csaf_redhat - rhsa-2023:1454

rhsa-2023:1454

Vulnerability from csaf_redhat

Published

2023-03-23 19:11

Modified

2024-11-22 22:23

Summary

Red Hat Security Advisory: Red Hat OpenShift GitOps security update

Notes

Topic

An update is now available for Red Hat OpenShift GitOps 1.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Security Fix(es): * ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API (CVE-2022-41354) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat OpenShift GitOps 1.7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Security Fix(es):\n\n* ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API (CVE-2022-41354)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:1454",
        "url": "https://access.redhat.com/errata/RHSA-2023:1454"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2167820",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167820"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1454.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat OpenShift GitOps security update",
    "tracking": {
      "current_release_date": "2024-11-22T22:23:43+00:00",
      "generator": {
        "date": "2024-11-22T22:23:43+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2023:1454",
      "initial_release_date": "2023-03-23T19:11:10+00:00",
      "revision_history": [
        {
          "date": "2023-03-23T19:11:10+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-03-23T19:11:10+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T22:23:43+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift GitOps 1.7",
                "product": {
                  "name": "Red Hat OpenShift GitOps 1.7",
                  "product_id": "8Base-GitOps-1.7",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift_gitops:1.7::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift GitOps"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x",
                "product": {
                  "name": "openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x",
                  "product_id": "openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.7.3-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a_s390x",
                "product": {
                  "name": "openshift-gitops-1/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a_s390x",
                  "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.7.3-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5_s390x",
                "product": {
                  "name": "openshift-gitops-1/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5_s390x",
                  "product_id": "openshift-gitops-1/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.7.3-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080_s390x",
                "product": {
                  "name": "openshift-gitops-1/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080_s390x",
                  "product_id": "openshift-gitops-1/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.7.3-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779_s390x",
                "product": {
                  "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779_s390x",
                  "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.7.3-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920_s390x",
                "product": {
                  "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920_s390x",
                  "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.7.3-4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64",
                "product": {
                  "name": "openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64",
                  "product_id": "openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.7.3-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e_amd64",
                "product": {
                  "name": "openshift-gitops-1/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e_amd64",
                  "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.7.3-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3_amd64",
                "product": {
                  "name": "openshift-gitops-1/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3_amd64",
                  "product_id": "openshift-gitops-1/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.7.3-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134_amd64",
                "product": {
                  "name": "openshift-gitops-1/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134_amd64",
                  "product_id": "openshift-gitops-1/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.7.3-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f_amd64",
                "product": {
                  "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f_amd64",
                  "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.7.3-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219_amd64",
                "product": {
                  "name": "openshift-gitops-1/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219_amd64",
                  "product_id": "openshift-gitops-1/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-operator-bundle\u0026tag=v1.7.3-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce_amd64",
                "product": {
                  "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce_amd64",
                  "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.7.3-4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le",
                "product": {
                  "name": "openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le",
                  "product_id": "openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.7.3-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99_ppc64le",
                "product": {
                  "name": "openshift-gitops-1/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99_ppc64le",
                  "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.7.3-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341_ppc64le",
                "product": {
                  "name": "openshift-gitops-1/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341_ppc64le",
                  "product_id": "openshift-gitops-1/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.7.3-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f_ppc64le",
                "product": {
                  "name": "openshift-gitops-1/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f_ppc64le",
                  "product_id": "openshift-gitops-1/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.7.3-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2_ppc64le",
                "product": {
                  "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2_ppc64le",
                  "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.7.3-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa_ppc64le",
                "product": {
                  "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa_ppc64le",
                  "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.7.3-4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le"
        },
        "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x"
        },
        "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64 as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64"
        },
        "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99_ppc64le as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99_ppc64le"
        },
        "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99_ppc64le",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e_amd64 as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e_amd64"
        },
        "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e_amd64",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a_s390x as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a_s390x"
        },
        "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a_s390x",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080_s390x as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080_s390x"
        },
        "product_reference": "openshift-gitops-1/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080_s390x",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f_ppc64le as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f_ppc64le"
        },
        "product_reference": "openshift-gitops-1/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f_ppc64le",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134_amd64 as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134_amd64"
        },
        "product_reference": "openshift-gitops-1/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134_amd64",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219_amd64 as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219_amd64"
        },
        "product_reference": "openshift-gitops-1/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219_amd64",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920_s390x as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920_s390x"
        },
        "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920_s390x",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa_ppc64le as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa_ppc64le"
        },
        "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa_ppc64le",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce_amd64 as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce_amd64"
        },
        "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce_amd64",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5_s390x as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5_s390x"
        },
        "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5_s390x",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3_amd64 as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3_amd64"
        },
        "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3_amd64",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341_ppc64le as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341_ppc64le"
        },
        "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341_ppc64le",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2_ppc64le as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2_ppc64le"
        },
        "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2_ppc64le",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779_s390x as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779_s390x"
        },
        "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779_s390x",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f_amd64 as a component of Red Hat OpenShift GitOps 1.7",
          "product_id": "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f_amd64"
        },
        "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f_amd64",
        "relates_to_product_reference": "8Base-GitOps-1.7"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-41354",
      "discovery_date": "2023-02-07T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99_ppc64le",
            "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e_amd64",
            "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a_s390x",
            "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080_s390x",
            "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f_ppc64le",
            "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134_amd64",
            "8Base-GitOps-1.7:openshift-gitops-1/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219_amd64",
            "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920_s390x",
            "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa_ppc64le",
            "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce_amd64",
            "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5_s390x",
            "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3_amd64",
            "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341_ppc64le",
            "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2_ppc64le",
            "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779_s390x",
            "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2167820"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An information disclosure flaw was found in Argo CD. This issue may allow unauthorized users to enumerate application names by inspecting API error messages and could use the discovered application names as the starting point of another attack. For example, the attacker might use their knowledge of an application name to convince an administrator to grant higher privileges.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le",
          "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x",
          "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64"
        ],
        "known_not_affected": [
          "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:95e331ef0ea455a93fd448319d639cbce39dccbe38eb7ccf9def9b2bba0e7c99_ppc64le",
          "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:9f5e8ccea8fe89d003abe3e7884efb05521bff8abe55d69ca45477060f29995e_amd64",
          "8Base-GitOps-1.7:openshift-gitops-1/console-plugin-rhel8@sha256:e4aca4f654d1239bb101bbf1ba5b9e1f52721843c075430e9893c38112a25c4a_s390x",
          "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:2c18b70417c2e53bfb893686b9c2a4c1eec3b5f38db9c9cf0749e0535edad080_s390x",
          "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:739fa286d530b9a1d01b9a62fabe4d8d36c0eff7069af126e011c8e83f33020f_ppc64le",
          "8Base-GitOps-1.7:openshift-gitops-1/dex-rhel8@sha256:ddaea14fc0b9f21524359fcd00c0e682721ce40c33b31a8ef3c1553aef295134_amd64",
          "8Base-GitOps-1.7:openshift-gitops-1/gitops-operator-bundle@sha256:b4a5bccf0a2d03ee1164e67e508a23fb26ac3f39433514d83807b1a4e5d32219_amd64",
          "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:3569e06d18396f89aeb55c84e93af06183358d18867d8e6d238dfa168e498920_s390x",
          "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:a7e5bce60edf1309c5aa142c53f67594803bb4f4734b984824e9bcfe9b826baa_ppc64le",
          "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8-operator@sha256:b0cc1ff4ace50d2e8cf408f4daa7922c85a6a052a9034e68546beb7391967fce_amd64",
          "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:76830d53754637826b20840adc3183c4edc9387d669e8035fc39966c79e961c5_s390x",
          "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:c2135416f1fd7ee7e9f3603f9e5d4401b6f7ba5d5d3f1b0208016d38888ffdd3_amd64",
          "8Base-GitOps-1.7:openshift-gitops-1/gitops-rhel8@sha256:f7df393bc26c4e77ffc24aba3c428e507d88d8bfee3de46f3cc8854d75270341_ppc64le",
          "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:4cb28da91b432eef9bc8bd649c48fac70a56b4ccef0a2b8f9a7dc6d8c8e70ee2_ppc64le",
          "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:d7575bf9fc7b563022bd31c469850838e686306c1fd9f8975a1d975d76b30779_s390x",
          "8Base-GitOps-1.7:openshift-gitops-1/kam-delivery-rhel8@sha256:e99b94f31fe1bbaf56764acdf4428cec3cf48a144519e5a3e141c923902d201f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-41354"
        },
        {
          "category": "external",
          "summary": "RHBZ#2167820",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167820"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41354",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41354"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41354",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41354"
        },
        {
          "category": "external",
          "summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq",
          "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq"
        }
      ],
      "release_date": "2023-03-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-23T19:11:10+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le",
            "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x",
            "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1454"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:60f0991fb9cdce298e39a9daa29b353d34b83dd70200a70e21c66bf0e140d94b_ppc64le",
            "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:830d3e65e506947d6558c61b34205b636fdc15d19b460c18170f441a8ac326e4_s390x",
            "8Base-GitOps-1.7:openshift-gitops-1/argocd-rhel8@sha256:aa77a8f11bf0b4358ba0b71cfc149235987c2e669e13e7fa0297216b78909600_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API"
    }
  ]
}

cve-2022-41354

Vulnerability from cvelistv5

Published

2023-03-27 00:00

Modified

2025-02-19 18:46

Severity ?

Summary

An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications.

References

▼	URL	Tags
	http://argo.com
	https://github.com/chunklhit/cve/blob/master/argo/argo-cd/application_enumeration.md
	https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:42:45.688Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://argo.com"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/chunklhit/cve/blob/master/argo/argo-cd/application_enumeration.md"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-41354",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-19T18:46:13.512199Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-19T18:46:38.230Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-27T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "http://argo.com"
        },
        {
          "url": "https://github.com/chunklhit/cve/blob/master/argo/argo-cd/application_enumeration.md"
        },
        {
          "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-41354",
    "datePublished": "2023-03-27T00:00:00.000Z",
    "dateReserved": "2022-09-26T00:00:00.000Z",
    "dateUpdated": "2025-02-19T18:46:38.230Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted