4_s390x",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:99c4f2d3c76af623dcc2f362ce5342d6e3ca5f68985990347192e7757557b7b4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:99c4f2d3c76af623dcc2f362ce5342d6e3ca5f68985990347192e7757557b7b4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:04a3258fe00fe8ea9e0b48e5911a7c148f6c6dbc0cbb2d5b6d5071d0f27064b2_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:04a3258fe00fe8ea9e0b48e5911a7c148f6c6dbc0cbb2d5b6d5071d0f27064b2_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:04a3258fe00fe8ea9e0b48e5911a7c148f6c6dbc0cbb2d5b6d5071d0f27064b2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:04a3258fe00fe8ea9e0b48e5911a7c148f6c6dbc0cbb2d5b6d5071d0f27064b2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.6.6-1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:79c519c218fd5f3ec14b2f9b263553626ca3bc05141463a5deb9814644291044_ppc64le",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:79c519c218fd5f3ec14b2f9b263553626ca3bc05141463a5deb9814644291044_ppc64le",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:79c519c218fd5f3ec14b2f9b263553626ca3bc05141463a5deb9814644291044_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:79c519c218fd5f3ec14b2f9b263553626ca3bc05141463a5deb9814644291044?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:77a0917c97f5aa5430693c00653fe066f90de786911e6b2744ed8fc2dec69e81_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:77a0917c97f5aa5430693c00653fe066f90de786911e6b2744ed8fc2dec69e81_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:77a0917c97f5aa5430693c00653fe066f90de786911e6b2744ed8fc2dec69e81_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:77a0917c97f5aa5430693c00653fe066f90de786911e6b2744ed8fc2dec69e81?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:ad064ab1165f73f00ca1984a4736738a7fbfe9771ceda37043118333a6801e50_ppc64le",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:ad064ab1165f73f00ca1984a4736738a7fbfe9771ceda37043118333a6801e50_ppc64le",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:ad064ab1165f73f00ca1984a4736738a7fbfe9771ceda37043118333a6801e50_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:ad064ab1165f73f00ca1984a4736738a7fbfe9771ceda37043118333a6801e50?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:9e2d4d35ed9e9155311c4c0823ca6f471968d3c668f41d4ae6a88772fee949fa_ppc64le",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:9e2d4d35ed9e9155311c4c0823ca6f471968d3c668f41d4ae6a88772fee949fa_ppc64le",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:9e2d4d35ed9e9155311c4c0823ca6f471968d3c668f41d4ae6a88772fee949fa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:9e2d4d35ed9e9155311c4c0823ca6f471968d3c668f41d4ae6a88772fee949fa?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:a807e500c68bc01c05cc7614adf973eb383384b5ba907be9e158fdaf76737fbe_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:a807e500c68bc01c05cc7614adf973eb383384b5ba907be9e158fdaf76737fbe_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:a807e500c68bc01c05cc7614adf973eb383384b5ba907be9e158fdaf76737fbe_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:a807e500c68bc01c05cc7614adf973eb383384b5ba907be9e158fdaf76737fbe?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.6.6-1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:1bd43dbaa0b53789699d46e22280ffb314a589caa924b713c55d3ff0f3579cf3_amd64",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:1bd43dbaa0b53789699d46e22280ffb314a589caa924b713c55d3ff0f3579cf3_amd64",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:1bd43dbaa0b53789699d46e22280ffb314a589caa924b713c55d3ff0f3579cf3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:1bd43dbaa0b53789699d46e22280ffb314a589caa924b713c55d3ff0f3579cf3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:3b5b34b740ddb442af9eee77e47c009710c953cdd1c7998d946c115c71250b86_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:3b5b34b740ddb442af9eee77e47c009710c953cdd1c7998d946c115c71250b86_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:3b5b34b740ddb442af9eee77e47c009710c953cdd1c7998d946c115c71250b86_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:3b5b34b740ddb442af9eee77e47c009710c953cdd1c7998d946c115c71250b86?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:e4a938f215d754b1de7c974b1b43e5959def4b3224907ab5fd30ca44d0c4f0bc_amd64",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:e4a938f215d754b1de7c974b1b43e5959def4b3224907ab5fd30ca44d0c4f0bc_amd64",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:e4a938f215d754b1de7c974b1b43e5959def4b3224907ab5fd30ca44d0c4f0bc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:e4a938f215d754b1de7c974b1b43e5959def4b3224907ab5fd30ca44d0c4f0bc?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:46fcd72037b36b4201d9b69c553efa843eeb84ccc276d42ace16c9b3ba16000e_amd64",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:46fcd72037b36b4201d9b69c553efa843eeb84ccc276d42ace16c9b3ba16000e_amd64",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:46fcd72037b36b4201d9b69c553efa843eeb84ccc276d42ace16c9b3ba16000e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:46fcd72037b36b4201d9b69c553efa843eeb84ccc276d42ace16c9b3ba16000e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:b22190de3162d3e03481cae8904ce563912756eea7ac7e7feec0acbbdae5e6f6_amd64",
"product": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:b22190de3162d3e03481cae8904ce563912756eea7ac7e7feec0acbbdae5e6f6_amd64",
"product_id": "openshift-gitops-1/gitops-operator-bundle@sha256:b22190de3162d3e03481cae8904ce563912756eea7ac7e7feec0acbbdae5e6f6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-operator-bundle@sha256:b22190de3162d3e03481cae8904ce563912756eea7ac7e7feec0acbbdae5e6f6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-operator-bundle\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:8c7dcf0bc33c767474b7a637a6dd744b0b677011ac9cdc3471c889611e265046_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:8c7dcf0bc33c767474b7a637a6dd744b0b677011ac9cdc3471c889611e265046_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:8c7dcf0bc33c767474b7a637a6dd744b0b677011ac9cdc3471c889611e265046_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:8c7dcf0bc33c767474b7a637a6dd744b0b677011ac9cdc3471c889611e265046?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.6.6-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:1bd43dbaa0b53789699d46e22280ffb314a589caa924b713c55d3ff0f3579cf3_amd64 as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:1bd43dbaa0b53789699d46e22280ffb314a589caa924b713c55d3ff0f3579cf3_amd64"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:1bd43dbaa0b53789699d46e22280ffb314a589caa924b713c55d3ff0f3579cf3_amd64",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:363e64753141b70b05cbe1a212aa4626cd7001e136d2a7a30ce995acefb79918_s390x as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:363e64753141b70b05cbe1a212aa4626cd7001e136d2a7a30ce995acefb79918_s390x"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:363e64753141b70b05cbe1a212aa4626cd7001e136d2a7a30ce995acefb79918_s390x",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:79c519c218fd5f3ec14b2f9b263553626ca3bc05141463a5deb9814644291044_ppc64le as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:79c519c218fd5f3ec14b2f9b263553626ca3bc05141463a5deb9814644291044_ppc64le"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:79c519c218fd5f3ec14b2f9b263553626ca3bc05141463a5deb9814644291044_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:74c182734ae54034b314c9b2adc0c3ef74688e3a5ec3c05b8cc0f07ef88460a4_s390x as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:74c182734ae54034b314c9b2adc0c3ef74688e3a5ec3c05b8cc0f07ef88460a4_s390x"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:74c182734ae54034b314c9b2adc0c3ef74688e3a5ec3c05b8cc0f07ef88460a4_s390x",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:ad064ab1165f73f00ca1984a4736738a7fbfe9771ceda37043118333a6801e50_ppc64le as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:ad064ab1165f73f00ca1984a4736738a7fbfe9771ceda37043118333a6801e50_ppc64le"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:ad064ab1165f73f00ca1984a4736738a7fbfe9771ceda37043118333a6801e50_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:e4a938f215d754b1de7c974b1b43e5959def4b3224907ab5fd30ca44d0c4f0bc_amd64 as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:e4a938f215d754b1de7c974b1b43e5959def4b3224907ab5fd30ca44d0c4f0bc_amd64"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:e4a938f215d754b1de7c974b1b43e5959def4b3224907ab5fd30ca44d0c4f0bc_amd64",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:b22190de3162d3e03481cae8904ce563912756eea7ac7e7feec0acbbdae5e6f6_amd64 as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/gitops-operator-bundle@sha256:b22190de3162d3e03481cae8904ce563912756eea7ac7e7feec0acbbdae5e6f6_amd64"
},
"product_reference": "openshift-gitops-1/gitops-operator-bundle@sha256:b22190de3162d3e03481cae8904ce563912756eea7ac7e7feec0acbbdae5e6f6_amd64",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:04a3258fe00fe8ea9e0b48e5911a7c148f6c6dbc0cbb2d5b6d5071d0f27064b2_s390x as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:04a3258fe00fe8ea9e0b48e5911a7c148f6c6dbc0cbb2d5b6d5071d0f27064b2_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:04a3258fe00fe8ea9e0b48e5911a7c148f6c6dbc0cbb2d5b6d5071d0f27064b2_s390x",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:8c7dcf0bc33c767474b7a637a6dd744b0b677011ac9cdc3471c889611e265046_amd64 as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:8c7dcf0bc33c767474b7a637a6dd744b0b677011ac9cdc3471c889611e265046_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:8c7dcf0bc33c767474b7a637a6dd744b0b677011ac9cdc3471c889611e265046_amd64",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:a807e500c68bc01c05cc7614adf973eb383384b5ba907be9e158fdaf76737fbe_ppc64le as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:a807e500c68bc01c05cc7614adf973eb383384b5ba907be9e158fdaf76737fbe_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:a807e500c68bc01c05cc7614adf973eb383384b5ba907be9e158fdaf76737fbe_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:3b5b34b740ddb442af9eee77e47c009710c953cdd1c7998d946c115c71250b86_amd64 as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:3b5b34b740ddb442af9eee77e47c009710c953cdd1c7998d946c115c71250b86_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:3b5b34b740ddb442af9eee77e47c009710c953cdd1c7998d946c115c71250b86_amd64",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:77a0917c97f5aa5430693c00653fe066f90de786911e6b2744ed8fc2dec69e81_ppc64le as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:77a0917c97f5aa5430693c00653fe066f90de786911e6b2744ed8fc2dec69e81_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:77a0917c97f5aa5430693c00653fe066f90de786911e6b2744ed8fc2dec69e81_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:cfd94ed64a41fd2aa9c73d5f125eda68da3c6a920270eb3e2a603fae15caad11_s390x as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:cfd94ed64a41fd2aa9c73d5f125eda68da3c6a920270eb3e2a603fae15caad11_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:cfd94ed64a41fd2aa9c73d5f125eda68da3c6a920270eb3e2a603fae15caad11_s390x",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:46fcd72037b36b4201d9b69c553efa843eeb84ccc276d42ace16c9b3ba16000e_amd64 as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:46fcd72037b36b4201d9b69c553efa843eeb84ccc276d42ace16c9b3ba16000e_amd64"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:46fcd72037b36b4201d9b69c553efa843eeb84ccc276d42ace16c9b3ba16000e_amd64",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:99c4f2d3c76af623dcc2f362ce5342d6e3ca5f68985990347192e7757557b7b4_s390x as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:99c4f2d3c76af623dcc2f362ce5342d6e3ca5f68985990347192e7757557b7b4_s390x"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:99c4f2d3c76af623dcc2f362ce5342d6e3ca5f68985990347192e7757557b7b4_s390x",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:9e2d4d35ed9e9155311c4c0823ca6f471968d3c668f41d4ae6a88772fee949fa_ppc64le as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:9e2d4d35ed9e9155311c4c0823ca6f471968d3c668f41d4ae6a88772fee949fa_ppc64le"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:9e2d4d35ed9e9155311c4c0823ca6f471968d3c668f41d4ae6a88772fee949fa_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-41354",
"discovery_date": "2023-02-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:74c182734ae54034b314c9b2adc0c3ef74688e3a5ec3c05b8cc0f07ef88460a4_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:ad064ab1165f73f00ca1984a4736738a7fbfe9771ceda37043118333a6801e50_ppc64le",
"8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:e4a938f215d754b1de7c974b1b43e5959def4b3224907ab5fd30ca44d0c4f0bc_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-operator-bundle@sha256:b22190de3162d3e03481cae8904ce563912756eea7ac7e7feec0acbbdae5e6f6_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:04a3258fe00fe8ea9e0b48e5911a7c148f6c6dbc0cbb2d5b6d5071d0f27064b2_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:8c7dcf0bc33c767474b7a637a6dd744b0b677011ac9cdc3471c889611e265046_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:a807e500c68bc01c05cc7614adf973eb383384b5ba907be9e158fdaf76737fbe_ppc64le",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:3b5b34b740ddb442af9eee77e47c009710c953cdd1c7998d946c115c71250b86_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:77a0917c97f5aa5430693c00653fe066f90de786911e6b2744ed8fc2dec69e81_ppc64le",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:cfd94ed64a41fd2aa9c73d5f125eda68da3c6a920270eb3e2a603fae15caad11_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:46fcd72037b36b4201d9b69c553efa843eeb84ccc276d42ace16c9b3ba16000e_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:99c4f2d3c76af623dcc2f362ce5342d6e3ca5f68985990347192e7757557b7b4_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:9e2d4d35ed9e9155311c4c0823ca6f471968d3c668f41d4ae6a88772fee949fa_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2167820"
}
],
"notes": [
{
"category": "description",
"text": "An information disclosure flaw was found in Argo CD. This issue may allow unauthorized users to enumerate application names by inspecting API error messages and could use the discovered application names as the starting point of another attack. For example, the attacker might use their knowledge of an application name to convince an administrator to grant higher privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:1bd43dbaa0b53789699d46e22280ffb314a589caa924b713c55d3ff0f3579cf3_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:363e64753141b70b05cbe1a212aa4626cd7001e136d2a7a30ce995acefb79918_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:79c519c218fd5f3ec14b2f9b263553626ca3bc05141463a5deb9814644291044_ppc64le"
],
"known_not_affected": [
"8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:74c182734ae54034b314c9b2adc0c3ef74688e3a5ec3c05b8cc0f07ef88460a4_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:ad064ab1165f73f00ca1984a4736738a7fbfe9771ceda37043118333a6801e50_ppc64le",
"8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:e4a938f215d754b1de7c974b1b43e5959def4b3224907ab5fd30ca44d0c4f0bc_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-operator-bundle@sha256:b22190de3162d3e03481cae8904ce563912756eea7ac7e7feec0acbbdae5e6f6_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:04a3258fe00fe8ea9e0b48e5911a7c148f6c6dbc0cbb2d5b6d5071d0f27064b2_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:8c7dcf0bc33c767474b7a637a6dd744b0b677011ac9cdc3471c889611e265046_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:a807e500c68bc01c05cc7614adf973eb383384b5ba907be9e158fdaf76737fbe_ppc64le",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:3b5b34b740ddb442af9eee77e47c009710c953cdd1c7998d946c115c71250b86_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:77a0917c97f5aa5430693c00653fe066f90de786911e6b2744ed8fc2dec69e81_ppc64le",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:cfd94ed64a41fd2aa9c73d5f125eda68da3c6a920270eb3e2a603fae15caad11_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:46fcd72037b36b4201d9b69c553efa843eeb84ccc276d42ace16c9b3ba16000e_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:99c4f2d3c76af623dcc2f362ce5342d6e3ca5f68985990347192e7757557b7b4_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:9e2d4d35ed9e9155311c4c0823ca6f471968d3c668f41d4ae6a88772fee949fa_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41354"
},
{
"category": "external",
"summary": "RHBZ#2167820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167820"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41354",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41354"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41354",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41354"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq",
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq"
}
],
"release_date": "2023-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-23T18:46:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:1bd43dbaa0b53789699d46e22280ffb314a589caa924b713c55d3ff0f3579cf3_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:363e64753141b70b05cbe1a212aa4626cd7001e136d2a7a30ce995acefb79918_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:79c519c218fd5f3ec14b2f9b263553626ca3bc05141463a5deb9814644291044_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1453"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:1bd43dbaa0b53789699d46e22280ffb314a589caa924b713c55d3ff0f3579cf3_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:363e64753141b70b05cbe1a212aa4626cd7001e136d2a7a30ce995acefb79918_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:79c519c218fd5f3ec14b2f9b263553626ca3bc05141463a5deb9814644291044_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API"
}
]
}
rhsa-2023_1452
Vulnerability from csaf_redhat
Published
2023-03-23 18:40
Modified
2024-11-22 22:23
Summary
Red Hat Security Advisory: Red Hat OpenShift GitOps security update
Notes
Topic
An update is now available for Red Hat OpenShift GitOps 1.8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Security Fix(es):
* ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API (CVE-2022-41354)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift GitOps 1.8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security Fix(es):\n\n* ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API (CVE-2022-41354)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:1452",
"url": "https://access.redhat.com/errata/RHSA-2023:1452"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2167820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167820"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1452.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift GitOps security update",
"tracking": {
"current_release_date": "2024-11-22T22:23:34+00:00",
"generator": {
"date": "2024-11-22T22:23:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2023:1452",
"initial_release_date": "2023-03-23T18:40:37+00:00",
"revision_history": [
{
"date": "2023-03-23T18:40:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-03-23T18:40:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T22:23:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.8",
"product": {
"name": "Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_gitops:1.8::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift GitOps"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:1adeecbe2a1b13b1ccbaca6de748eebea17612c78ffaa45274dcb564e6997524_s390x",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:1adeecbe2a1b13b1ccbaca6de748eebea17612c78ffaa45274dcb564e6997524_s390x",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:1adeecbe2a1b13b1ccbaca6de748eebea17612c78ffaa45274dcb564e6997524_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:1adeecbe2a1b13b1ccbaca6de748eebea17612c78ffaa45274dcb564e6997524?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:6af1ef2d889dc40c21a1c277955a50bad53a612cb774b82718e1ffc042dc0bd7_s390x",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:6af1ef2d889dc40c21a1c277955a50bad53a612cb774b82718e1ffc042dc0bd7_s390x",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:6af1ef2d889dc40c21a1c277955a50bad53a612cb774b82718e1ffc042dc0bd7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:6af1ef2d889dc40c21a1c277955a50bad53a612cb774b82718e1ffc042dc0bd7?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:eaf99c68a30acc85c02741572210811da7d34b7af728a29bef2b684bcc82a5e4_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:eaf99c68a30acc85c02741572210811da7d34b7af728a29bef2b684bcc82a5e4_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:eaf99c68a30acc85c02741572210811da7d34b7af728a29bef2b684bcc82a5e4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:eaf99c68a30acc85c02741572210811da7d34b7af728a29bef2b684bcc82a5e4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:1f467badefe68f76de6da239a2ce7e7933b298d289738df1080d8d0c40a7349b_s390x",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:1f467badefe68f76de6da239a2ce7e7933b298d289738df1080d8d0c40a7349b_s390x",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:1f467badefe68f76de6da239a2ce7e7933b298d289738df1080d8d0c40a7349b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:1f467badefe68f76de6da239a2ce7e7933b298d289738df1080d8d0c40a7349b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:3aa62b6fd14d01200a4d92562ad91dee37a555968a451ceefb101df259d95a91_s390x",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:3aa62b6fd14d01200a4d92562ad91dee37a555968a451ceefb101df259d95a91_s390x",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:3aa62b6fd14d01200a4d92562ad91dee37a555968a451ceefb101df259d95a91_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:3aa62b6fd14d01200a4d92562ad91dee37a555968a451ceefb101df259d95a91?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:7fb57dec46089f14b40b58a59bb3e007d2631e6afe2b210b8898be04d8d86459_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:7fb57dec46089f14b40b58a59bb3e007d2631e6afe2b210b8898be04d8d86459_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:7fb57dec46089f14b40b58a59bb3e007d2631e6afe2b210b8898be04d8d86459_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:7fb57dec46089f14b40b58a59bb3e007d2631e6afe2b210b8898be04d8d86459?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.8.1-1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:eee39439704ffea3376cdd686392dedb4e5ed25280e217167b8b2223286a3f32_amd64",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:eee39439704ffea3376cdd686392dedb4e5ed25280e217167b8b2223286a3f32_amd64",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:eee39439704ffea3376cdd686392dedb4e5ed25280e217167b8b2223286a3f32_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:eee39439704ffea3376cdd686392dedb4e5ed25280e217167b8b2223286a3f32?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:2eabb947c4943a288c1c549ee601c853d138107414142c43be82b007af0bb9ce_amd64",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:2eabb947c4943a288c1c549ee601c853d138107414142c43be82b007af0bb9ce_amd64",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:2eabb947c4943a288c1c549ee601c853d138107414142c43be82b007af0bb9ce_amd64",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:2eabb947c4943a288c1c549ee601c853d138107414142c43be82b007af0bb9ce?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:b119feb01e5b2a97e9bd36ecca931cefaf154936110744b5b89968fddc2d9fef_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:b119feb01e5b2a97e9bd36ecca931cefaf154936110744b5b89968fddc2d9fef_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:b119feb01e5b2a97e9bd36ecca931cefaf154936110744b5b89968fddc2d9fef_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:b119feb01e5b2a97e9bd36ecca931cefaf154936110744b5b89968fddc2d9fef?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:6346a5027982d911aa5cadc0a2b6d77b76a76a7563fa67e91395e1ba0e554019_amd64",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:6346a5027982d911aa5cadc0a2b6d77b76a76a7563fa67e91395e1ba0e554019_amd64",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:6346a5027982d911aa5cadc0a2b6d77b76a76a7563fa67e91395e1ba0e554019_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:6346a5027982d911aa5cadc0a2b6d77b76a76a7563fa67e91395e1ba0e554019?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:3b228ebc41380285e3a91ab57a7a55112092d6d65cf8afb025847055517c719e_amd64",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:3b228ebc41380285e3a91ab57a7a55112092d6d65cf8afb025847055517c719e_amd64",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:3b228ebc41380285e3a91ab57a7a55112092d6d65cf8afb025847055517c719e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:3b228ebc41380285e3a91ab57a7a55112092d6d65cf8afb025847055517c719e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:273dcda07cdc475069a1dd41ecb2a91c51b2648f94eff57e9fd7e2e6aff75623_amd64",
"product": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:273dcda07cdc475069a1dd41ecb2a91c51b2648f94eff57e9fd7e2e6aff75623_amd64",
"product_id": "openshift-gitops-1/gitops-operator-bundle@sha256:273dcda07cdc475069a1dd41ecb2a91c51b2648f94eff57e9fd7e2e6aff75623_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-operator-bundle@sha256:273dcda07cdc475069a1dd41ecb2a91c51b2648f94eff57e9fd7e2e6aff75623?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-operator-bundle\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:f79bccbc97918a25339de9637fdba1f3362d6812d89a41c2a60e1d4264dfefca_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:f79bccbc97918a25339de9637fdba1f3362d6812d89a41c2a60e1d4264dfefca_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:f79bccbc97918a25339de9637fdba1f3362d6812d89a41c2a60e1d4264dfefca_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:f79bccbc97918a25339de9637fdba1f3362d6812d89a41c2a60e1d4264dfefca?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.8.1-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:f59359e26a0cc57d4e3abe640284c7ba980e72b830f480fa91825c88ecd062e4_arm64",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:f59359e26a0cc57d4e3abe640284c7ba980e72b830f480fa91825c88ecd062e4_arm64",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:f59359e26a0cc57d4e3abe640284c7ba980e72b830f480fa91825c88ecd062e4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:f59359e26a0cc57d4e3abe640284c7ba980e72b830f480fa91825c88ecd062e4?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:1ab2110a22912acf77fdf8dbfd801cfffea1bed67715629cfdc03e23c882d318_arm64",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:1ab2110a22912acf77fdf8dbfd801cfffea1bed67715629cfdc03e23c882d318_arm64",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:1ab2110a22912acf77fdf8dbfd801cfffea1bed67715629cfdc03e23c882d318_arm64",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:1ab2110a22912acf77fdf8dbfd801cfffea1bed67715629cfdc03e23c882d318?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:21fdf98c4ba9c28533c02067dab1ef59f109d925650eeeaddec508f34d632b0d_arm64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:21fdf98c4ba9c28533c02067dab1ef59f109d925650eeeaddec508f34d632b0d_arm64",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:21fdf98c4ba9c28533c02067dab1ef59f109d925650eeeaddec508f34d632b0d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:21fdf98c4ba9c28533c02067dab1ef59f109d925650eeeaddec508f34d632b0d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:6bc1a6010682bd80ae100455a934a92f37b13f70afa1038c8d8f10ec39727ee7_arm64",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:6bc1a6010682bd80ae100455a934a92f37b13f70afa1038c8d8f10ec39727ee7_arm64",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:6bc1a6010682bd80ae100455a934a92f37b13f70afa1038c8d8f10ec39727ee7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:6bc1a6010682bd80ae100455a934a92f37b13f70afa1038c8d8f10ec39727ee7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:5b80dc7f0c607134f663ca082df07c159ddacb688c6252dbc2f535bc1e825746_arm64",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:5b80dc7f0c607134f663ca082df07c159ddacb688c6252dbc2f535bc1e825746_arm64",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:5b80dc7f0c607134f663ca082df07c159ddacb688c6252dbc2f535bc1e825746_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:5b80dc7f0c607134f663ca082df07c159ddacb688c6252dbc2f535bc1e825746?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:86160eb773563bde3f59fef387fe50ede0bb5108f711aa1759bd48f557b72b99_arm64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:86160eb773563bde3f59fef387fe50ede0bb5108f711aa1759bd48f557b72b99_arm64",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:86160eb773563bde3f59fef387fe50ede0bb5108f711aa1759bd48f557b72b99_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:86160eb773563bde3f59fef387fe50ede0bb5108f711aa1759bd48f557b72b99?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.8.1-1"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:aae43c32dc5da71ba9be9efd495ccde25535cdbbe1d78917f48d8fcfed269222_ppc64le",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:aae43c32dc5da71ba9be9efd495ccde25535cdbbe1d78917f48d8fcfed269222_ppc64le",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:aae43c32dc5da71ba9be9efd495ccde25535cdbbe1d78917f48d8fcfed269222_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:aae43c32dc5da71ba9be9efd495ccde25535cdbbe1d78917f48d8fcfed269222?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:fcd81ad2a1751443844553a0900a2dceae7e92843c97cd6aa3305560a976ca67_ppc64le",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:fcd81ad2a1751443844553a0900a2dceae7e92843c97cd6aa3305560a976ca67_ppc64le",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:fcd81ad2a1751443844553a0900a2dceae7e92843c97cd6aa3305560a976ca67_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:fcd81ad2a1751443844553a0900a2dceae7e92843c97cd6aa3305560a976ca67?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:e317827fc5621773fcd6cb653aca9e09a300999d427ee11f449812a5eb30bd64_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:e317827fc5621773fcd6cb653aca9e09a300999d427ee11f449812a5eb30bd64_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:e317827fc5621773fcd6cb653aca9e09a300999d427ee11f449812a5eb30bd64_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:e317827fc5621773fcd6cb653aca9e09a300999d427ee11f449812a5eb30bd64?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:4db889fd9eb4c451d086f5f79f5eb850379f8a3f35c5fe67e47c538bdfbb8b1f_ppc64le",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:4db889fd9eb4c451d086f5f79f5eb850379f8a3f35c5fe67e47c538bdfbb8b1f_ppc64le",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:4db889fd9eb4c451d086f5f79f5eb850379f8a3f35c5fe67e47c538bdfbb8b1f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:4db889fd9eb4c451d086f5f79f5eb850379f8a3f35c5fe67e47c538bdfbb8b1f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:6a5619fee1fd7b916e32c0d263622ad11e35fb8f51d5adff05867337af78112b_ppc64le",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:6a5619fee1fd7b916e32c0d263622ad11e35fb8f51d5adff05867337af78112b_ppc64le",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:6a5619fee1fd7b916e32c0d263622ad11e35fb8f51d5adff05867337af78112b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:6a5619fee1fd7b916e32c0d263622ad11e35fb8f51d5adff05867337af78112b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:50c624fe3202213c4192a430edbebb00a3b00d492d6aee264acd7894a03b8e5d_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:50c624fe3202213c4192a430edbebb00a3b00d492d6aee264acd7894a03b8e5d_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:50c624fe3202213c4192a430edbebb00a3b00d492d6aee264acd7894a03b8e5d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:50c624fe3202213c4192a430edbebb00a3b00d492d6aee264acd7894a03b8e5d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.8.1-1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:1adeecbe2a1b13b1ccbaca6de748eebea17612c78ffaa45274dcb564e6997524_s390x as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:1adeecbe2a1b13b1ccbaca6de748eebea17612c78ffaa45274dcb564e6997524_s390x"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:1adeecbe2a1b13b1ccbaca6de748eebea17612c78ffaa45274dcb564e6997524_s390x",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:aae43c32dc5da71ba9be9efd495ccde25535cdbbe1d78917f48d8fcfed269222_ppc64le as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:aae43c32dc5da71ba9be9efd495ccde25535cdbbe1d78917f48d8fcfed269222_ppc64le"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:aae43c32dc5da71ba9be9efd495ccde25535cdbbe1d78917f48d8fcfed269222_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:eee39439704ffea3376cdd686392dedb4e5ed25280e217167b8b2223286a3f32_amd64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:eee39439704ffea3376cdd686392dedb4e5ed25280e217167b8b2223286a3f32_amd64"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:eee39439704ffea3376cdd686392dedb4e5ed25280e217167b8b2223286a3f32_amd64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:f59359e26a0cc57d4e3abe640284c7ba980e72b830f480fa91825c88ecd062e4_arm64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:f59359e26a0cc57d4e3abe640284c7ba980e72b830f480fa91825c88ecd062e4_arm64"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:f59359e26a0cc57d4e3abe640284c7ba980e72b830f480fa91825c88ecd062e4_arm64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:1ab2110a22912acf77fdf8dbfd801cfffea1bed67715629cfdc03e23c882d318_arm64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:1ab2110a22912acf77fdf8dbfd801cfffea1bed67715629cfdc03e23c882d318_arm64"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:1ab2110a22912acf77fdf8dbfd801cfffea1bed67715629cfdc03e23c882d318_arm64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:2eabb947c4943a288c1c549ee601c853d138107414142c43be82b007af0bb9ce_amd64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:2eabb947c4943a288c1c549ee601c853d138107414142c43be82b007af0bb9ce_amd64"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:2eabb947c4943a288c1c549ee601c853d138107414142c43be82b007af0bb9ce_amd64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:6af1ef2d889dc40c21a1c277955a50bad53a612cb774b82718e1ffc042dc0bd7_s390x as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:6af1ef2d889dc40c21a1c277955a50bad53a612cb774b82718e1ffc042dc0bd7_s390x"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:6af1ef2d889dc40c21a1c277955a50bad53a612cb774b82718e1ffc042dc0bd7_s390x",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:fcd81ad2a1751443844553a0900a2dceae7e92843c97cd6aa3305560a976ca67_ppc64le as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:fcd81ad2a1751443844553a0900a2dceae7e92843c97cd6aa3305560a976ca67_ppc64le"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:fcd81ad2a1751443844553a0900a2dceae7e92843c97cd6aa3305560a976ca67_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:1f467badefe68f76de6da239a2ce7e7933b298d289738df1080d8d0c40a7349b_s390x as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:1f467badefe68f76de6da239a2ce7e7933b298d289738df1080d8d0c40a7349b_s390x"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:1f467badefe68f76de6da239a2ce7e7933b298d289738df1080d8d0c40a7349b_s390x",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:4db889fd9eb4c451d086f5f79f5eb850379f8a3f35c5fe67e47c538bdfbb8b1f_ppc64le as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:4db889fd9eb4c451d086f5f79f5eb850379f8a3f35c5fe67e47c538bdfbb8b1f_ppc64le"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:4db889fd9eb4c451d086f5f79f5eb850379f8a3f35c5fe67e47c538bdfbb8b1f_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:6346a5027982d911aa5cadc0a2b6d77b76a76a7563fa67e91395e1ba0e554019_amd64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:6346a5027982d911aa5cadc0a2b6d77b76a76a7563fa67e91395e1ba0e554019_amd64"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:6346a5027982d911aa5cadc0a2b6d77b76a76a7563fa67e91395e1ba0e554019_amd64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:6bc1a6010682bd80ae100455a934a92f37b13f70afa1038c8d8f10ec39727ee7_arm64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:6bc1a6010682bd80ae100455a934a92f37b13f70afa1038c8d8f10ec39727ee7_arm64"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:6bc1a6010682bd80ae100455a934a92f37b13f70afa1038c8d8f10ec39727ee7_arm64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:273dcda07cdc475069a1dd41ecb2a91c51b2648f94eff57e9fd7e2e6aff75623_amd64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-operator-bundle@sha256:273dcda07cdc475069a1dd41ecb2a91c51b2648f94eff57e9fd7e2e6aff75623_amd64"
},
"product_reference": "openshift-gitops-1/gitops-operator-bundle@sha256:273dcda07cdc475069a1dd41ecb2a91c51b2648f94eff57e9fd7e2e6aff75623_amd64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:50c624fe3202213c4192a430edbebb00a3b00d492d6aee264acd7894a03b8e5d_ppc64le as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:50c624fe3202213c4192a430edbebb00a3b00d492d6aee264acd7894a03b8e5d_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:50c624fe3202213c4192a430edbebb00a3b00d492d6aee264acd7894a03b8e5d_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:7fb57dec46089f14b40b58a59bb3e007d2631e6afe2b210b8898be04d8d86459_s390x as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:7fb57dec46089f14b40b58a59bb3e007d2631e6afe2b210b8898be04d8d86459_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:7fb57dec46089f14b40b58a59bb3e007d2631e6afe2b210b8898be04d8d86459_s390x",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:86160eb773563bde3f59fef387fe50ede0bb5108f711aa1759bd48f557b72b99_arm64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:86160eb773563bde3f59fef387fe50ede0bb5108f711aa1759bd48f557b72b99_arm64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:86160eb773563bde3f59fef387fe50ede0bb5108f711aa1759bd48f557b72b99_arm64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:f79bccbc97918a25339de9637fdba1f3362d6812d89a41c2a60e1d4264dfefca_amd64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:f79bccbc97918a25339de9637fdba1f3362d6812d89a41c2a60e1d4264dfefca_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:f79bccbc97918a25339de9637fdba1f3362d6812d89a41c2a60e1d4264dfefca_amd64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:21fdf98c4ba9c28533c02067dab1ef59f109d925650eeeaddec508f34d632b0d_arm64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:21fdf98c4ba9c28533c02067dab1ef59f109d925650eeeaddec508f34d632b0d_arm64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:21fdf98c4ba9c28533c02067dab1ef59f109d925650eeeaddec508f34d632b0d_arm64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:b119feb01e5b2a97e9bd36ecca931cefaf154936110744b5b89968fddc2d9fef_amd64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:b119feb01e5b2a97e9bd36ecca931cefaf154936110744b5b89968fddc2d9fef_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:b119feb01e5b2a97e9bd36ecca931cefaf154936110744b5b89968fddc2d9fef_amd64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:e317827fc5621773fcd6cb653aca9e09a300999d427ee11f449812a5eb30bd64_ppc64le as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:e317827fc5621773fcd6cb653aca9e09a300999d427ee11f449812a5eb30bd64_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:e317827fc5621773fcd6cb653aca9e09a300999d427ee11f449812a5eb30bd64_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:eaf99c68a30acc85c02741572210811da7d34b7af728a29bef2b684bcc82a5e4_s390x as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:eaf99c68a30acc85c02741572210811da7d34b7af728a29bef2b684bcc82a5e4_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:eaf99c68a30acc85c02741572210811da7d34b7af728a29bef2b684bcc82a5e4_s390x",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:3aa62b6fd14d01200a4d92562ad91dee37a555968a451ceefb101df259d95a91_s390x as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:3aa62b6fd14d01200a4d92562ad91dee37a555968a451ceefb101df259d95a91_s390x"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:3aa62b6fd14d01200a4d92562ad91dee37a555968a451ceefb101df259d95a91_s390x",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:3b228ebc41380285e3a91ab57a7a55112092d6d65cf8afb025847055517c719e_amd64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:3b228ebc41380285e3a91ab57a7a55112092d6d65cf8afb025847055517c719e_amd64"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:3b228ebc41380285e3a91ab57a7a55112092d6d65cf8afb025847055517c719e_amd64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:5b80dc7f0c607134f663ca082df07c159ddacb688c6252dbc2f535bc1e825746_arm64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:5b80dc7f0c607134f663ca082df07c159ddacb688c6252dbc2f535bc1e825746_arm64"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:5b80dc7f0c607134f663ca082df07c159ddacb688c6252dbc2f535bc1e825746_arm64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:6a5619fee1fd7b916e32c0d263622ad11e35fb8f51d5adff05867337af78112b_ppc64le as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:6a5619fee1fd7b916e32c0d263622ad11e35fb8f51d5adff05867337af78112b_ppc64le"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:6a5619fee1fd7b916e32c0d263622ad11e35fb8f51d5adff05867337af78112b_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-41354",
"discovery_date": "2023-02-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:1ab2110a22912acf77fdf8dbfd801cfffea1bed67715629cfdc03e23c882d318_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:2eabb947c4943a288c1c549ee601c853d138107414142c43be82b007af0bb9ce_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:6af1ef2d889dc40c21a1c277955a50bad53a612cb774b82718e1ffc042dc0bd7_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:fcd81ad2a1751443844553a0900a2dceae7e92843c97cd6aa3305560a976ca67_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:1f467badefe68f76de6da239a2ce7e7933b298d289738df1080d8d0c40a7349b_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:4db889fd9eb4c451d086f5f79f5eb850379f8a3f35c5fe67e47c538bdfbb8b1f_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:6346a5027982d911aa5cadc0a2b6d77b76a76a7563fa67e91395e1ba0e554019_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:6bc1a6010682bd80ae100455a934a92f37b13f70afa1038c8d8f10ec39727ee7_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-operator-bundle@sha256:273dcda07cdc475069a1dd41ecb2a91c51b2648f94eff57e9fd7e2e6aff75623_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:50c624fe3202213c4192a430edbebb00a3b00d492d6aee264acd7894a03b8e5d_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:7fb57dec46089f14b40b58a59bb3e007d2631e6afe2b210b8898be04d8d86459_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:86160eb773563bde3f59fef387fe50ede0bb5108f711aa1759bd48f557b72b99_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:f79bccbc97918a25339de9637fdba1f3362d6812d89a41c2a60e1d4264dfefca_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:21fdf98c4ba9c28533c02067dab1ef59f109d925650eeeaddec508f34d632b0d_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:b119feb01e5b2a97e9bd36ecca931cefaf154936110744b5b89968fddc2d9fef_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:e317827fc5621773fcd6cb653aca9e09a300999d427ee11f449812a5eb30bd64_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:eaf99c68a30acc85c02741572210811da7d34b7af728a29bef2b684bcc82a5e4_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:3aa62b6fd14d01200a4d92562ad91dee37a555968a451ceefb101df259d95a91_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:3b228ebc41380285e3a91ab57a7a55112092d6d65cf8afb025847055517c719e_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:5b80dc7f0c607134f663ca082df07c159ddacb688c6252dbc2f535bc1e825746_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:6a5619fee1fd7b916e32c0d263622ad11e35fb8f51d5adff05867337af78112b_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2167820"
}
],
"notes": [
{
"category": "description",
"text": "An information disclosure flaw was found in Argo CD. This issue may allow unauthorized users to enumerate application names by inspecting API error messages and could use the discovered application names as the starting point of another attack. For example, the attacker might use their knowledge of an application name to convince an administrator to grant higher privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:1adeecbe2a1b13b1ccbaca6de748eebea17612c78ffaa45274dcb564e6997524_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:aae43c32dc5da71ba9be9efd495ccde25535cdbbe1d78917f48d8fcfed269222_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:eee39439704ffea3376cdd686392dedb4e5ed25280e217167b8b2223286a3f32_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:f59359e26a0cc57d4e3abe640284c7ba980e72b830f480fa91825c88ecd062e4_arm64"
],
"known_not_affected": [
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:1ab2110a22912acf77fdf8dbfd801cfffea1bed67715629cfdc03e23c882d318_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:2eabb947c4943a288c1c549ee601c853d138107414142c43be82b007af0bb9ce_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:6af1ef2d889dc40c21a1c277955a50bad53a612cb774b82718e1ffc042dc0bd7_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:fcd81ad2a1751443844553a0900a2dceae7e92843c97cd6aa3305560a976ca67_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:1f467badefe68f76de6da239a2ce7e7933b298d289738df1080d8d0c40a7349b_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:4db889fd9eb4c451d086f5f79f5eb850379f8a3f35c5fe67e47c538bdfbb8b1f_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:6346a5027982d911aa5cadc0a2b6d77b76a76a7563fa67e91395e1ba0e554019_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:6bc1a6010682bd80ae100455a934a92f37b13f70afa1038c8d8f10ec39727ee7_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-operator-bundle@sha256:273dcda07cdc475069a1dd41ecb2a91c51b2648f94eff57e9fd7e2e6aff75623_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:50c624fe3202213c4192a430edbebb00a3b00d492d6aee264acd7894a03b8e5d_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:7fb57dec46089f14b40b58a59bb3e007d2631e6afe2b210b8898be04d8d86459_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:86160eb773563bde3f59fef387fe50ede0bb5108f711aa1759bd48f557b72b99_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:f79bccbc97918a25339de9637fdba1f3362d6812d89a41c2a60e1d4264dfefca_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:21fdf98c4ba9c28533c02067dab1ef59f109d925650eeeaddec508f34d632b0d_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:b119feb01e5b2a97e9bd36ecca931cefaf154936110744b5b89968fddc2d9fef_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:e317827fc5621773fcd6cb653aca9e09a300999d427ee11f449812a5eb30bd64_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:eaf99c68a30acc85c02741572210811da7d34b7af728a29bef2b684bcc82a5e4_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:3aa62b6fd14d01200a4d92562ad91dee37a555968a451ceefb101df259d95a91_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:3b228ebc41380285e3a91ab57a7a55112092d6d65cf8afb025847055517c719e_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:5b80dc7f0c607134f663ca082df07c159ddacb688c6252dbc2f535bc1e825746_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:6a5619fee1fd7b916e32c0d263622ad11e35fb8f51d5adff05867337af78112b_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41354"
},
{
"category": "external",
"summary": "RHBZ#2167820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167820"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41354",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41354"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41354",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41354"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq",
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq"
}
],
"release_date": "2023-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-23T18:40:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:1adeecbe2a1b13b1ccbaca6de748eebea17612c78ffaa45274dcb564e6997524_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:aae43c32dc5da71ba9be9efd495ccde25535cdbbe1d78917f48d8fcfed269222_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:eee39439704ffea3376cdd686392dedb4e5ed25280e217167b8b2223286a3f32_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:f59359e26a0cc57d4e3abe640284c7ba980e72b830f480fa91825c88ecd062e4_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1452"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:1adeecbe2a1b13b1ccbaca6de748eebea17612c78ffaa45274dcb564e6997524_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:aae43c32dc5da71ba9be9efd495ccde25535cdbbe1d78917f48d8fcfed269222_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:eee39439704ffea3376cdd686392dedb4e5ed25280e217167b8b2223286a3f32_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:f59359e26a0cc57d4e3abe640284c7ba980e72b830f480fa91825c88ecd062e4_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API"
}
]
}
RHSA-2023:1454
Vulnerability from csaf_redhat
Published
2023-03-23 19:11
Modified
2024-11-22 22:23
Summary
Red Hat Security Advisory: Red Hat OpenShift GitOps security update
Notes
Topic
An update is now available for Red Hat OpenShift GitOps 1.7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Security Fix(es):
* ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API (CVE-2022-41354)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift GitOps 1.7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security Fix(es):\n\n* ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API (CVE-2022-41354)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:1454",
"url": "https://access.redhat.com/errata/RHSA-2023:1454"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2167820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167820"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1454.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift GitOps security update",
"tracking": {
"current_release_date": "2024-11-22T22:23:43+00:00",
"generator": {
"date": "2024-11-22T22:23:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2023:1454",
"initial_release_date": "2023-03-23T19:11:10+00:00",
"revision_history": [
{
"date": "2023-03-23T19:11:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-03-23T19:11:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T22:23:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.7",
"product": {
"name": "Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_gitops:1.7::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift GitOps"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.7.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a_s390x",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a_s390x",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.7.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.7.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080_s390x",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080_s390x",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.7.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779_s390x",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779_s390x",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.7.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.7.3-4"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.7.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e_amd64",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e_amd64",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.7.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.7.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134_amd64",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134_amd64",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.7.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f_amd64",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f_amd64",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.7.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219_amd64",
"product": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219_amd64",
"product_id": "openshift-gitops-1/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-operator-bundle\u0026tag=v1.7.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.7.3-4"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.7.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99_ppc64le",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99_ppc64le",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.7.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.7.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f_ppc64le",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f_ppc64le",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.7.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2_ppc64le",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2_ppc64le",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.7.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.7.3-4"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64 as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99_ppc64le as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99_ppc64le"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e_amd64 as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e_amd64"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e_amd64",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a_s390x as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a_s390x"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a_s390x",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080_s390x as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080_s390x"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080_s390x",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f_ppc64le as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f_ppc64le"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134_amd64 as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134_amd64"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134_amd64",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219_amd64 as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219_amd64"
},
"product_reference": "openshift-gitops-1/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219_amd64",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920_s390x as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920_s390x",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa_ppc64le as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce_amd64 as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce_amd64",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5_s390x as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5_s390x",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3_amd64 as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3_amd64",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341_ppc64le as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2_ppc64le as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2_ppc64le"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779_s390x as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779_s390x"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779_s390x",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f_amd64 as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f_amd64"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f_amd64",
"relates_to_product_reference": "8Base-GitOps-1.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-41354",
"discovery_date": "2023-02-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e_amd64",
"8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134_amd64",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219_amd64",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce_amd64",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3_amd64",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2167820"
}
],
"notes": [
{
"category": "description",
"text": "An information disclosure flaw was found in Argo CD. This issue may allow unauthorized users to enumerate application names by inspecting API error messages and could use the discovered application names as the starting point of another attack. For example, the attacker might use their knowledge of an application name to convince an administrator to grant higher privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64"
],
"known_not_affected": [
"8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e_amd64",
"8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134_amd64",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219_amd64",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce_amd64",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3_amd64",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41354"
},
{
"category": "external",
"summary": "RHBZ#2167820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167820"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41354",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41354"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41354",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41354"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq",
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq"
}
],
"release_date": "2023-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-23T19:11:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1454"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API"
}
]
}
RHSA-2023:1452
Vulnerability from csaf_redhat
Published
2023-03-23 18:40
Modified
2024-11-22 22:23
Summary
Red Hat Security Advisory: Red Hat OpenShift GitOps security update
Notes
Topic
An update is now available for Red Hat OpenShift GitOps 1.8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Security Fix(es):
* ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API (CVE-2022-41354)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift GitOps 1.8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security Fix(es):\n\n* ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API (CVE-2022-41354)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:1452",
"url": "https://access.redhat.com/errata/RHSA-2023:1452"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2167820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167820"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1452.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift GitOps security update",
"tracking": {
"current_release_date": "2024-11-22T22:23:34+00:00",
"generator": {
"date": "2024-11-22T22:23:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2023:1452",
"initial_release_date": "2023-03-23T18:40:37+00:00",
"revision_history": [
{
"date": "2023-03-23T18:40:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-03-23T18:40:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T22:23:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.8",
"product": {
"name": "Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_gitops:1.8::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift GitOps"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:1adeecbe2a1b13b1ccbaca6de748eebea17612c78ffaa45274dcb564e6997524_s390x",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:1adeecbe2a1b13b1ccbaca6de748eebea17612c78ffaa45274dcb564e6997524_s390x",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:1adeecbe2a1b13b1ccbaca6de748eebea17612c78ffaa45274dcb564e6997524_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:1adeecbe2a1b13b1ccbaca6de748eebea17612c78ffaa45274dcb564e6997524?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:6af1ef2d889dc40c21a1c277955a50bad53a612cb774b82718e1ffc042dc0bd7_s390x",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:6af1ef2d889dc40c21a1c277955a50bad53a612cb774b82718e1ffc042dc0bd7_s390x",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:6af1ef2d889dc40c21a1c277955a50bad53a612cb774b82718e1ffc042dc0bd7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:6af1ef2d889dc40c21a1c277955a50bad53a612cb774b82718e1ffc042dc0bd7?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:eaf99c68a30acc85c02741572210811da7d34b7af728a29bef2b684bcc82a5e4_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:eaf99c68a30acc85c02741572210811da7d34b7af728a29bef2b684bcc82a5e4_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:eaf99c68a30acc85c02741572210811da7d34b7af728a29bef2b684bcc82a5e4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:eaf99c68a30acc85c02741572210811da7d34b7af728a29bef2b684bcc82a5e4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:1f467badefe68f76de6da239a2ce7e7933b298d289738df1080d8d0c40a7349b_s390x",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:1f467badefe68f76de6da239a2ce7e7933b298d289738df1080d8d0c40a7349b_s390x",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:1f467badefe68f76de6da239a2ce7e7933b298d289738df1080d8d0c40a7349b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:1f467badefe68f76de6da239a2ce7e7933b298d289738df1080d8d0c40a7349b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:3aa62b6fd14d01200a4d92562ad91dee37a555968a451ceefb101df259d95a91_s390x",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:3aa62b6fd14d01200a4d92562ad91dee37a555968a451ceefb101df259d95a91_s390x",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:3aa62b6fd14d01200a4d92562ad91dee37a555968a451ceefb101df259d95a91_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:3aa62b6fd14d01200a4d92562ad91dee37a555968a451ceefb101df259d95a91?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:7fb57dec46089f14b40b58a59bb3e007d2631e6afe2b210b8898be04d8d86459_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:7fb57dec46089f14b40b58a59bb3e007d2631e6afe2b210b8898be04d8d86459_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:7fb57dec46089f14b40b58a59bb3e007d2631e6afe2b210b8898be04d8d86459_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:7fb57dec46089f14b40b58a59bb3e007d2631e6afe2b210b8898be04d8d86459?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.8.1-1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:eee39439704ffea3376cdd686392dedb4e5ed25280e217167b8b2223286a3f32_amd64",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:eee39439704ffea3376cdd686392dedb4e5ed25280e217167b8b2223286a3f32_amd64",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:eee39439704ffea3376cdd686392dedb4e5ed25280e217167b8b2223286a3f32_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:eee39439704ffea3376cdd686392dedb4e5ed25280e217167b8b2223286a3f32?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:2eabb947c4943a288c1c549ee601c853d138107414142c43be82b007af0bb9ce_amd64",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:2eabb947c4943a288c1c549ee601c853d138107414142c43be82b007af0bb9ce_amd64",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:2eabb947c4943a288c1c549ee601c853d138107414142c43be82b007af0bb9ce_amd64",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:2eabb947c4943a288c1c549ee601c853d138107414142c43be82b007af0bb9ce?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:b119feb01e5b2a97e9bd36ecca931cefaf154936110744b5b89968fddc2d9fef_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:b119feb01e5b2a97e9bd36ecca931cefaf154936110744b5b89968fddc2d9fef_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:b119feb01e5b2a97e9bd36ecca931cefaf154936110744b5b89968fddc2d9fef_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:b119feb01e5b2a97e9bd36ecca931cefaf154936110744b5b89968fddc2d9fef?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:6346a5027982d911aa5cadc0a2b6d77b76a76a7563fa67e91395e1ba0e554019_amd64",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:6346a5027982d911aa5cadc0a2b6d77b76a76a7563fa67e91395e1ba0e554019_amd64",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:6346a5027982d911aa5cadc0a2b6d77b76a76a7563fa67e91395e1ba0e554019_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:6346a5027982d911aa5cadc0a2b6d77b76a76a7563fa67e91395e1ba0e554019?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:3b228ebc41380285e3a91ab57a7a55112092d6d65cf8afb025847055517c719e_amd64",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:3b228ebc41380285e3a91ab57a7a55112092d6d65cf8afb025847055517c719e_amd64",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:3b228ebc41380285e3a91ab57a7a55112092d6d65cf8afb025847055517c719e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:3b228ebc41380285e3a91ab57a7a55112092d6d65cf8afb025847055517c719e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:273dcda07cdc475069a1dd41ecb2a91c51b2648f94eff57e9fd7e2e6aff75623_amd64",
"product": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:273dcda07cdc475069a1dd41ecb2a91c51b2648f94eff57e9fd7e2e6aff75623_amd64",
"product_id": "openshift-gitops-1/gitops-operator-bundle@sha256:273dcda07cdc475069a1dd41ecb2a91c51b2648f94eff57e9fd7e2e6aff75623_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-operator-bundle@sha256:273dcda07cdc475069a1dd41ecb2a91c51b2648f94eff57e9fd7e2e6aff75623?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-operator-bundle\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:f79bccbc97918a25339de9637fdba1f3362d6812d89a41c2a60e1d4264dfefca_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:f79bccbc97918a25339de9637fdba1f3362d6812d89a41c2a60e1d4264dfefca_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:f79bccbc97918a25339de9637fdba1f3362d6812d89a41c2a60e1d4264dfefca_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:f79bccbc97918a25339de9637fdba1f3362d6812d89a41c2a60e1d4264dfefca?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.8.1-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:f59359e26a0cc57d4e3abe640284c7ba980e72b830f480fa91825c88ecd062e4_arm64",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:f59359e26a0cc57d4e3abe640284c7ba980e72b830f480fa91825c88ecd062e4_arm64",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:f59359e26a0cc57d4e3abe640284c7ba980e72b830f480fa91825c88ecd062e4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:f59359e26a0cc57d4e3abe640284c7ba980e72b830f480fa91825c88ecd062e4?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:1ab2110a22912acf77fdf8dbfd801cfffea1bed67715629cfdc03e23c882d318_arm64",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:1ab2110a22912acf77fdf8dbfd801cfffea1bed67715629cfdc03e23c882d318_arm64",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:1ab2110a22912acf77fdf8dbfd801cfffea1bed67715629cfdc03e23c882d318_arm64",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:1ab2110a22912acf77fdf8dbfd801cfffea1bed67715629cfdc03e23c882d318?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:21fdf98c4ba9c28533c02067dab1ef59f109d925650eeeaddec508f34d632b0d_arm64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:21fdf98c4ba9c28533c02067dab1ef59f109d925650eeeaddec508f34d632b0d_arm64",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:21fdf98c4ba9c28533c02067dab1ef59f109d925650eeeaddec508f34d632b0d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:21fdf98c4ba9c28533c02067dab1ef59f109d925650eeeaddec508f34d632b0d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:6bc1a6010682bd80ae100455a934a92f37b13f70afa1038c8d8f10ec39727ee7_arm64",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:6bc1a6010682bd80ae100455a934a92f37b13f70afa1038c8d8f10ec39727ee7_arm64",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:6bc1a6010682bd80ae100455a934a92f37b13f70afa1038c8d8f10ec39727ee7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:6bc1a6010682bd80ae100455a934a92f37b13f70afa1038c8d8f10ec39727ee7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:5b80dc7f0c607134f663ca082df07c159ddacb688c6252dbc2f535bc1e825746_arm64",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:5b80dc7f0c607134f663ca082df07c159ddacb688c6252dbc2f535bc1e825746_arm64",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:5b80dc7f0c607134f663ca082df07c159ddacb688c6252dbc2f535bc1e825746_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:5b80dc7f0c607134f663ca082df07c159ddacb688c6252dbc2f535bc1e825746?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:86160eb773563bde3f59fef387fe50ede0bb5108f711aa1759bd48f557b72b99_arm64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:86160eb773563bde3f59fef387fe50ede0bb5108f711aa1759bd48f557b72b99_arm64",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:86160eb773563bde3f59fef387fe50ede0bb5108f711aa1759bd48f557b72b99_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:86160eb773563bde3f59fef387fe50ede0bb5108f711aa1759bd48f557b72b99?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.8.1-1"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:aae43c32dc5da71ba9be9efd495ccde25535cdbbe1d78917f48d8fcfed269222_ppc64le",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:aae43c32dc5da71ba9be9efd495ccde25535cdbbe1d78917f48d8fcfed269222_ppc64le",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:aae43c32dc5da71ba9be9efd495ccde25535cdbbe1d78917f48d8fcfed269222_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:aae43c32dc5da71ba9be9efd495ccde25535cdbbe1d78917f48d8fcfed269222?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:fcd81ad2a1751443844553a0900a2dceae7e92843c97cd6aa3305560a976ca67_ppc64le",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:fcd81ad2a1751443844553a0900a2dceae7e92843c97cd6aa3305560a976ca67_ppc64le",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:fcd81ad2a1751443844553a0900a2dceae7e92843c97cd6aa3305560a976ca67_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:fcd81ad2a1751443844553a0900a2dceae7e92843c97cd6aa3305560a976ca67?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:e317827fc5621773fcd6cb653aca9e09a300999d427ee11f449812a5eb30bd64_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:e317827fc5621773fcd6cb653aca9e09a300999d427ee11f449812a5eb30bd64_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:e317827fc5621773fcd6cb653aca9e09a300999d427ee11f449812a5eb30bd64_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:e317827fc5621773fcd6cb653aca9e09a300999d427ee11f449812a5eb30bd64?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:4db889fd9eb4c451d086f5f79f5eb850379f8a3f35c5fe67e47c538bdfbb8b1f_ppc64le",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:4db889fd9eb4c451d086f5f79f5eb850379f8a3f35c5fe67e47c538bdfbb8b1f_ppc64le",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:4db889fd9eb4c451d086f5f79f5eb850379f8a3f35c5fe67e47c538bdfbb8b1f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:4db889fd9eb4c451d086f5f79f5eb850379f8a3f35c5fe67e47c538bdfbb8b1f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:6a5619fee1fd7b916e32c0d263622ad11e35fb8f51d5adff05867337af78112b_ppc64le",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:6a5619fee1fd7b916e32c0d263622ad11e35fb8f51d5adff05867337af78112b_ppc64le",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:6a5619fee1fd7b916e32c0d263622ad11e35fb8f51d5adff05867337af78112b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:6a5619fee1fd7b916e32c0d263622ad11e35fb8f51d5adff05867337af78112b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:50c624fe3202213c4192a430edbebb00a3b00d492d6aee264acd7894a03b8e5d_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:50c624fe3202213c4192a430edbebb00a3b00d492d6aee264acd7894a03b8e5d_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:50c624fe3202213c4192a430edbebb00a3b00d492d6aee264acd7894a03b8e5d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:50c624fe3202213c4192a430edbebb00a3b00d492d6aee264acd7894a03b8e5d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.8.1-1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:1adeecbe2a1b13b1ccbaca6de748eebea17612c78ffaa45274dcb564e6997524_s390x as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:1adeecbe2a1b13b1ccbaca6de748eebea17612c78ffaa45274dcb564e6997524_s390x"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:1adeecbe2a1b13b1ccbaca6de748eebea17612c78ffaa45274dcb564e6997524_s390x",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:aae43c32dc5da71ba9be9efd495ccde25535cdbbe1d78917f48d8fcfed269222_ppc64le as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:aae43c32dc5da71ba9be9efd495ccde25535cdbbe1d78917f48d8fcfed269222_ppc64le"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:aae43c32dc5da71ba9be9efd495ccde25535cdbbe1d78917f48d8fcfed269222_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:eee39439704ffea3376cdd686392dedb4e5ed25280e217167b8b2223286a3f32_amd64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:eee39439704ffea3376cdd686392dedb4e5ed25280e217167b8b2223286a3f32_amd64"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:eee39439704ffea3376cdd686392dedb4e5ed25280e217167b8b2223286a3f32_amd64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:f59359e26a0cc57d4e3abe640284c7ba980e72b830f480fa91825c88ecd062e4_arm64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:f59359e26a0cc57d4e3abe640284c7ba980e72b830f480fa91825c88ecd062e4_arm64"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:f59359e26a0cc57d4e3abe640284c7ba980e72b830f480fa91825c88ecd062e4_arm64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:1ab2110a22912acf77fdf8dbfd801cfffea1bed67715629cfdc03e23c882d318_arm64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:1ab2110a22912acf77fdf8dbfd801cfffea1bed67715629cfdc03e23c882d318_arm64"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:1ab2110a22912acf77fdf8dbfd801cfffea1bed67715629cfdc03e23c882d318_arm64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:2eabb947c4943a288c1c549ee601c853d138107414142c43be82b007af0bb9ce_amd64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:2eabb947c4943a288c1c549ee601c853d138107414142c43be82b007af0bb9ce_amd64"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:2eabb947c4943a288c1c549ee601c853d138107414142c43be82b007af0bb9ce_amd64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:6af1ef2d889dc40c21a1c277955a50bad53a612cb774b82718e1ffc042dc0bd7_s390x as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:6af1ef2d889dc40c21a1c277955a50bad53a612cb774b82718e1ffc042dc0bd7_s390x"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:6af1ef2d889dc40c21a1c277955a50bad53a612cb774b82718e1ffc042dc0bd7_s390x",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:fcd81ad2a1751443844553a0900a2dceae7e92843c97cd6aa3305560a976ca67_ppc64le as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:fcd81ad2a1751443844553a0900a2dceae7e92843c97cd6aa3305560a976ca67_ppc64le"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:fcd81ad2a1751443844553a0900a2dceae7e92843c97cd6aa3305560a976ca67_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:1f467badefe68f76de6da239a2ce7e7933b298d289738df1080d8d0c40a7349b_s390x as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:1f467badefe68f76de6da239a2ce7e7933b298d289738df1080d8d0c40a7349b_s390x"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:1f467badefe68f76de6da239a2ce7e7933b298d289738df1080d8d0c40a7349b_s390x",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:4db889fd9eb4c451d086f5f79f5eb850379f8a3f35c5fe67e47c538bdfbb8b1f_ppc64le as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:4db889fd9eb4c451d086f5f79f5eb850379f8a3f35c5fe67e47c538bdfbb8b1f_ppc64le"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:4db889fd9eb4c451d086f5f79f5eb850379f8a3f35c5fe67e47c538bdfbb8b1f_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:6346a5027982d911aa5cadc0a2b6d77b76a76a7563fa67e91395e1ba0e554019_amd64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:6346a5027982d911aa5cadc0a2b6d77b76a76a7563fa67e91395e1ba0e554019_amd64"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:6346a5027982d911aa5cadc0a2b6d77b76a76a7563fa67e91395e1ba0e554019_amd64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:6bc1a6010682bd80ae100455a934a92f37b13f70afa1038c8d8f10ec39727ee7_arm64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:6bc1a6010682bd80ae100455a934a92f37b13f70afa1038c8d8f10ec39727ee7_arm64"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:6bc1a6010682bd80ae100455a934a92f37b13f70afa1038c8d8f10ec39727ee7_arm64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:273dcda07cdc475069a1dd41ecb2a91c51b2648f94eff57e9fd7e2e6aff75623_amd64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-operator-bundle@sha256:273dcda07cdc475069a1dd41ecb2a91c51b2648f94eff57e9fd7e2e6aff75623_amd64"
},
"product_reference": "openshift-gitops-1/gitops-operator-bundle@sha256:273dcda07cdc475069a1dd41ecb2a91c51b2648f94eff57e9fd7e2e6aff75623_amd64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:50c624fe3202213c4192a430edbebb00a3b00d492d6aee264acd7894a03b8e5d_ppc64le as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:50c624fe3202213c4192a430edbebb00a3b00d492d6aee264acd7894a03b8e5d_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:50c624fe3202213c4192a430edbebb00a3b00d492d6aee264acd7894a03b8e5d_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:7fb57dec46089f14b40b58a59bb3e007d2631e6afe2b210b8898be04d8d86459_s390x as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:7fb57dec46089f14b40b58a59bb3e007d2631e6afe2b210b8898be04d8d86459_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:7fb57dec46089f14b40b58a59bb3e007d2631e6afe2b210b8898be04d8d86459_s390x",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:86160eb773563bde3f59fef387fe50ede0bb5108f711aa1759bd48f557b72b99_arm64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:86160eb773563bde3f59fef387fe50ede0bb5108f711aa1759bd48f557b72b99_arm64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:86160eb773563bde3f59fef387fe50ede0bb5108f711aa1759bd48f557b72b99_arm64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:f79bccbc97918a25339de9637fdba1f3362d6812d89a41c2a60e1d4264dfefca_amd64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:f79bccbc97918a25339de9637fdba1f3362d6812d89a41c2a60e1d4264dfefca_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:f79bccbc97918a25339de9637fdba1f3362d6812d89a41c2a60e1d4264dfefca_amd64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:21fdf98c4ba9c28533c02067dab1ef59f109d925650eeeaddec508f34d632b0d_arm64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:21fdf98c4ba9c28533c02067dab1ef59f109d925650eeeaddec508f34d632b0d_arm64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:21fdf98c4ba9c28533c02067dab1ef59f109d925650eeeaddec508f34d632b0d_arm64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:b119feb01e5b2a97e9bd36ecca931cefaf154936110744b5b89968fddc2d9fef_amd64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:b119feb01e5b2a97e9bd36ecca931cefaf154936110744b5b89968fddc2d9fef_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:b119feb01e5b2a97e9bd36ecca931cefaf154936110744b5b89968fddc2d9fef_amd64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:e317827fc5621773fcd6cb653aca9e09a300999d427ee11f449812a5eb30bd64_ppc64le as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:e317827fc5621773fcd6cb653aca9e09a300999d427ee11f449812a5eb30bd64_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:e317827fc5621773fcd6cb653aca9e09a300999d427ee11f449812a5eb30bd64_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:eaf99c68a30acc85c02741572210811da7d34b7af728a29bef2b684bcc82a5e4_s390x as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:eaf99c68a30acc85c02741572210811da7d34b7af728a29bef2b684bcc82a5e4_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:eaf99c68a30acc85c02741572210811da7d34b7af728a29bef2b684bcc82a5e4_s390x",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:3aa62b6fd14d01200a4d92562ad91dee37a555968a451ceefb101df259d95a91_s390x as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:3aa62b6fd14d01200a4d92562ad91dee37a555968a451ceefb101df259d95a91_s390x"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:3aa62b6fd14d01200a4d92562ad91dee37a555968a451ceefb101df259d95a91_s390x",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:3b228ebc41380285e3a91ab57a7a55112092d6d65cf8afb025847055517c719e_amd64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:3b228ebc41380285e3a91ab57a7a55112092d6d65cf8afb025847055517c719e_amd64"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:3b228ebc41380285e3a91ab57a7a55112092d6d65cf8afb025847055517c719e_amd64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:5b80dc7f0c607134f663ca082df07c159ddacb688c6252dbc2f535bc1e825746_arm64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:5b80dc7f0c607134f663ca082df07c159ddacb688c6252dbc2f535bc1e825746_arm64"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:5b80dc7f0c607134f663ca082df07c159ddacb688c6252dbc2f535bc1e825746_arm64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:6a5619fee1fd7b916e32c0d263622ad11e35fb8f51d5adff05867337af78112b_ppc64le as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:6a5619fee1fd7b916e32c0d263622ad11e35fb8f51d5adff05867337af78112b_ppc64le"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:6a5619fee1fd7b916e32c0d263622ad11e35fb8f51d5adff05867337af78112b_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-41354",
"discovery_date": "2023-02-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:1ab2110a22912acf77fdf8dbfd801cfffea1bed67715629cfdc03e23c882d318_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:2eabb947c4943a288c1c549ee601c853d138107414142c43be82b007af0bb9ce_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:6af1ef2d889dc40c21a1c277955a50bad53a612cb774b82718e1ffc042dc0bd7_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:fcd81ad2a1751443844553a0900a2dceae7e92843c97cd6aa3305560a976ca67_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:1f467badefe68f76de6da239a2ce7e7933b298d289738df1080d8d0c40a7349b_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:4db889fd9eb4c451d086f5f79f5eb850379f8a3f35c5fe67e47c538bdfbb8b1f_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:6346a5027982d911aa5cadc0a2b6d77b76a76a7563fa67e91395e1ba0e554019_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:6bc1a6010682bd80ae100455a934a92f37b13f70afa1038c8d8f10ec39727ee7_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-operator-bundle@sha256:273dcda07cdc475069a1dd41ecb2a91c51b2648f94eff57e9fd7e2e6aff75623_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:50c624fe3202213c4192a430edbebb00a3b00d492d6aee264acd7894a03b8e5d_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:7fb57dec46089f14b40b58a59bb3e007d2631e6afe2b210b8898be04d8d86459_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:86160eb773563bde3f59fef387fe50ede0bb5108f711aa1759bd48f557b72b99_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:f79bccbc97918a25339de9637fdba1f3362d6812d89a41c2a60e1d4264dfefca_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:21fdf98c4ba9c28533c02067dab1ef59f109d925650eeeaddec508f34d632b0d_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:b119feb01e5b2a97e9bd36ecca931cefaf154936110744b5b89968fddc2d9fef_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:e317827fc5621773fcd6cb653aca9e09a300999d427ee11f449812a5eb30bd64_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:eaf99c68a30acc85c02741572210811da7d34b7af728a29bef2b684bcc82a5e4_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:3aa62b6fd14d01200a4d92562ad91dee37a555968a451ceefb101df259d95a91_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:3b228ebc41380285e3a91ab57a7a55112092d6d65cf8afb025847055517c719e_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:5b80dc7f0c607134f663ca082df07c159ddacb688c6252dbc2f535bc1e825746_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:6a5619fee1fd7b916e32c0d263622ad11e35fb8f51d5adff05867337af78112b_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2167820"
}
],
"notes": [
{
"category": "description",
"text": "An information disclosure flaw was found in Argo CD. This issue may allow unauthorized users to enumerate application names by inspecting API error messages and could use the discovered application names as the starting point of another attack. For example, the attacker might use their knowledge of an application name to convince an administrator to grant higher privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:1adeecbe2a1b13b1ccbaca6de748eebea17612c78ffaa45274dcb564e6997524_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:aae43c32dc5da71ba9be9efd495ccde25535cdbbe1d78917f48d8fcfed269222_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:eee39439704ffea3376cdd686392dedb4e5ed25280e217167b8b2223286a3f32_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:f59359e26a0cc57d4e3abe640284c7ba980e72b830f480fa91825c88ecd062e4_arm64"
],
"known_not_affected": [
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:1ab2110a22912acf77fdf8dbfd801cfffea1bed67715629cfdc03e23c882d318_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:2eabb947c4943a288c1c549ee601c853d138107414142c43be82b007af0bb9ce_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:6af1ef2d889dc40c21a1c277955a50bad53a612cb774b82718e1ffc042dc0bd7_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:fcd81ad2a1751443844553a0900a2dceae7e92843c97cd6aa3305560a976ca67_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:1f467badefe68f76de6da239a2ce7e7933b298d289738df1080d8d0c40a7349b_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:4db889fd9eb4c451d086f5f79f5eb850379f8a3f35c5fe67e47c538bdfbb8b1f_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:6346a5027982d911aa5cadc0a2b6d77b76a76a7563fa67e91395e1ba0e554019_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:6bc1a6010682bd80ae100455a934a92f37b13f70afa1038c8d8f10ec39727ee7_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-operator-bundle@sha256:273dcda07cdc475069a1dd41ecb2a91c51b2648f94eff57e9fd7e2e6aff75623_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:50c624fe3202213c4192a430edbebb00a3b00d492d6aee264acd7894a03b8e5d_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:7fb57dec46089f14b40b58a59bb3e007d2631e6afe2b210b8898be04d8d86459_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:86160eb773563bde3f59fef387fe50ede0bb5108f711aa1759bd48f557b72b99_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:f79bccbc97918a25339de9637fdba1f3362d6812d89a41c2a60e1d4264dfefca_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:21fdf98c4ba9c28533c02067dab1ef59f109d925650eeeaddec508f34d632b0d_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:b119feb01e5b2a97e9bd36ecca931cefaf154936110744b5b89968fddc2d9fef_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:e317827fc5621773fcd6cb653aca9e09a300999d427ee11f449812a5eb30bd64_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:eaf99c68a30acc85c02741572210811da7d34b7af728a29bef2b684bcc82a5e4_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:3aa62b6fd14d01200a4d92562ad91dee37a555968a451ceefb101df259d95a91_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:3b228ebc41380285e3a91ab57a7a55112092d6d65cf8afb025847055517c719e_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:5b80dc7f0c607134f663ca082df07c159ddacb688c6252dbc2f535bc1e825746_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:6a5619fee1fd7b916e32c0d263622ad11e35fb8f51d5adff05867337af78112b_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41354"
},
{
"category": "external",
"summary": "RHBZ#2167820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167820"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41354",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41354"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41354",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41354"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq",
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq"
}
],
"release_date": "2023-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-23T18:40:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:1adeecbe2a1b13b1ccbaca6de748eebea17612c78ffaa45274dcb564e6997524_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:aae43c32dc5da71ba9be9efd495ccde25535cdbbe1d78917f48d8fcfed269222_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:eee39439704ffea3376cdd686392dedb4e5ed25280e217167b8b2223286a3f32_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:f59359e26a0cc57d4e3abe640284c7ba980e72b830f480fa91825c88ecd062e4_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1452"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:1adeecbe2a1b13b1ccbaca6de748eebea17612c78ffaa45274dcb564e6997524_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:aae43c32dc5da71ba9be9efd495ccde25535cdbbe1d78917f48d8fcfed269222_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:eee39439704ffea3376cdd686392dedb4e5ed25280e217167b8b2223286a3f32_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:f59359e26a0cc57d4e3abe640284c7ba980e72b830f480fa91825c88ecd062e4_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API"
}
]
}
rhsa-2023:1453
Vulnerability from csaf_redhat
Published
2023-03-23 18:46
Modified
2024-11-22 22:23
Summary
Red Hat Security Advisory: Red Hat OpenShift GitOps security update
Notes
Topic
An update is now available for Red Hat OpenShift GitOps 1.6.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Security Fix(es):
* ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API (CVE-2022-41354)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift GitOps 1.6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security Fix(es):\n\n* ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API (CVE-2022-41354)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:1453",
"url": "https://access.redhat.com/errata/RHSA-2023:1453"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2167820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167820"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1453.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift GitOps security update",
"tracking": {
"current_release_date": "2024-11-22T22:23:53+00:00",
"generator": {
"date": "2024-11-22T22:23:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2023:1453",
"initial_release_date": "2023-03-23T18:46:43+00:00",
"revision_history": [
{
"date": "2023-03-23T18:46:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-03-23T18:46:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T22:23:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.6",
"product": {
"name": "Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_gitops:1.6::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift GitOps"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:363e64753141b70b05cbe1a212aa4626cd7001e136d2a7a30ce995acefb79918_s390x",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:363e64753141b70b05cbe1a212aa4626cd7001e136d2a7a30ce995acefb79918_s390x",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:363e64753141b70b05cbe1a212aa4626cd7001e136d2a7a30ce995acefb79918_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:363e64753141b70b05cbe1a212aa4626cd7001e136d2a7a30ce995acefb79918?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:cfd94ed64a41fd2aa9c73d5f125eda68da3c6a920270eb3e2a603fae15caad11_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:cfd94ed64a41fd2aa9c73d5f125eda68da3c6a920270eb3e2a603fae15caad11_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:cfd94ed64a41fd2aa9c73d5f125eda68da3c6a920270eb3e2a603fae15caad11_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:cfd94ed64a41fd2aa9c73d5f125eda68da3c6a920270eb3e2a603fae15caad11?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:74c182734ae54034b314c9b2adc0c3ef74688e3a5ec3c05b8cc0f07ef88460a4_s390x",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:74c182734ae54034b314c9b2adc0c3ef74688e3a5ec3c05b8cc0f07ef88460a4_s390x",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:74c182734ae54034b314c9b2adc0c3ef74688e3a5ec3c05b8cc0f07ef88460a4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:74c182734ae54034b314c9b2adc0c3ef74688e3a5ec3c05b8cc0f07ef88460a4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:99c4f2d3c76af623dcc2f362ce5342d6e3ca5f68985990347192e7757557b7b4_s390x",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:99c4f2d3c76af623dcc2f362ce5342d6e3ca5f68985990347192e7757557b7b4_s390x",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:99c4f2d3c76af623dcc2f362ce5342d6e3ca5f68985990347192e7757557b7b4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:99c4f2d3c76af623dcc2f362ce5342d6e3ca5f68985990347192e7757557b7b4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:04a3258fe00fe8ea9e0b48e5911a7c148f6c6dbc0cbb2d5b6d5071d0f27064b2_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:04a3258fe00fe8ea9e0b48e5911a7c148f6c6dbc0cbb2d5b6d5071d0f27064b2_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:04a3258fe00fe8ea9e0b48e5911a7c148f6c6dbc0cbb2d5b6d5071d0f27064b2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:04a3258fe00fe8ea9e0b48e5911a7c148f6c6dbc0cbb2d5b6d5071d0f27064b2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.6.6-1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:79c519c218fd5f3ec14b2f9b263553626ca3bc05141463a5deb9814644291044_ppc64le",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:79c519c218fd5f3ec14b2f9b263553626ca3bc05141463a5deb9814644291044_ppc64le",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:79c519c218fd5f3ec14b2f9b263553626ca3bc05141463a5deb9814644291044_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:79c519c218fd5f3ec14b2f9b263553626ca3bc05141463a5deb9814644291044?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:77a0917c97f5aa5430693c00653fe066f90de786911e6b2744ed8fc2dec69e81_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:77a0917c97f5aa5430693c00653fe066f90de786911e6b2744ed8fc2dec69e81_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:77a0917c97f5aa5430693c00653fe066f90de786911e6b2744ed8fc2dec69e81_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:77a0917c97f5aa5430693c00653fe066f90de786911e6b2744ed8fc2dec69e81?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:ad064ab1165f73f00ca1984a4736738a7fbfe9771ceda37043118333a6801e50_ppc64le",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:ad064ab1165f73f00ca1984a4736738a7fbfe9771ceda37043118333a6801e50_ppc64le",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:ad064ab1165f73f00ca1984a4736738a7fbfe9771ceda37043118333a6801e50_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:ad064ab1165f73f00ca1984a4736738a7fbfe9771ceda37043118333a6801e50?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:9e2d4d35ed9e9155311c4c0823ca6f471968d3c668f41d4ae6a88772fee949fa_ppc64le",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:9e2d4d35ed9e9155311c4c0823ca6f471968d3c668f41d4ae6a88772fee949fa_ppc64le",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:9e2d4d35ed9e9155311c4c0823ca6f471968d3c668f41d4ae6a88772fee949fa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:9e2d4d35ed9e9155311c4c0823ca6f471968d3c668f41d4ae6a88772fee949fa?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:a807e500c68bc01c05cc7614adf973eb383384b5ba907be9e158fdaf76737fbe_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:a807e500c68bc01c05cc7614adf973eb383384b5ba907be9e158fdaf76737fbe_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:a807e500c68bc01c05cc7614adf973eb383384b5ba907be9e158fdaf76737fbe_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:a807e500c68bc01c05cc7614adf973eb383384b5ba907be9e158fdaf76737fbe?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.6.6-1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:1bd43dbaa0b53789699d46e22280ffb314a589caa924b713c55d3ff0f3579cf3_amd64",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:1bd43dbaa0b53789699d46e22280ffb314a589caa924b713c55d3ff0f3579cf3_amd64",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:1bd43dbaa0b53789699d46e22280ffb314a589caa924b713c55d3ff0f3579cf3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:1bd43dbaa0b53789699d46e22280ffb314a589caa924b713c55d3ff0f3579cf3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:3b5b34b740ddb442af9eee77e47c009710c953cdd1c7998d946c115c71250b86_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:3b5b34b740ddb442af9eee77e47c009710c953cdd1c7998d946c115c71250b86_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:3b5b34b740ddb442af9eee77e47c009710c953cdd1c7998d946c115c71250b86_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:3b5b34b740ddb442af9eee77e47c009710c953cdd1c7998d946c115c71250b86?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:e4a938f215d754b1de7c974b1b43e5959def4b3224907ab5fd30ca44d0c4f0bc_amd64",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:e4a938f215d754b1de7c974b1b43e5959def4b3224907ab5fd30ca44d0c4f0bc_amd64",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:e4a938f215d754b1de7c974b1b43e5959def4b3224907ab5fd30ca44d0c4f0bc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:e4a938f215d754b1de7c974b1b43e5959def4b3224907ab5fd30ca44d0c4f0bc?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:46fcd72037b36b4201d9b69c553efa843eeb84ccc276d42ace16c9b3ba16000e_amd64",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:46fcd72037b36b4201d9b69c553efa843eeb84ccc276d42ace16c9b3ba16000e_amd64",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:46fcd72037b36b4201d9b69c553efa843eeb84ccc276d42ace16c9b3ba16000e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:46fcd72037b36b4201d9b69c553efa843eeb84ccc276d42ace16c9b3ba16000e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:b22190de3162d3e03481cae8904ce563912756eea7ac7e7feec0acbbdae5e6f6_amd64",
"product": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:b22190de3162d3e03481cae8904ce563912756eea7ac7e7feec0acbbdae5e6f6_amd64",
"product_id": "openshift-gitops-1/gitops-operator-bundle@sha256:b22190de3162d3e03481cae8904ce563912756eea7ac7e7feec0acbbdae5e6f6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-operator-bundle@sha256:b22190de3162d3e03481cae8904ce563912756eea7ac7e7feec0acbbdae5e6f6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-operator-bundle\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:8c7dcf0bc33c767474b7a637a6dd744b0b677011ac9cdc3471c889611e265046_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:8c7dcf0bc33c767474b7a637a6dd744b0b677011ac9cdc3471c889611e265046_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:8c7dcf0bc33c767474b7a637a6dd744b0b677011ac9cdc3471c889611e265046_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:8c7dcf0bc33c767474b7a637a6dd744b0b677011ac9cdc3471c889611e265046?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.6.6-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:1bd43dbaa0b53789699d46e22280ffb314a589caa924b713c55d3ff0f3579cf3_amd64 as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:1bd43dbaa0b53789699d46e22280ffb314a589caa924b713c55d3ff0f3579cf3_amd64"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:1bd43dbaa0b53789699d46e22280ffb314a589caa924b713c55d3ff0f3579cf3_amd64",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:363e64753141b70b05cbe1a212aa4626cd7001e136d2a7a30ce995acefb79918_s390x as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:363e64753141b70b05cbe1a212aa4626cd7001e136d2a7a30ce995acefb79918_s390x"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:363e64753141b70b05cbe1a212aa4626cd7001e136d2a7a30ce995acefb79918_s390x",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:79c519c218fd5f3ec14b2f9b263553626ca3bc05141463a5deb9814644291044_ppc64le as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:79c519c218fd5f3ec14b2f9b263553626ca3bc05141463a5deb9814644291044_ppc64le"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:79c519c218fd5f3ec14b2f9b263553626ca3bc05141463a5deb9814644291044_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:74c182734ae54034b314c9b2adc0c3ef74688e3a5ec3c05b8cc0f07ef88460a4_s390x as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:74c182734ae54034b314c9b2adc0c3ef74688e3a5ec3c05b8cc0f07ef88460a4_s390x"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:74c182734ae54034b314c9b2adc0c3ef74688e3a5ec3c05b8cc0f07ef88460a4_s390x",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:ad064ab1165f73f00ca1984a4736738a7fbfe9771ceda37043118333a6801e50_ppc64le as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:ad064ab1165f73f00ca1984a4736738a7fbfe9771ceda37043118333a6801e50_ppc64le"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:ad064ab1165f73f00ca1984a4736738a7fbfe9771ceda37043118333a6801e50_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:e4a938f215d754b1de7c974b1b43e5959def4b3224907ab5fd30ca44d0c4f0bc_amd64 as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:e4a938f215d754b1de7c974b1b43e5959def4b3224907ab5fd30ca44d0c4f0bc_amd64"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:e4a938f215d754b1de7c974b1b43e5959def4b3224907ab5fd30ca44d0c4f0bc_amd64",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:b22190de3162d3e03481cae8904ce563912756eea7ac7e7feec0acbbdae5e6f6_amd64 as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/gitops-operator-bundle@sha256:b22190de3162d3e03481cae8904ce563912756eea7ac7e7feec0acbbdae5e6f6_amd64"
},
"product_reference": "openshift-gitops-1/gitops-operator-bundle@sha256:b22190de3162d3e03481cae8904ce563912756eea7ac7e7feec0acbbdae5e6f6_amd64",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:04a3258fe00fe8ea9e0b48e5911a7c148f6c6dbc0cbb2d5b6d5071d0f27064b2_s390x as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:04a3258fe00fe8ea9e0b48e5911a7c148f6c6dbc0cbb2d5b6d5071d0f27064b2_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:04a3258fe00fe8ea9e0b48e5911a7c148f6c6dbc0cbb2d5b6d5071d0f27064b2_s390x",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:8c7dcf0bc33c767474b7a637a6dd744b0b677011ac9cdc3471c889611e265046_amd64 as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:8c7dcf0bc33c767474b7a637a6dd744b0b677011ac9cdc3471c889611e265046_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:8c7dcf0bc33c767474b7a637a6dd744b0b677011ac9cdc3471c889611e265046_amd64",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:a807e500c68bc01c05cc7614adf973eb383384b5ba907be9e158fdaf76737fbe_ppc64le as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:a807e500c68bc01c05cc7614adf973eb383384b5ba907be9e158fdaf76737fbe_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:a807e500c68bc01c05cc7614adf973eb383384b5ba907be9e158fdaf76737fbe_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:3b5b34b740ddb442af9eee77e47c009710c953cdd1c7998d946c115c71250b86_amd64 as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:3b5b34b740ddb442af9eee77e47c009710c953cdd1c7998d946c115c71250b86_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:3b5b34b740ddb442af9eee77e47c009710c953cdd1c7998d946c115c71250b86_amd64",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:77a0917c97f5aa5430693c00653fe066f90de786911e6b2744ed8fc2dec69e81_ppc64le as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:77a0917c97f5aa5430693c00653fe066f90de786911e6b2744ed8fc2dec69e81_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:77a0917c97f5aa5430693c00653fe066f90de786911e6b2744ed8fc2dec69e81_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:cfd94ed64a41fd2aa9c73d5f125eda68da3c6a920270eb3e2a603fae15caad11_s390x as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:cfd94ed64a41fd2aa9c73d5f125eda68da3c6a920270eb3e2a603fae15caad11_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:cfd94ed64a41fd2aa9c73d5f125eda68da3c6a920270eb3e2a603fae15caad11_s390x",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:46fcd72037b36b4201d9b69c553efa843eeb84ccc276d42ace16c9b3ba16000e_amd64 as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:46fcd72037b36b4201d9b69c553efa843eeb84ccc276d42ace16c9b3ba16000e_amd64"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:46fcd72037b36b4201d9b69c553efa843eeb84ccc276d42ace16c9b3ba16000e_amd64",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:99c4f2d3c76af623dcc2f362ce5342d6e3ca5f68985990347192e7757557b7b4_s390x as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:99c4f2d3c76af623dcc2f362ce5342d6e3ca5f68985990347192e7757557b7b4_s390x"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:99c4f2d3c76af623dcc2f362ce5342d6e3ca5f68985990347192e7757557b7b4_s390x",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:9e2d4d35ed9e9155311c4c0823ca6f471968d3c668f41d4ae6a88772fee949fa_ppc64le as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:9e2d4d35ed9e9155311c4c0823ca6f471968d3c668f41d4ae6a88772fee949fa_ppc64le"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:9e2d4d35ed9e9155311c4c0823ca6f471968d3c668f41d4ae6a88772fee949fa_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-41354",
"discovery_date": "2023-02-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:74c182734ae54034b314c9b2adc0c3ef74688e3a5ec3c05b8cc0f07ef88460a4_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:ad064ab1165f73f00ca1984a4736738a7fbfe9771ceda37043118333a6801e50_ppc64le",
"8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:e4a938f215d754b1de7c974b1b43e5959def4b3224907ab5fd30ca44d0c4f0bc_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-operator-bundle@sha256:b22190de3162d3e03481cae8904ce563912756eea7ac7e7feec0acbbdae5e6f6_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:04a3258fe00fe8ea9e0b48e5911a7c148f6c6dbc0cbb2d5b6d5071d0f27064b2_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:8c7dcf0bc33c767474b7a637a6dd744b0b677011ac9cdc3471c889611e265046_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:a807e500c68bc01c05cc7614adf973eb383384b5ba907be9e158fdaf76737fbe_ppc64le",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:3b5b34b740ddb442af9eee77e47c009710c953cdd1c7998d946c115c71250b86_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:77a0917c97f5aa5430693c00653fe066f90de786911e6b2744ed8fc2dec69e81_ppc64le",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:cfd94ed64a41fd2aa9c73d5f125eda68da3c6a920270eb3e2a603fae15caad11_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:46fcd72037b36b4201d9b69c553efa843eeb84ccc276d42ace16c9b3ba16000e_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:99c4f2d3c76af623dcc2f362ce5342d6e3ca5f68985990347192e7757557b7b4_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:9e2d4d35ed9e9155311c4c0823ca6f471968d3c668f41d4ae6a88772fee949fa_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2167820"
}
],
"notes": [
{
"category": "description",
"text": "An information disclosure flaw was found in Argo CD. This issue may allow unauthorized users to enumerate application names by inspecting API error messages and could use the discovered application names as the starting point of another attack. For example, the attacker might use their knowledge of an application name to convince an administrator to grant higher privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:1bd43dbaa0b53789699d46e22280ffb314a589caa924b713c55d3ff0f3579cf3_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:363e64753141b70b05cbe1a212aa4626cd7001e136d2a7a30ce995acefb79918_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:79c519c218fd5f3ec14b2f9b263553626ca3bc05141463a5deb9814644291044_ppc64le"
],
"known_not_affected": [
"8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:74c182734ae54034b314c9b2adc0c3ef74688e3a5ec3c05b8cc0f07ef88460a4_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:ad064ab1165f73f00ca1984a4736738a7fbfe9771ceda37043118333a6801e50_ppc64le",
"8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:e4a938f215d754b1de7c974b1b43e5959def4b3224907ab5fd30ca44d0c4f0bc_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-operator-bundle@sha256:b22190de3162d3e03481cae8904ce563912756eea7ac7e7feec0acbbdae5e6f6_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:04a3258fe00fe8ea9e0b48e5911a7c148f6c6dbc0cbb2d5b6d5071d0f27064b2_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:8c7dcf0bc33c767474b7a637a6dd744b0b677011ac9cdc3471c889611e265046_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:a807e500c68bc01c05cc7614adf973eb383384b5ba907be9e158fdaf76737fbe_ppc64le",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:3b5b34b740ddb442af9eee77e47c009710c953cdd1c7998d946c115c71250b86_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:77a0917c97f5aa5430693c00653fe066f90de786911e6b2744ed8fc2dec69e81_ppc64le",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:cfd94ed64a41fd2aa9c73d5f125eda68da3c6a920270eb3e2a603fae15caad11_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:46fcd72037b36b4201d9b69c553efa843eeb84ccc276d42ace16c9b3ba16000e_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:99c4f2d3c76af623dcc2f362ce5342d6e3ca5f68985990347192e7757557b7b4_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:9e2d4d35ed9e9155311c4c0823ca6f471968d3c668f41d4ae6a88772fee949fa_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41354"
},
{
"category": "external",
"summary": "RHBZ#2167820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167820"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41354",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41354"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41354",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41354"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq",
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq"
}
],
"release_date": "2023-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-23T18:46:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:1bd43dbaa0b53789699d46e22280ffb314a589caa924b713c55d3ff0f3579cf3_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:363e64753141b70b05cbe1a212aa4626cd7001e136d2a7a30ce995acefb79918_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:79c519c218fd5f3ec14b2f9b263553626ca3bc05141463a5deb9814644291044_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1453"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:1bd43dbaa0b53789699d46e22280ffb314a589caa924b713c55d3ff0f3579cf3_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:363e64753141b70b05cbe1a212aa4626cd7001e136d2a7a30ce995acefb79918_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:79c519c218fd5f3ec14b2f9b263553626ca3bc05141463a5deb9814644291044_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API"
}
]
}
rhsa-2023_1454
Vulnerability from csaf_redhat
Published
2023-03-23 19:11
Modified
2024-11-22 22:23
Summary
Red Hat Security Advisory: Red Hat OpenShift GitOps security update
Notes
Topic
An update is now available for Red Hat OpenShift GitOps 1.7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Security Fix(es):
* ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API (CVE-2022-41354)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift GitOps 1.7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security Fix(es):\n\n* ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API (CVE-2022-41354)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:1454",
"url": "https://access.redhat.com/errata/RHSA-2023:1454"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2167820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167820"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1454.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift GitOps security update",
"tracking": {
"current_release_date": "2024-11-22T22:23:43+00:00",
"generator": {
"date": "2024-11-22T22:23:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2023:1454",
"initial_release_date": "2023-03-23T19:11:10+00:00",
"revision_history": [
{
"date": "2023-03-23T19:11:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-03-23T19:11:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T22:23:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.7",
"product": {
"name": "Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_gitops:1.7::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift GitOps"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.7.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a_s390x",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a_s390x",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.7.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.7.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080_s390x",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080_s390x",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.7.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779_s390x",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779_s390x",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.7.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.7.3-4"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.7.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e_amd64",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e_amd64",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.7.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.7.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134_amd64",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134_amd64",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.7.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f_amd64",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f_amd64",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.7.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219_amd64",
"product": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219_amd64",
"product_id": "openshift-gitops-1/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-operator-bundle\u0026tag=v1.7.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.7.3-4"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.7.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99_ppc64le",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99_ppc64le",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.7.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.7.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f_ppc64le",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f_ppc64le",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.7.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2_ppc64le",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2_ppc64le",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.7.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.7.3-4"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64 as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99_ppc64le as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99_ppc64le"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e_amd64 as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e_amd64"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e_amd64",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a_s390x as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a_s390x"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a_s390x",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080_s390x as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080_s390x"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080_s390x",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f_ppc64le as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f_ppc64le"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134_amd64 as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134_amd64"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134_amd64",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219_amd64 as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219_amd64"
},
"product_reference": "openshift-gitops-1/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219_amd64",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920_s390x as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920_s390x",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa_ppc64le as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce_amd64 as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce_amd64",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5_s390x as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5_s390x",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3_amd64 as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3_amd64",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341_ppc64le as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2_ppc64le as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2_ppc64le"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779_s390x as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779_s390x"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779_s390x",
"relates_to_product_reference": "8Base-GitOps-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f_amd64 as a component of Red Hat OpenShift GitOps 1.7",
"product_id": "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f_amd64"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f_amd64",
"relates_to_product_reference": "8Base-GitOps-1.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-41354",
"discovery_date": "2023-02-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e_amd64",
"8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134_amd64",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219_amd64",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce_amd64",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3_amd64",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2167820"
}
],
"notes": [
{
"category": "description",
"text": "An information disclosure flaw was found in Argo CD. This issue may allow unauthorized users to enumerate application names by inspecting API error messages and could use the discovered application names as the starting point of another attack. For example, the attacker might use their knowledge of an application name to convince an administrator to grant higher privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64"
],
"known_not_affected": [
"8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e_amd64",
"8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134_amd64",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219_amd64",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce_amd64",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3_amd64",
"8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41354"
},
{
"category": "external",
"summary": "RHBZ#2167820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167820"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41354",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41354"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41354",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41354"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq",
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq"
}
],
"release_date": "2023-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-23T19:11:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1454"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le",
"8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x",
"8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API"
}
]
}
RHSA-2023:1453
Vulnerability from csaf_redhat
Published
2023-03-23 18:46
Modified
2024-11-22 22:23
Summary
Red Hat Security Advisory: Red Hat OpenShift GitOps security update
Notes
Topic
An update is now available for Red Hat OpenShift GitOps 1.6.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Security Fix(es):
* ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API (CVE-2022-41354)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift GitOps 1.6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security Fix(es):\n\n* ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API (CVE-2022-41354)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:1453",
"url": "https://access.redhat.com/errata/RHSA-2023:1453"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2167820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167820"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1453.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift GitOps security update",
"tracking": {
"current_release_date": "2024-11-22T22:23:53+00:00",
"generator": {
"date": "2024-11-22T22:23:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2023:1453",
"initial_release_date": "2023-03-23T18:46:43+00:00",
"revision_history": [
{
"date": "2023-03-23T18:46:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-03-23T18:46:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T22:23:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.6",
"product": {
"name": "Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_gitops:1.6::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift GitOps"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:363e64753141b70b05cbe1a212aa4626cd7001e136d2a7a30ce995acefb79918_s390x",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:363e64753141b70b05cbe1a212aa4626cd7001e136d2a7a30ce995acefb79918_s390x",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:363e64753141b70b05cbe1a212aa4626cd7001e136d2a7a30ce995acefb79918_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:363e64753141b70b05cbe1a212aa4626cd7001e136d2a7a30ce995acefb79918?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:cfd94ed64a41fd2aa9c73d5f125eda68da3c6a920270eb3e2a603fae15caad11_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:cfd94ed64a41fd2aa9c73d5f125eda68da3c6a920270eb3e2a603fae15caad11_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:cfd94ed64a41fd2aa9c73d5f125eda68da3c6a920270eb3e2a603fae15caad11_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:cfd94ed64a41fd2aa9c73d5f125eda68da3c6a920270eb3e2a603fae15caad11?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:74c182734ae54034b314c9b2adc0c3ef74688e3a5ec3c05b8cc0f07ef88460a4_s390x",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:74c182734ae54034b314c9b2adc0c3ef74688e3a5ec3c05b8cc0f07ef88460a4_s390x",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:74c182734ae54034b314c9b2adc0c3ef74688e3a5ec3c05b8cc0f07ef88460a4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:74c182734ae54034b314c9b2adc0c3ef74688e3a5ec3c05b8cc0f07ef88460a4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:99c4f2d3c76af623dcc2f362ce5342d6e3ca5f68985990347192e7757557b7b4_s390x",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:99c4f2d3c76af623dcc2f362ce5342d6e3ca5f68985990347192e7757557b7b4_s390x",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:99c4f2d3c76af623dcc2f362ce5342d6e3ca5f68985990347192e7757557b7b4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:99c4f2d3c76af623dcc2f362ce5342d6e3ca5f68985990347192e7757557b7b4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:04a3258fe00fe8ea9e0b48e5911a7c148f6c6dbc0cbb2d5b6d5071d0f27064b2_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:04a3258fe00fe8ea9e0b48e5911a7c148f6c6dbc0cbb2d5b6d5071d0f27064b2_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:04a3258fe00fe8ea9e0b48e5911a7c148f6c6dbc0cbb2d5b6d5071d0f27064b2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:04a3258fe00fe8ea9e0b48e5911a7c148f6c6dbc0cbb2d5b6d5071d0f27064b2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.6.6-1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:79c519c218fd5f3ec14b2f9b263553626ca3bc05141463a5deb9814644291044_ppc64le",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:79c519c218fd5f3ec14b2f9b263553626ca3bc05141463a5deb9814644291044_ppc64le",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:79c519c218fd5f3ec14b2f9b263553626ca3bc05141463a5deb9814644291044_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:79c519c218fd5f3ec14b2f9b263553626ca3bc05141463a5deb9814644291044?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:77a0917c97f5aa5430693c00653fe066f90de786911e6b2744ed8fc2dec69e81_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:77a0917c97f5aa5430693c00653fe066f90de786911e6b2744ed8fc2dec69e81_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:77a0917c97f5aa5430693c00653fe066f90de786911e6b2744ed8fc2dec69e81_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:77a0917c97f5aa5430693c00653fe066f90de786911e6b2744ed8fc2dec69e81?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:ad064ab1165f73f00ca1984a4736738a7fbfe9771ceda37043118333a6801e50_ppc64le",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:ad064ab1165f73f00ca1984a4736738a7fbfe9771ceda37043118333a6801e50_ppc64le",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:ad064ab1165f73f00ca1984a4736738a7fbfe9771ceda37043118333a6801e50_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:ad064ab1165f73f00ca1984a4736738a7fbfe9771ceda37043118333a6801e50?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:9e2d4d35ed9e9155311c4c0823ca6f471968d3c668f41d4ae6a88772fee949fa_ppc64le",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:9e2d4d35ed9e9155311c4c0823ca6f471968d3c668f41d4ae6a88772fee949fa_ppc64le",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:9e2d4d35ed9e9155311c4c0823ca6f471968d3c668f41d4ae6a88772fee949fa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:9e2d4d35ed9e9155311c4c0823ca6f471968d3c668f41d4ae6a88772fee949fa?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:a807e500c68bc01c05cc7614adf973eb383384b5ba907be9e158fdaf76737fbe_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:a807e500c68bc01c05cc7614adf973eb383384b5ba907be9e158fdaf76737fbe_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:a807e500c68bc01c05cc7614adf973eb383384b5ba907be9e158fdaf76737fbe_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:a807e500c68bc01c05cc7614adf973eb383384b5ba907be9e158fdaf76737fbe?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.6.6-1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:1bd43dbaa0b53789699d46e22280ffb314a589caa924b713c55d3ff0f3579cf3_amd64",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:1bd43dbaa0b53789699d46e22280ffb314a589caa924b713c55d3ff0f3579cf3_amd64",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:1bd43dbaa0b53789699d46e22280ffb314a589caa924b713c55d3ff0f3579cf3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:1bd43dbaa0b53789699d46e22280ffb314a589caa924b713c55d3ff0f3579cf3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:3b5b34b740ddb442af9eee77e47c009710c953cdd1c7998d946c115c71250b86_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:3b5b34b740ddb442af9eee77e47c009710c953cdd1c7998d946c115c71250b86_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:3b5b34b740ddb442af9eee77e47c009710c953cdd1c7998d946c115c71250b86_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:3b5b34b740ddb442af9eee77e47c009710c953cdd1c7998d946c115c71250b86?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:e4a938f215d754b1de7c974b1b43e5959def4b3224907ab5fd30ca44d0c4f0bc_amd64",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:e4a938f215d754b1de7c974b1b43e5959def4b3224907ab5fd30ca44d0c4f0bc_amd64",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:e4a938f215d754b1de7c974b1b43e5959def4b3224907ab5fd30ca44d0c4f0bc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:e4a938f215d754b1de7c974b1b43e5959def4b3224907ab5fd30ca44d0c4f0bc?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:46fcd72037b36b4201d9b69c553efa843eeb84ccc276d42ace16c9b3ba16000e_amd64",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:46fcd72037b36b4201d9b69c553efa843eeb84ccc276d42ace16c9b3ba16000e_amd64",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:46fcd72037b36b4201d9b69c553efa843eeb84ccc276d42ace16c9b3ba16000e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:46fcd72037b36b4201d9b69c553efa843eeb84ccc276d42ace16c9b3ba16000e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:b22190de3162d3e03481cae8904ce563912756eea7ac7e7feec0acbbdae5e6f6_amd64",
"product": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:b22190de3162d3e03481cae8904ce563912756eea7ac7e7feec0acbbdae5e6f6_amd64",
"product_id": "openshift-gitops-1/gitops-operator-bundle@sha256:b22190de3162d3e03481cae8904ce563912756eea7ac7e7feec0acbbdae5e6f6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-operator-bundle@sha256:b22190de3162d3e03481cae8904ce563912756eea7ac7e7feec0acbbdae5e6f6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-operator-bundle\u0026tag=v1.6.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:8c7dcf0bc33c767474b7a637a6dd744b0b677011ac9cdc3471c889611e265046_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:8c7dcf0bc33c767474b7a637a6dd744b0b677011ac9cdc3471c889611e265046_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:8c7dcf0bc33c767474b7a637a6dd744b0b677011ac9cdc3471c889611e265046_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:8c7dcf0bc33c767474b7a637a6dd744b0b677011ac9cdc3471c889611e265046?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.6.6-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:1bd43dbaa0b53789699d46e22280ffb314a589caa924b713c55d3ff0f3579cf3_amd64 as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:1bd43dbaa0b53789699d46e22280ffb314a589caa924b713c55d3ff0f3579cf3_amd64"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:1bd43dbaa0b53789699d46e22280ffb314a589caa924b713c55d3ff0f3579cf3_amd64",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:363e64753141b70b05cbe1a212aa4626cd7001e136d2a7a30ce995acefb79918_s390x as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:363e64753141b70b05cbe1a212aa4626cd7001e136d2a7a30ce995acefb79918_s390x"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:363e64753141b70b05cbe1a212aa4626cd7001e136d2a7a30ce995acefb79918_s390x",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:79c519c218fd5f3ec14b2f9b263553626ca3bc05141463a5deb9814644291044_ppc64le as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:79c519c218fd5f3ec14b2f9b263553626ca3bc05141463a5deb9814644291044_ppc64le"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:79c519c218fd5f3ec14b2f9b263553626ca3bc05141463a5deb9814644291044_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:74c182734ae54034b314c9b2adc0c3ef74688e3a5ec3c05b8cc0f07ef88460a4_s390x as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:74c182734ae54034b314c9b2adc0c3ef74688e3a5ec3c05b8cc0f07ef88460a4_s390x"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:74c182734ae54034b314c9b2adc0c3ef74688e3a5ec3c05b8cc0f07ef88460a4_s390x",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:ad064ab1165f73f00ca1984a4736738a7fbfe9771ceda37043118333a6801e50_ppc64le as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:ad064ab1165f73f00ca1984a4736738a7fbfe9771ceda37043118333a6801e50_ppc64le"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:ad064ab1165f73f00ca1984a4736738a7fbfe9771ceda37043118333a6801e50_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:e4a938f215d754b1de7c974b1b43e5959def4b3224907ab5fd30ca44d0c4f0bc_amd64 as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:e4a938f215d754b1de7c974b1b43e5959def4b3224907ab5fd30ca44d0c4f0bc_amd64"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:e4a938f215d754b1de7c974b1b43e5959def4b3224907ab5fd30ca44d0c4f0bc_amd64",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:b22190de3162d3e03481cae8904ce563912756eea7ac7e7feec0acbbdae5e6f6_amd64 as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/gitops-operator-bundle@sha256:b22190de3162d3e03481cae8904ce563912756eea7ac7e7feec0acbbdae5e6f6_amd64"
},
"product_reference": "openshift-gitops-1/gitops-operator-bundle@sha256:b22190de3162d3e03481cae8904ce563912756eea7ac7e7feec0acbbdae5e6f6_amd64",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:04a3258fe00fe8ea9e0b48e5911a7c148f6c6dbc0cbb2d5b6d5071d0f27064b2_s390x as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:04a3258fe00fe8ea9e0b48e5911a7c148f6c6dbc0cbb2d5b6d5071d0f27064b2_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:04a3258fe00fe8ea9e0b48e5911a7c148f6c6dbc0cbb2d5b6d5071d0f27064b2_s390x",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:8c7dcf0bc33c767474b7a637a6dd744b0b677011ac9cdc3471c889611e265046_amd64 as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:8c7dcf0bc33c767474b7a637a6dd744b0b677011ac9cdc3471c889611e265046_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:8c7dcf0bc33c767474b7a637a6dd744b0b677011ac9cdc3471c889611e265046_amd64",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:a807e500c68bc01c05cc7614adf973eb383384b5ba907be9e158fdaf76737fbe_ppc64le as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:a807e500c68bc01c05cc7614adf973eb383384b5ba907be9e158fdaf76737fbe_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:a807e500c68bc01c05cc7614adf973eb383384b5ba907be9e158fdaf76737fbe_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:3b5b34b740ddb442af9eee77e47c009710c953cdd1c7998d946c115c71250b86_amd64 as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:3b5b34b740ddb442af9eee77e47c009710c953cdd1c7998d946c115c71250b86_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:3b5b34b740ddb442af9eee77e47c009710c953cdd1c7998d946c115c71250b86_amd64",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:77a0917c97f5aa5430693c00653fe066f90de786911e6b2744ed8fc2dec69e81_ppc64le as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:77a0917c97f5aa5430693c00653fe066f90de786911e6b2744ed8fc2dec69e81_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:77a0917c97f5aa5430693c00653fe066f90de786911e6b2744ed8fc2dec69e81_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:cfd94ed64a41fd2aa9c73d5f125eda68da3c6a920270eb3e2a603fae15caad11_s390x as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:cfd94ed64a41fd2aa9c73d5f125eda68da3c6a920270eb3e2a603fae15caad11_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:cfd94ed64a41fd2aa9c73d5f125eda68da3c6a920270eb3e2a603fae15caad11_s390x",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:46fcd72037b36b4201d9b69c553efa843eeb84ccc276d42ace16c9b3ba16000e_amd64 as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:46fcd72037b36b4201d9b69c553efa843eeb84ccc276d42ace16c9b3ba16000e_amd64"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:46fcd72037b36b4201d9b69c553efa843eeb84ccc276d42ace16c9b3ba16000e_amd64",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:99c4f2d3c76af623dcc2f362ce5342d6e3ca5f68985990347192e7757557b7b4_s390x as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:99c4f2d3c76af623dcc2f362ce5342d6e3ca5f68985990347192e7757557b7b4_s390x"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:99c4f2d3c76af623dcc2f362ce5342d6e3ca5f68985990347192e7757557b7b4_s390x",
"relates_to_product_reference": "8Base-GitOps-1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:9e2d4d35ed9e9155311c4c0823ca6f471968d3c668f41d4ae6a88772fee949fa_ppc64le as a component of Red Hat OpenShift GitOps 1.6",
"product_id": "8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:9e2d4d35ed9e9155311c4c0823ca6f471968d3c668f41d4ae6a88772fee949fa_ppc64le"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:9e2d4d35ed9e9155311c4c0823ca6f471968d3c668f41d4ae6a88772fee949fa_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-41354",
"discovery_date": "2023-02-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:74c182734ae54034b314c9b2adc0c3ef74688e3a5ec3c05b8cc0f07ef88460a4_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:ad064ab1165f73f00ca1984a4736738a7fbfe9771ceda37043118333a6801e50_ppc64le",
"8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:e4a938f215d754b1de7c974b1b43e5959def4b3224907ab5fd30ca44d0c4f0bc_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-operator-bundle@sha256:b22190de3162d3e03481cae8904ce563912756eea7ac7e7feec0acbbdae5e6f6_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:04a3258fe00fe8ea9e0b48e5911a7c148f6c6dbc0cbb2d5b6d5071d0f27064b2_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:8c7dcf0bc33c767474b7a637a6dd744b0b677011ac9cdc3471c889611e265046_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:a807e500c68bc01c05cc7614adf973eb383384b5ba907be9e158fdaf76737fbe_ppc64le",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:3b5b34b740ddb442af9eee77e47c009710c953cdd1c7998d946c115c71250b86_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:77a0917c97f5aa5430693c00653fe066f90de786911e6b2744ed8fc2dec69e81_ppc64le",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:cfd94ed64a41fd2aa9c73d5f125eda68da3c6a920270eb3e2a603fae15caad11_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:46fcd72037b36b4201d9b69c553efa843eeb84ccc276d42ace16c9b3ba16000e_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:99c4f2d3c76af623dcc2f362ce5342d6e3ca5f68985990347192e7757557b7b4_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:9e2d4d35ed9e9155311c4c0823ca6f471968d3c668f41d4ae6a88772fee949fa_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2167820"
}
],
"notes": [
{
"category": "description",
"text": "An information disclosure flaw was found in Argo CD. This issue may allow unauthorized users to enumerate application names by inspecting API error messages and could use the discovered application names as the starting point of another attack. For example, the attacker might use their knowledge of an application name to convince an administrator to grant higher privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:1bd43dbaa0b53789699d46e22280ffb314a589caa924b713c55d3ff0f3579cf3_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:363e64753141b70b05cbe1a212aa4626cd7001e136d2a7a30ce995acefb79918_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:79c519c218fd5f3ec14b2f9b263553626ca3bc05141463a5deb9814644291044_ppc64le"
],
"known_not_affected": [
"8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:74c182734ae54034b314c9b2adc0c3ef74688e3a5ec3c05b8cc0f07ef88460a4_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:ad064ab1165f73f00ca1984a4736738a7fbfe9771ceda37043118333a6801e50_ppc64le",
"8Base-GitOps-1.6:openshift-gitops-1/dex-rhel8@sha256:e4a938f215d754b1de7c974b1b43e5959def4b3224907ab5fd30ca44d0c4f0bc_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-operator-bundle@sha256:b22190de3162d3e03481cae8904ce563912756eea7ac7e7feec0acbbdae5e6f6_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:04a3258fe00fe8ea9e0b48e5911a7c148f6c6dbc0cbb2d5b6d5071d0f27064b2_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:8c7dcf0bc33c767474b7a637a6dd744b0b677011ac9cdc3471c889611e265046_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8-operator@sha256:a807e500c68bc01c05cc7614adf973eb383384b5ba907be9e158fdaf76737fbe_ppc64le",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:3b5b34b740ddb442af9eee77e47c009710c953cdd1c7998d946c115c71250b86_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:77a0917c97f5aa5430693c00653fe066f90de786911e6b2744ed8fc2dec69e81_ppc64le",
"8Base-GitOps-1.6:openshift-gitops-1/gitops-rhel8@sha256:cfd94ed64a41fd2aa9c73d5f125eda68da3c6a920270eb3e2a603fae15caad11_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:46fcd72037b36b4201d9b69c553efa843eeb84ccc276d42ace16c9b3ba16000e_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:99c4f2d3c76af623dcc2f362ce5342d6e3ca5f68985990347192e7757557b7b4_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/kam-delivery-rhel8@sha256:9e2d4d35ed9e9155311c4c0823ca6f471968d3c668f41d4ae6a88772fee949fa_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41354"
},
{
"category": "external",
"summary": "RHBZ#2167820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167820"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41354",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41354"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41354",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41354"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq",
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq"
}
],
"release_date": "2023-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-23T18:46:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:1bd43dbaa0b53789699d46e22280ffb314a589caa924b713c55d3ff0f3579cf3_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:363e64753141b70b05cbe1a212aa4626cd7001e136d2a7a30ce995acefb79918_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:79c519c218fd5f3ec14b2f9b263553626ca3bc05141463a5deb9814644291044_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1453"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:1bd43dbaa0b53789699d46e22280ffb314a589caa924b713c55d3ff0f3579cf3_amd64",
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:363e64753141b70b05cbe1a212aa4626cd7001e136d2a7a30ce995acefb79918_s390x",
"8Base-GitOps-1.6:openshift-gitops-1/argocd-rhel8@sha256:79c519c218fd5f3ec14b2f9b263553626ca3bc05141463a5deb9814644291044_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API"
}
]
}
rhsa-2023:1452
Vulnerability from csaf_redhat
Published
2023-03-23 18:40
Modified
2024-11-22 22:23
Summary
Red Hat Security Advisory: Red Hat OpenShift GitOps security update
Notes
Topic
An update is now available for Red Hat OpenShift GitOps 1.8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Security Fix(es):
* ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API (CVE-2022-41354)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift GitOps 1.8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security Fix(es):\n\n* ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API (CVE-2022-41354)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:1452",
"url": "https://access.redhat.com/errata/RHSA-2023:1452"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2167820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167820"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1452.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift GitOps security update",
"tracking": {
"current_release_date": "2024-11-22T22:23:34+00:00",
"generator": {
"date": "2024-11-22T22:23:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2023:1452",
"initial_release_date": "2023-03-23T18:40:37+00:00",
"revision_history": [
{
"date": "2023-03-23T18:40:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-03-23T18:40:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T22:23:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.8",
"product": {
"name": "Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_gitops:1.8::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift GitOps"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:1adeecbe2a1b13b1ccbaca6de748eebea17612c78ffaa45274dcb564e6997524_s390x",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:1adeecbe2a1b13b1ccbaca6de748eebea17612c78ffaa45274dcb564e6997524_s390x",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:1adeecbe2a1b13b1ccbaca6de748eebea17612c78ffaa45274dcb564e6997524_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:1adeecbe2a1b13b1ccbaca6de748eebea17612c78ffaa45274dcb564e6997524?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:6af1ef2d889dc40c21a1c277955a50bad53a612cb774b82718e1ffc042dc0bd7_s390x",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:6af1ef2d889dc40c21a1c277955a50bad53a612cb774b82718e1ffc042dc0bd7_s390x",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:6af1ef2d889dc40c21a1c277955a50bad53a612cb774b82718e1ffc042dc0bd7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:6af1ef2d889dc40c21a1c277955a50bad53a612cb774b82718e1ffc042dc0bd7?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:eaf99c68a30acc85c02741572210811da7d34b7af728a29bef2b684bcc82a5e4_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:eaf99c68a30acc85c02741572210811da7d34b7af728a29bef2b684bcc82a5e4_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:eaf99c68a30acc85c02741572210811da7d34b7af728a29bef2b684bcc82a5e4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:eaf99c68a30acc85c02741572210811da7d34b7af728a29bef2b684bcc82a5e4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:1f467badefe68f76de6da239a2ce7e7933b298d289738df1080d8d0c40a7349b_s390x",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:1f467badefe68f76de6da239a2ce7e7933b298d289738df1080d8d0c40a7349b_s390x",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:1f467badefe68f76de6da239a2ce7e7933b298d289738df1080d8d0c40a7349b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:1f467badefe68f76de6da239a2ce7e7933b298d289738df1080d8d0c40a7349b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:3aa62b6fd14d01200a4d92562ad91dee37a555968a451ceefb101df259d95a91_s390x",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:3aa62b6fd14d01200a4d92562ad91dee37a555968a451ceefb101df259d95a91_s390x",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:3aa62b6fd14d01200a4d92562ad91dee37a555968a451ceefb101df259d95a91_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:3aa62b6fd14d01200a4d92562ad91dee37a555968a451ceefb101df259d95a91?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:7fb57dec46089f14b40b58a59bb3e007d2631e6afe2b210b8898be04d8d86459_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:7fb57dec46089f14b40b58a59bb3e007d2631e6afe2b210b8898be04d8d86459_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:7fb57dec46089f14b40b58a59bb3e007d2631e6afe2b210b8898be04d8d86459_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:7fb57dec46089f14b40b58a59bb3e007d2631e6afe2b210b8898be04d8d86459?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.8.1-1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:eee39439704ffea3376cdd686392dedb4e5ed25280e217167b8b2223286a3f32_amd64",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:eee39439704ffea3376cdd686392dedb4e5ed25280e217167b8b2223286a3f32_amd64",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:eee39439704ffea3376cdd686392dedb4e5ed25280e217167b8b2223286a3f32_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:eee39439704ffea3376cdd686392dedb4e5ed25280e217167b8b2223286a3f32?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:2eabb947c4943a288c1c549ee601c853d138107414142c43be82b007af0bb9ce_amd64",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:2eabb947c4943a288c1c549ee601c853d138107414142c43be82b007af0bb9ce_amd64",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:2eabb947c4943a288c1c549ee601c853d138107414142c43be82b007af0bb9ce_amd64",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:2eabb947c4943a288c1c549ee601c853d138107414142c43be82b007af0bb9ce?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:b119feb01e5b2a97e9bd36ecca931cefaf154936110744b5b89968fddc2d9fef_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:b119feb01e5b2a97e9bd36ecca931cefaf154936110744b5b89968fddc2d9fef_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:b119feb01e5b2a97e9bd36ecca931cefaf154936110744b5b89968fddc2d9fef_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:b119feb01e5b2a97e9bd36ecca931cefaf154936110744b5b89968fddc2d9fef?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:6346a5027982d911aa5cadc0a2b6d77b76a76a7563fa67e91395e1ba0e554019_amd64",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:6346a5027982d911aa5cadc0a2b6d77b76a76a7563fa67e91395e1ba0e554019_amd64",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:6346a5027982d911aa5cadc0a2b6d77b76a76a7563fa67e91395e1ba0e554019_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:6346a5027982d911aa5cadc0a2b6d77b76a76a7563fa67e91395e1ba0e554019?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:3b228ebc41380285e3a91ab57a7a55112092d6d65cf8afb025847055517c719e_amd64",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:3b228ebc41380285e3a91ab57a7a55112092d6d65cf8afb025847055517c719e_amd64",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:3b228ebc41380285e3a91ab57a7a55112092d6d65cf8afb025847055517c719e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:3b228ebc41380285e3a91ab57a7a55112092d6d65cf8afb025847055517c719e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:273dcda07cdc475069a1dd41ecb2a91c51b2648f94eff57e9fd7e2e6aff75623_amd64",
"product": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:273dcda07cdc475069a1dd41ecb2a91c51b2648f94eff57e9fd7e2e6aff75623_amd64",
"product_id": "openshift-gitops-1/gitops-operator-bundle@sha256:273dcda07cdc475069a1dd41ecb2a91c51b2648f94eff57e9fd7e2e6aff75623_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-operator-bundle@sha256:273dcda07cdc475069a1dd41ecb2a91c51b2648f94eff57e9fd7e2e6aff75623?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-operator-bundle\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:f79bccbc97918a25339de9637fdba1f3362d6812d89a41c2a60e1d4264dfefca_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:f79bccbc97918a25339de9637fdba1f3362d6812d89a41c2a60e1d4264dfefca_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:f79bccbc97918a25339de9637fdba1f3362d6812d89a41c2a60e1d4264dfefca_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:f79bccbc97918a25339de9637fdba1f3362d6812d89a41c2a60e1d4264dfefca?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.8.1-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:f59359e26a0cc57d4e3abe640284c7ba980e72b830f480fa91825c88ecd062e4_arm64",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:f59359e26a0cc57d4e3abe640284c7ba980e72b830f480fa91825c88ecd062e4_arm64",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:f59359e26a0cc57d4e3abe640284c7ba980e72b830f480fa91825c88ecd062e4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:f59359e26a0cc57d4e3abe640284c7ba980e72b830f480fa91825c88ecd062e4?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:1ab2110a22912acf77fdf8dbfd801cfffea1bed67715629cfdc03e23c882d318_arm64",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:1ab2110a22912acf77fdf8dbfd801cfffea1bed67715629cfdc03e23c882d318_arm64",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:1ab2110a22912acf77fdf8dbfd801cfffea1bed67715629cfdc03e23c882d318_arm64",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:1ab2110a22912acf77fdf8dbfd801cfffea1bed67715629cfdc03e23c882d318?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:21fdf98c4ba9c28533c02067dab1ef59f109d925650eeeaddec508f34d632b0d_arm64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:21fdf98c4ba9c28533c02067dab1ef59f109d925650eeeaddec508f34d632b0d_arm64",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:21fdf98c4ba9c28533c02067dab1ef59f109d925650eeeaddec508f34d632b0d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:21fdf98c4ba9c28533c02067dab1ef59f109d925650eeeaddec508f34d632b0d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:6bc1a6010682bd80ae100455a934a92f37b13f70afa1038c8d8f10ec39727ee7_arm64",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:6bc1a6010682bd80ae100455a934a92f37b13f70afa1038c8d8f10ec39727ee7_arm64",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:6bc1a6010682bd80ae100455a934a92f37b13f70afa1038c8d8f10ec39727ee7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:6bc1a6010682bd80ae100455a934a92f37b13f70afa1038c8d8f10ec39727ee7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:5b80dc7f0c607134f663ca082df07c159ddacb688c6252dbc2f535bc1e825746_arm64",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:5b80dc7f0c607134f663ca082df07c159ddacb688c6252dbc2f535bc1e825746_arm64",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:5b80dc7f0c607134f663ca082df07c159ddacb688c6252dbc2f535bc1e825746_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:5b80dc7f0c607134f663ca082df07c159ddacb688c6252dbc2f535bc1e825746?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:86160eb773563bde3f59fef387fe50ede0bb5108f711aa1759bd48f557b72b99_arm64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:86160eb773563bde3f59fef387fe50ede0bb5108f711aa1759bd48f557b72b99_arm64",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:86160eb773563bde3f59fef387fe50ede0bb5108f711aa1759bd48f557b72b99_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:86160eb773563bde3f59fef387fe50ede0bb5108f711aa1759bd48f557b72b99?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.8.1-1"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:aae43c32dc5da71ba9be9efd495ccde25535cdbbe1d78917f48d8fcfed269222_ppc64le",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:aae43c32dc5da71ba9be9efd495ccde25535cdbbe1d78917f48d8fcfed269222_ppc64le",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:aae43c32dc5da71ba9be9efd495ccde25535cdbbe1d78917f48d8fcfed269222_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:aae43c32dc5da71ba9be9efd495ccde25535cdbbe1d78917f48d8fcfed269222?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:fcd81ad2a1751443844553a0900a2dceae7e92843c97cd6aa3305560a976ca67_ppc64le",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:fcd81ad2a1751443844553a0900a2dceae7e92843c97cd6aa3305560a976ca67_ppc64le",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:fcd81ad2a1751443844553a0900a2dceae7e92843c97cd6aa3305560a976ca67_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:fcd81ad2a1751443844553a0900a2dceae7e92843c97cd6aa3305560a976ca67?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:e317827fc5621773fcd6cb653aca9e09a300999d427ee11f449812a5eb30bd64_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:e317827fc5621773fcd6cb653aca9e09a300999d427ee11f449812a5eb30bd64_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:e317827fc5621773fcd6cb653aca9e09a300999d427ee11f449812a5eb30bd64_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:e317827fc5621773fcd6cb653aca9e09a300999d427ee11f449812a5eb30bd64?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:4db889fd9eb4c451d086f5f79f5eb850379f8a3f35c5fe67e47c538bdfbb8b1f_ppc64le",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:4db889fd9eb4c451d086f5f79f5eb850379f8a3f35c5fe67e47c538bdfbb8b1f_ppc64le",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:4db889fd9eb4c451d086f5f79f5eb850379f8a3f35c5fe67e47c538bdfbb8b1f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:4db889fd9eb4c451d086f5f79f5eb850379f8a3f35c5fe67e47c538bdfbb8b1f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:6a5619fee1fd7b916e32c0d263622ad11e35fb8f51d5adff05867337af78112b_ppc64le",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:6a5619fee1fd7b916e32c0d263622ad11e35fb8f51d5adff05867337af78112b_ppc64le",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:6a5619fee1fd7b916e32c0d263622ad11e35fb8f51d5adff05867337af78112b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:6a5619fee1fd7b916e32c0d263622ad11e35fb8f51d5adff05867337af78112b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.8.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:50c624fe3202213c4192a430edbebb00a3b00d492d6aee264acd7894a03b8e5d_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:50c624fe3202213c4192a430edbebb00a3b00d492d6aee264acd7894a03b8e5d_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:50c624fe3202213c4192a430edbebb00a3b00d492d6aee264acd7894a03b8e5d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:50c624fe3202213c4192a430edbebb00a3b00d492d6aee264acd7894a03b8e5d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.8.1-1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:1adeecbe2a1b13b1ccbaca6de748eebea17612c78ffaa45274dcb564e6997524_s390x as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:1adeecbe2a1b13b1ccbaca6de748eebea17612c78ffaa45274dcb564e6997524_s390x"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:1adeecbe2a1b13b1ccbaca6de748eebea17612c78ffaa45274dcb564e6997524_s390x",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:aae43c32dc5da71ba9be9efd495ccde25535cdbbe1d78917f48d8fcfed269222_ppc64le as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:aae43c32dc5da71ba9be9efd495ccde25535cdbbe1d78917f48d8fcfed269222_ppc64le"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:aae43c32dc5da71ba9be9efd495ccde25535cdbbe1d78917f48d8fcfed269222_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:eee39439704ffea3376cdd686392dedb4e5ed25280e217167b8b2223286a3f32_amd64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:eee39439704ffea3376cdd686392dedb4e5ed25280e217167b8b2223286a3f32_amd64"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:eee39439704ffea3376cdd686392dedb4e5ed25280e217167b8b2223286a3f32_amd64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:f59359e26a0cc57d4e3abe640284c7ba980e72b830f480fa91825c88ecd062e4_arm64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:f59359e26a0cc57d4e3abe640284c7ba980e72b830f480fa91825c88ecd062e4_arm64"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:f59359e26a0cc57d4e3abe640284c7ba980e72b830f480fa91825c88ecd062e4_arm64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:1ab2110a22912acf77fdf8dbfd801cfffea1bed67715629cfdc03e23c882d318_arm64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:1ab2110a22912acf77fdf8dbfd801cfffea1bed67715629cfdc03e23c882d318_arm64"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:1ab2110a22912acf77fdf8dbfd801cfffea1bed67715629cfdc03e23c882d318_arm64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:2eabb947c4943a288c1c549ee601c853d138107414142c43be82b007af0bb9ce_amd64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:2eabb947c4943a288c1c549ee601c853d138107414142c43be82b007af0bb9ce_amd64"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:2eabb947c4943a288c1c549ee601c853d138107414142c43be82b007af0bb9ce_amd64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:6af1ef2d889dc40c21a1c277955a50bad53a612cb774b82718e1ffc042dc0bd7_s390x as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:6af1ef2d889dc40c21a1c277955a50bad53a612cb774b82718e1ffc042dc0bd7_s390x"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:6af1ef2d889dc40c21a1c277955a50bad53a612cb774b82718e1ffc042dc0bd7_s390x",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:fcd81ad2a1751443844553a0900a2dceae7e92843c97cd6aa3305560a976ca67_ppc64le as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:fcd81ad2a1751443844553a0900a2dceae7e92843c97cd6aa3305560a976ca67_ppc64le"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:fcd81ad2a1751443844553a0900a2dceae7e92843c97cd6aa3305560a976ca67_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:1f467badefe68f76de6da239a2ce7e7933b298d289738df1080d8d0c40a7349b_s390x as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:1f467badefe68f76de6da239a2ce7e7933b298d289738df1080d8d0c40a7349b_s390x"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:1f467badefe68f76de6da239a2ce7e7933b298d289738df1080d8d0c40a7349b_s390x",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:4db889fd9eb4c451d086f5f79f5eb850379f8a3f35c5fe67e47c538bdfbb8b1f_ppc64le as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:4db889fd9eb4c451d086f5f79f5eb850379f8a3f35c5fe67e47c538bdfbb8b1f_ppc64le"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:4db889fd9eb4c451d086f5f79f5eb850379f8a3f35c5fe67e47c538bdfbb8b1f_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:6346a5027982d911aa5cadc0a2b6d77b76a76a7563fa67e91395e1ba0e554019_amd64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:6346a5027982d911aa5cadc0a2b6d77b76a76a7563fa67e91395e1ba0e554019_amd64"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:6346a5027982d911aa5cadc0a2b6d77b76a76a7563fa67e91395e1ba0e554019_amd64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:6bc1a6010682bd80ae100455a934a92f37b13f70afa1038c8d8f10ec39727ee7_arm64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:6bc1a6010682bd80ae100455a934a92f37b13f70afa1038c8d8f10ec39727ee7_arm64"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:6bc1a6010682bd80ae100455a934a92f37b13f70afa1038c8d8f10ec39727ee7_arm64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:273dcda07cdc475069a1dd41ecb2a91c51b2648f94eff57e9fd7e2e6aff75623_amd64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-operator-bundle@sha256:273dcda07cdc475069a1dd41ecb2a91c51b2648f94eff57e9fd7e2e6aff75623_amd64"
},
"product_reference": "openshift-gitops-1/gitops-operator-bundle@sha256:273dcda07cdc475069a1dd41ecb2a91c51b2648f94eff57e9fd7e2e6aff75623_amd64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:50c624fe3202213c4192a430edbebb00a3b00d492d6aee264acd7894a03b8e5d_ppc64le as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:50c624fe3202213c4192a430edbebb00a3b00d492d6aee264acd7894a03b8e5d_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:50c624fe3202213c4192a430edbebb00a3b00d492d6aee264acd7894a03b8e5d_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:7fb57dec46089f14b40b58a59bb3e007d2631e6afe2b210b8898be04d8d86459_s390x as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:7fb57dec46089f14b40b58a59bb3e007d2631e6afe2b210b8898be04d8d86459_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:7fb57dec46089f14b40b58a59bb3e007d2631e6afe2b210b8898be04d8d86459_s390x",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:86160eb773563bde3f59fef387fe50ede0bb5108f711aa1759bd48f557b72b99_arm64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:86160eb773563bde3f59fef387fe50ede0bb5108f711aa1759bd48f557b72b99_arm64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:86160eb773563bde3f59fef387fe50ede0bb5108f711aa1759bd48f557b72b99_arm64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:f79bccbc97918a25339de9637fdba1f3362d6812d89a41c2a60e1d4264dfefca_amd64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:f79bccbc97918a25339de9637fdba1f3362d6812d89a41c2a60e1d4264dfefca_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:f79bccbc97918a25339de9637fdba1f3362d6812d89a41c2a60e1d4264dfefca_amd64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:21fdf98c4ba9c28533c02067dab1ef59f109d925650eeeaddec508f34d632b0d_arm64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:21fdf98c4ba9c28533c02067dab1ef59f109d925650eeeaddec508f34d632b0d_arm64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:21fdf98c4ba9c28533c02067dab1ef59f109d925650eeeaddec508f34d632b0d_arm64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:b119feb01e5b2a97e9bd36ecca931cefaf154936110744b5b89968fddc2d9fef_amd64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:b119feb01e5b2a97e9bd36ecca931cefaf154936110744b5b89968fddc2d9fef_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:b119feb01e5b2a97e9bd36ecca931cefaf154936110744b5b89968fddc2d9fef_amd64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:e317827fc5621773fcd6cb653aca9e09a300999d427ee11f449812a5eb30bd64_ppc64le as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:e317827fc5621773fcd6cb653aca9e09a300999d427ee11f449812a5eb30bd64_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:e317827fc5621773fcd6cb653aca9e09a300999d427ee11f449812a5eb30bd64_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:eaf99c68a30acc85c02741572210811da7d34b7af728a29bef2b684bcc82a5e4_s390x as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:eaf99c68a30acc85c02741572210811da7d34b7af728a29bef2b684bcc82a5e4_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:eaf99c68a30acc85c02741572210811da7d34b7af728a29bef2b684bcc82a5e4_s390x",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:3aa62b6fd14d01200a4d92562ad91dee37a555968a451ceefb101df259d95a91_s390x as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:3aa62b6fd14d01200a4d92562ad91dee37a555968a451ceefb101df259d95a91_s390x"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:3aa62b6fd14d01200a4d92562ad91dee37a555968a451ceefb101df259d95a91_s390x",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:3b228ebc41380285e3a91ab57a7a55112092d6d65cf8afb025847055517c719e_amd64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:3b228ebc41380285e3a91ab57a7a55112092d6d65cf8afb025847055517c719e_amd64"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:3b228ebc41380285e3a91ab57a7a55112092d6d65cf8afb025847055517c719e_amd64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:5b80dc7f0c607134f663ca082df07c159ddacb688c6252dbc2f535bc1e825746_arm64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:5b80dc7f0c607134f663ca082df07c159ddacb688c6252dbc2f535bc1e825746_arm64"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:5b80dc7f0c607134f663ca082df07c159ddacb688c6252dbc2f535bc1e825746_arm64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:6a5619fee1fd7b916e32c0d263622ad11e35fb8f51d5adff05867337af78112b_ppc64le as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:6a5619fee1fd7b916e32c0d263622ad11e35fb8f51d5adff05867337af78112b_ppc64le"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:6a5619fee1fd7b916e32c0d263622ad11e35fb8f51d5adff05867337af78112b_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-41354",
"discovery_date": "2023-02-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:1ab2110a22912acf77fdf8dbfd801cfffea1bed67715629cfdc03e23c882d318_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:2eabb947c4943a288c1c549ee601c853d138107414142c43be82b007af0bb9ce_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:6af1ef2d889dc40c21a1c277955a50bad53a612cb774b82718e1ffc042dc0bd7_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:fcd81ad2a1751443844553a0900a2dceae7e92843c97cd6aa3305560a976ca67_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:1f467badefe68f76de6da239a2ce7e7933b298d289738df1080d8d0c40a7349b_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:4db889fd9eb4c451d086f5f79f5eb850379f8a3f35c5fe67e47c538bdfbb8b1f_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:6346a5027982d911aa5cadc0a2b6d77b76a76a7563fa67e91395e1ba0e554019_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:6bc1a6010682bd80ae100455a934a92f37b13f70afa1038c8d8f10ec39727ee7_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-operator-bundle@sha256:273dcda07cdc475069a1dd41ecb2a91c51b2648f94eff57e9fd7e2e6aff75623_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:50c624fe3202213c4192a430edbebb00a3b00d492d6aee264acd7894a03b8e5d_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:7fb57dec46089f14b40b58a59bb3e007d2631e6afe2b210b8898be04d8d86459_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:86160eb773563bde3f59fef387fe50ede0bb5108f711aa1759bd48f557b72b99_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:f79bccbc97918a25339de9637fdba1f3362d6812d89a41c2a60e1d4264dfefca_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:21fdf98c4ba9c28533c02067dab1ef59f109d925650eeeaddec508f34d632b0d_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:b119feb01e5b2a97e9bd36ecca931cefaf154936110744b5b89968fddc2d9fef_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:e317827fc5621773fcd6cb653aca9e09a300999d427ee11f449812a5eb30bd64_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:eaf99c68a30acc85c02741572210811da7d34b7af728a29bef2b684bcc82a5e4_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:3aa62b6fd14d01200a4d92562ad91dee37a555968a451ceefb101df259d95a91_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:3b228ebc41380285e3a91ab57a7a55112092d6d65cf8afb025847055517c719e_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:5b80dc7f0c607134f663ca082df07c159ddacb688c6252dbc2f535bc1e825746_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:6a5619fee1fd7b916e32c0d263622ad11e35fb8f51d5adff05867337af78112b_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2167820"
}
],
"notes": [
{
"category": "description",
"text": "An information disclosure flaw was found in Argo CD. This issue may allow unauthorized users to enumerate application names by inspecting API error messages and could use the discovered application names as the starting point of another attack. For example, the attacker might use their knowledge of an application name to convince an administrator to grant higher privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:1adeecbe2a1b13b1ccbaca6de748eebea17612c78ffaa45274dcb564e6997524_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:aae43c32dc5da71ba9be9efd495ccde25535cdbbe1d78917f48d8fcfed269222_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:eee39439704ffea3376cdd686392dedb4e5ed25280e217167b8b2223286a3f32_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:f59359e26a0cc57d4e3abe640284c7ba980e72b830f480fa91825c88ecd062e4_arm64"
],
"known_not_affected": [
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:1ab2110a22912acf77fdf8dbfd801cfffea1bed67715629cfdc03e23c882d318_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:2eabb947c4943a288c1c549ee601c853d138107414142c43be82b007af0bb9ce_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:6af1ef2d889dc40c21a1c277955a50bad53a612cb774b82718e1ffc042dc0bd7_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/console-plugin-rhel8@sha256:fcd81ad2a1751443844553a0900a2dceae7e92843c97cd6aa3305560a976ca67_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:1f467badefe68f76de6da239a2ce7e7933b298d289738df1080d8d0c40a7349b_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:4db889fd9eb4c451d086f5f79f5eb850379f8a3f35c5fe67e47c538bdfbb8b1f_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:6346a5027982d911aa5cadc0a2b6d77b76a76a7563fa67e91395e1ba0e554019_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/dex-rhel8@sha256:6bc1a6010682bd80ae100455a934a92f37b13f70afa1038c8d8f10ec39727ee7_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-operator-bundle@sha256:273dcda07cdc475069a1dd41ecb2a91c51b2648f94eff57e9fd7e2e6aff75623_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:50c624fe3202213c4192a430edbebb00a3b00d492d6aee264acd7894a03b8e5d_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:7fb57dec46089f14b40b58a59bb3e007d2631e6afe2b210b8898be04d8d86459_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:86160eb773563bde3f59fef387fe50ede0bb5108f711aa1759bd48f557b72b99_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8-operator@sha256:f79bccbc97918a25339de9637fdba1f3362d6812d89a41c2a60e1d4264dfefca_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:21fdf98c4ba9c28533c02067dab1ef59f109d925650eeeaddec508f34d632b0d_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:b119feb01e5b2a97e9bd36ecca931cefaf154936110744b5b89968fddc2d9fef_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:e317827fc5621773fcd6cb653aca9e09a300999d427ee11f449812a5eb30bd64_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/gitops-rhel8@sha256:eaf99c68a30acc85c02741572210811da7d34b7af728a29bef2b684bcc82a5e4_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:3aa62b6fd14d01200a4d92562ad91dee37a555968a451ceefb101df259d95a91_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:3b228ebc41380285e3a91ab57a7a55112092d6d65cf8afb025847055517c719e_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:5b80dc7f0c607134f663ca082df07c159ddacb688c6252dbc2f535bc1e825746_arm64",
"8Base-GitOps-1.8:openshift-gitops-1/kam-delivery-rhel8@sha256:6a5619fee1fd7b916e32c0d263622ad11e35fb8f51d5adff05867337af78112b_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41354"
},
{
"category": "external",
"summary": "RHBZ#2167820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167820"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41354",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41354"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41354",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41354"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq",
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq"
}
],
"release_date": "2023-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-23T18:40:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:1adeecbe2a1b13b1ccbaca6de748eebea17612c78ffaa45274dcb564e6997524_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:aae43c32dc5da71ba9be9efd495ccde25535cdbbe1d78917f48d8fcfed269222_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:eee39439704ffea3376cdd686392dedb4e5ed25280e217167b8b2223286a3f32_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:f59359e26a0cc57d4e3abe640284c7ba980e72b830f480fa91825c88ecd062e4_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1452"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:1adeecbe2a1b13b1ccbaca6de748eebea17612c78ffaa45274dcb564e6997524_s390x",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:aae43c32dc5da71ba9be9efd495ccde25535cdbbe1d78917f48d8fcfed269222_ppc64le",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:eee39439704ffea3376cdd686392dedb4e5ed25280e217167b8b2223286a3f32_amd64",
"8Base-GitOps-1.8:openshift-gitops-1/argocd-rhel8@sha256:f59359e26a0cc57d4e3abe640284c7ba980e72b830f480fa91825c88ecd062e4_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API"
}
]
}
wid-sec-w-2023-0746
Vulnerability from csaf_certbund
Published
2023-03-23 23:00
Modified
2023-03-23 23:00
Summary
Red Hat OpenShift GitOps: Schwachstelle ermöglicht Offenlegung von Informationen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Red Hat OpenShift GitOps ausnutzen, um Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "niedrig"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Red Hat OpenShift GitOps ausnutzen, um Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0746 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0746.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0746 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0746"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2023-03-23",
"url": "https://access.redhat.com/errata/RHSA-2023:1454"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2023-03-23",
"url": "https://access.redhat.com/errata/RHSA-2023:1453"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2023-03-23",
"url": "https://access.redhat.com/errata/RHSA-2023:1452"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenShift GitOps: Schwachstelle erm\u00f6glicht Offenlegung von Informationen",
"tracking": {
"current_release_date": "2023-03-23T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:47:16.943+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-0746",
"initial_release_date": "2023-03-23T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-03-23T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.7",
"product": {
"name": "Red Hat OpenShift GitOps 1.7",
"product_id": "T026035",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:gitops_1.7"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.6",
"product": {
"name": "Red Hat OpenShift GitOps 1.6",
"product_id": "T026901",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:gitops_1.6"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.8",
"product": {
"name": "Red Hat OpenShift GitOps 1.8",
"product_id": "T026902",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:gitops_1.8"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-41354",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat OpenShift GitOps. In API-Fehlermeldungen k\u00f6nnen unter bestimmten Umst\u00e4nden Anwendungsnamen enthalten sein, die ein unbefugter Nutzer auslesen kann. Ein authentisierter Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T026901",
"T026902",
"T026035"
]
},
"release_date": "2023-03-23T23:00:00.000+00:00",
"title": "CVE-2022-41354"
}
]
}
WID-SEC-W-2023-0746
Vulnerability from csaf_certbund
Published
2023-03-23 23:00
Modified
2023-03-23 23:00
Summary
Red Hat OpenShift GitOps: Schwachstelle ermöglicht Offenlegung von Informationen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Red Hat OpenShift GitOps ausnutzen, um Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "niedrig"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Red Hat OpenShift GitOps ausnutzen, um Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0746 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0746.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0746 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0746"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2023-03-23",
"url": "https://access.redhat.com/errata/RHSA-2023:1454"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2023-03-23",
"url": "https://access.redhat.com/errata/RHSA-2023:1453"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2023-03-23",
"url": "https://access.redhat.com/errata/RHSA-2023:1452"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenShift GitOps: Schwachstelle erm\u00f6glicht Offenlegung von Informationen",
"tracking": {
"current_release_date": "2023-03-23T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:47:16.943+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-0746",
"initial_release_date": "2023-03-23T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-03-23T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.7",
"product": {
"name": "Red Hat OpenShift GitOps 1.7",
"product_id": "T026035",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:gitops_1.7"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.6",
"product": {
"name": "Red Hat OpenShift GitOps 1.6",
"product_id": "T026901",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:gitops_1.6"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.8",
"product": {
"name": "Red Hat OpenShift GitOps 1.8",
"product_id": "T026902",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:gitops_1.8"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-41354",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat OpenShift GitOps. In API-Fehlermeldungen k\u00f6nnen unter bestimmten Umst\u00e4nden Anwendungsnamen enthalten sein, die ein unbefugter Nutzer auslesen kann. Ein authentisierter Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T026901",
"T026902",
"T026035"
]
},
"release_date": "2023-03-23T23:00:00.000+00:00",
"title": "CVE-2022-41354"
}
]
}
ghsa-2q5c-qw9c-fmvq
Vulnerability from github
Published
2023-03-23 19:49
Modified
2023-03-27 22:11
Severity ?
Summary
Argo CD authenticated but unauthorized users may enumerate Application names via the API
Details
Impact
All versions of Argo CD starting with v0.5.0 are vulnerable to an information disclosure bug allowing unauthorized users to enumerate application names by inspecting API error messages. An attacker could use the discovered application names as the starting point of another attack. For example, the attacker might use their knowledge of an application name to convince an administrator to grant higher privileges (social engineering).
Many Argo CD API endpoints accept an application name as the only parameter. Since Argo CD RBAC requires both the application name and its configured project name (and, if apps-in-any-namespace is enabled, the application's namespace), Argo CD fetches the requested application before performing the RBAC check. If the application does not exist, the API returns a "not found". If the application does exist, and the user does not have access, the API returns an "unauthorized" error. By trial and error, an attacker can infer which applications exist and which do not.
Note that application resources are not fetched for API calls from unauthenticated users. If your Argo CD instance is accessible from the public internet, unauthenticated users will not be able to cause Argo CD to make Kubernetes API calls.
The patch changes API behavior to return "unauthorized" both when the application is missing and when the user is not authorized to access it. This change in API behavior may impact API clients. Check your code to make sure it will handle the new API behavior properly.
Patches
A patch for this vulnerability has been released in the following Argo CD versions:
- v2.6.7
- v2.5.16
- v2.4.28
Workarounds
There are no workarounds besides upgrading.
Credits
Thank you to bean.zhang of HIT-IDS ChunkL Team who discovered the issue and reported it confidentially according to our guidelines.
For more information
- Open an issue in the Argo CD issue tracker or discussions
- Join us on Slack in channel #argo-cd
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/argoproj/argo-cd"
},
"ranges": [
{
"events": [
{
"introduced": "0.5.0"
},
{
"last_affected": "1.8.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/argoproj/argo-cd/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.16"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/argoproj/argo-cd/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/argoproj/argo-cd/v2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.28"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-41354"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": true,
"github_reviewed_at": "2023-03-23T19:49:11Z",
"nvd_published_at": "2023-03-27T14:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nAll versions of Argo CD starting with v0.5.0 are vulnerable to an information disclosure bug allowing unauthorized users to enumerate application names by inspecting API error messages. An attacker could use the discovered application names as the starting point of another attack. For example, the attacker might use their knowledge of an application name to convince an administrator to grant higher privileges (social engineering).\n\nMany Argo CD API endpoints accept an application name as the only parameter. Since Argo CD RBAC requires both the application name and its configured project name (and, if apps-in-any-namespace is enabled, the application\u0027s namespace), Argo CD fetches the requested application before performing the RBAC check. If the application does not exist, the API returns a \"not found\". If the application does exist, and the user does not have access, the API returns an \"unauthorized\" error. By trial and error, an attacker can infer which applications exist and which do not.\n\nNote that application resources are not fetched for API calls from _unauthenticated_ users. If your Argo CD instance is accessible from the public internet, unauthenticated users will not be able to cause Argo CD to make Kubernetes API calls.\n\nThe patch changes API behavior to return \"unauthorized\" both when the application is missing and when the user is not authorized to access it. **This change in API behavior may impact API clients.** Check your code to make sure it will handle the new API behavior properly.\n\n### Patches\n\nA patch for this vulnerability has been released in the following Argo CD versions:\n\n* v2.6.7\n* v2.5.16\n* v2.4.28\n\n### Workarounds\n\nThere are no workarounds besides upgrading.\n\n### Credits\n\nThank you to bean.zhang of HIT-IDS ChunkL Team who discovered the issue and reported it confidentially according to our [guidelines](https://github.com/argoproj/argo-cd/blob/master/SECURITY.md#reporting-a-vulnerability).\n\n### For more information\n\n* Open an issue in [the Argo CD issue tracker](https://github.com/argoproj/argo-cd/issues) or [discussions](https://github.com/argoproj/argo-cd/discussions)\n* Join us on [Slack](https://argoproj.github.io/community/join-slack) in channel #argo-cd\n",
"id": "GHSA-2q5c-qw9c-fmvq",
"modified": "2023-03-27T22:11:08Z",
"published": "2023-03-23T19:49:11Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41354"
},
{
"type": "WEB",
"url": "https://github.com/argoproj/argo-cd/commit/3a28c8a18cc2aa84fe81492625545d25c7a90bc3"
},
{
"type": "PACKAGE",
"url": "https://github.com/argoproj/argo-cd"
},
{
"type": "WEB",
"url": "https://github.com/argoproj/argo-cd/releases/tag/v2.4.28"
},
{
"type": "WEB",
"url": "https://github.com/argoproj/argo-cd/releases/tag/v2.5.16"
},
{
"type": "WEB",
"url": "https://github.com/argoproj/argo-cd/releases/tag/v2.6.7"
},
{
"type": "WEB",
"url": "https://github.com/chunklhit/cve/blob/master/argo/argo-cd/application_enumeration.md"
},
{
"type": "WEB",
"url": "http://argo.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Argo CD authenticated but unauthorized users may enumerate Application names via the API"
}
fkie_cve-2022-41354
Vulnerability from fkie_nvd
Published
2023-03-27 14:15
Modified
2024-11-21 07:23
Severity ?
Summary
An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | argo-cd | * | |
| linuxfoundation | argo-cd | * | |
| linuxfoundation | argo-cd | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:argo-cd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21D5448A-EB02-4357-9723-20F8EF1962E9",
"versionEndExcluding": "2.4.28",
"versionStartIncluding": "0.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:argo-cd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A532628-AB91-4EC1-9FCB-9172F5CECC0E",
"versionEndExcluding": "2.5.16",
"versionStartIncluding": "2.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:argo-cd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B951D1A-7B21-43E5-B715-138F9F4DCA37",
"versionEndExcluding": "2.6.7",
"versionStartIncluding": "2.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications."
}
],
"id": "CVE-2022-41354",
"lastModified": "2024-11-21T07:23:06.407",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-27T14:15:07.557",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://argo.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://github.com/chunklhit/cve/blob/master/argo/argo-cd/application_enumeration.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://argo.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://github.com/chunklhit/cve/blob/master/argo/argo-cd/application_enumeration.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
gsd-2022-41354
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-41354",
"id": "GSD-2022-41354"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-41354"
],
"details": "An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications.",
"id": "GSD-2022-41354",
"modified": "2023-12-13T01:19:32.604368Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-41354",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://argo.com",
"refsource": "MISC",
"url": "http://argo.com"
},
{
"name": "https://github.com/chunklhit/cve/blob/master/argo/argo-cd/application_enumeration.md",
"refsource": "MISC",
"url": "https://github.com/chunklhit/cve/blob/master/argo/argo-cd/application_enumeration.md"
},
{
"name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq",
"refsource": "MISC",
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=v0.5.0 \u003c=v1.8.7",
"affected_versions": "All versions starting from 0.5.0 up to 1.8.7",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2023-03-23",
"description": "### Impact\n\nAll versions of Argo CD starting with v0.5.0 is vulnerable to an information disclosure bug allowing unauthorized users to enumerate application names by inspecting API error messages. An attacker could use the discovered application names as the starting point of another attack. For example, the attacker might use their knowledge of an application name to convince an administrator to grant higher privileges (social engineering).\n\nMany Argo CD API endpoints accept an application name as the only parameter. Since Argo CD RBAC requires both the application name and its configured project name (and, if apps-in-any-namespace is enabled, the application\u0027s namespace), Argo CD fetches the requested application before performing the RBAC check. If the application does not exist, the API returns a \"not found\". If the application does exist, and the user does not have access, the API returns an \"unauthorized\" error. By trial and error, an attacker can infer which applications exist and which do not.\n\nNote that application resources are not fetched for API calls from _unauthenticated_ users. If your Argo CD instance is accessible from the public internet, unauthenticated users will not be able to cause Argo CD to make Kubernetes API calls.\n\nThe patch changes API behavior to return \"unauthorized\" both when the application is missing and when the user is not authorized to access it. **This change in API behavior may impact API clients.** Check your code to make sure it will handle the new API behavior properly.\n\n### Patches\n\nA patch for this vulnerability has been released in the following Argo CD versions:\n\n* v2.6.7\n* v2.5.16\n* v2.4.28\n\n### Workarounds\n\nThere are no workarounds besides upgrading.\n\n### Credits\n\nThank you to bean.zhang of HIT-IDS ChunkL Team who discovered the issue and reported it confidentially according to our [guidelines](https://github.com/argoproj/argo-cd/blob/master/SECURITY.md#reporting-a-vulnerability).\n\n### For more information\n\n* Open an issue in [the Argo CD issue tracker](https://github.com/argoproj/argo-cd/issues) or [discussions](https://github.com/argoproj/argo-cd/discussions)\n* Join us on [Slack](https://argoproj.github.io/community/join-slack) in channel #argo-cd\n",
"fixed_versions": [],
"identifier": "CVE-2022-41354",
"identifiers": [
"GHSA-2q5c-qw9c-fmvq",
"CVE-2022-41354"
],
"not_impacted": "",
"package_slug": "go/github.com/argoproj/argo-cd",
"pubdate": "2023-03-23",
"solution": "Unfortunately, there is no solution available yet.",
"title": "Argo CD authenticated but unauthorized users may enumerate Application names via the API",
"urls": [
"https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq",
"https://github.com/argoproj/argo-cd/commit/3a28c8a18cc2aa84fe81492625545d25c7a90bc3",
"https://github.com/argoproj/argo-cd/releases/tag/v2.4.28",
"https://github.com/argoproj/argo-cd/releases/tag/v2.5.16",
"https://github.com/argoproj/argo-cd/releases/tag/v2.6.7",
"https://github.com/advisories/GHSA-2q5c-qw9c-fmvq"
],
"uuid": "0c346401-3cc1-46a7-b6b4-7646ed781099",
"versions": [
{
"commit": {
"sha": "df0e2e4015c4cff4e16c8743df9d62f5ca1bdc24",
"tags": [
"v0.5.0"
],
"timestamp": "20180612175411"
},
"number": "v0.5.0"
},
{
"commit": {
"sha": "eb3d1fb84b9b77cdffd70b14c4f949f1c64a9416",
"tags": [
"v1.8.7"
],
"timestamp": "20210303070237"
},
"number": "v1.8.7"
}
]
},
{
"affected_range": "\u003c2.4.28||\u003e=2.5.0 \u003c2.5.16||\u003e=2.6.0 \u003c2.6.7",
"affected_versions": "All versions before 2.4.28, all versions starting from 2.5.0 before 2.5.16, all versions starting from 2.6.0 before 2.6.7",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2023-03-23",
"description": "### Impact\n\nAll versions of Argo CD starting with v0.5.0 is vulnerable to an information disclosure bug allowing unauthorized users to enumerate application names by inspecting API error messages. An attacker could use the discovered application names as the starting point of another attack. For example, the attacker might use their knowledge of an application name to convince an administrator to grant higher privileges (social engineering).\n\nMany Argo CD API endpoints accept an application name as the only parameter. Since Argo CD RBAC requires both the application name and its configured project name (and, if apps-in-any-namespace is enabled, the application\u0027s namespace), Argo CD fetches the requested application before performing the RBAC check. If the application does not exist, the API returns a \"not found\". If the application does exist, and the user does not have access, the API returns an \"unauthorized\" error. By trial and error, an attacker can infer which applications exist and which do not.\n\nNote that application resources are not fetched for API calls from _unauthenticated_ users. If your Argo CD instance is accessible from the public internet, unauthenticated users will not be able to cause Argo CD to make Kubernetes API calls.\n\nThe patch changes API behavior to return \"unauthorized\" both when the application is missing and when the user is not authorized to access it. **This change in API behavior may impact API clients.** Check your code to make sure it will handle the new API behavior properly.\n\n### Patches\n\nA patch for this vulnerability has been released in the following Argo CD versions:\n\n* v2.6.7\n* v2.5.16\n* v2.4.28\n\n### Workarounds\n\nThere are no workarounds besides upgrading.\n\n### Credits\n\nThank you to bean.zhang of HIT-IDS ChunkL Team who discovered the issue and reported it confidentially according to our [guidelines](https://github.com/argoproj/argo-cd/blob/master/SECURITY.md#reporting-a-vulnerability).\n\n### For more information\n\n* Open an issue in [the Argo CD issue tracker](https://github.com/argoproj/argo-cd/issues) or [discussions](https://github.com/argoproj/argo-cd/discussions)\n* Join us on [Slack](https://argoproj.github.io/community/join-slack) in channel #argo-cd\n",
"fixed_versions": [
"2.5.16",
"2.6.7",
"2.4.28"
],
"identifier": "CVE-2022-41354",
"identifiers": [
"GHSA-2q5c-qw9c-fmvq",
"CVE-2022-41354"
],
"not_impacted": "All versions starting from 2.4.28 before 2.5.0, all versions starting from 2.5.16 before 2.6.0, all versions starting from 2.6.7",
"package_slug": "go/github.com/argoproj/argo-cd/v2",
"pubdate": "2023-03-23",
"solution": "Upgrade to versions 2.5.16, 2.6.7, 2.4.28 or above.",
"title": "Argo CD authenticated but unauthorized users may enumerate Application names via the API",
"urls": [
"https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq",
"https://github.com/argoproj/argo-cd/commit/3a28c8a18cc2aa84fe81492625545d25c7a90bc3",
"https://github.com/argoproj/argo-cd/releases/tag/v2.4.28",
"https://github.com/argoproj/argo-cd/releases/tag/v2.5.16",
"https://github.com/argoproj/argo-cd/releases/tag/v2.6.7",
"https://github.com/advisories/GHSA-2q5c-qw9c-fmvq"
],
"uuid": "17692847-29b4-4e17-9256-36bf73b47a6d"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:linuxfoundation:argo-cd:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.6.7",
"versionStartIncluding": "2.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:linuxfoundation:argo-cd:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.4.28",
"versionStartIncluding": "0.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:linuxfoundation:argo-cd:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.5.16",
"versionStartIncluding": "2.5.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-41354"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://argo.com",
"refsource": "MISC",
"tags": [
"Product"
],
"url": "http://argo.com"
},
{
"name": "https://github.com/chunklhit/cve/blob/master/argo/argo-cd/application_enumeration.md",
"refsource": "MISC",
"tags": [
"Broken Link"
],
"url": "https://github.com/chunklhit/cve/blob/master/argo/argo-cd/application_enumeration.md"
},
{
"name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
},
"lastModifiedDate": "2023-04-03T17:02Z",
"publishedDate": "2023-03-27T14:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.