Red Hat Security Advisory 2023-1452-01 - An update is now available for Red Hat OpenShift GitOps 1.8. Red Hat Product Security has rated this update as having a security impact of Moderate.
a1e519d32f363444beeef19b195aa9e03b76903f71ac68139e3b5114c4323ee2-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Red Hat OpenShift GitOps security update
Advisory ID: RHSA-2023:1452-01
Product: Red Hat OpenShift GitOps
Advisory URL: https://access.redhat.com/errata/RHSA-2023:1452
Issue date: 2023-03-23
CVE Names: CVE-2022-41354
=====================================================================
1. Summary:
An update is now available for Red Hat OpenShift GitOps 1.8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Description:
Security Fix(es):
* ArgoCD: Authenticated but unauthorized users may enumerate Application
names via the API (CVE-2022-41354)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
3. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
4. Bugs fixed (https://bugzilla.redhat.com/):
2167820 - CVE-2022-41354 ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API
5. References:
https://access.redhat.com/security/cve/CVE-2022-41354
https://access.redhat.com/security/updates/classification/#moderate
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBZBzBVtzjgjWX9erEAQi6RQ/+JfxD64NTPljBopSNQSuDFtEBIiohZguZ
2ydP/fVMGMksww/EPIhyh4gczYdq73hk2+V6P2RaCN87DxfBRpvLLc4x+GqS0bRn
ZkgaSe0UArP7fiPQu4krszGlFjEwm/bSXBDFcWA1anb8lEvQ+/dUiR/kjWsHjLXZ
6yU/0OEot4DGuLPvq7Kkj4sZ37/gNAjNIE9Sh46lnDWTD7nxZ1Si1UAJ2uNjfj52
gUUk5UxQRgg/5wuXucBSeU+IwK+Qh16mUAtAmJLn2eoIsM3kMisq3UL97oszrU32
J62w6Fu3mxJ1Axfz6hv5V/80W27Lqtkn60DH+UwpB9pvrraEVKWxQd+fM5NhjBnS
xgERYbDvh3SVMFHphkldFCYu6yOwkCS3uSrrpe/7wVRPmC9V8v0oMAZ9wlhczQs7
3t/4dfLfLgmWlApdJBEApwXnLWRPTKTverJwHtaHp1hnXO17Olm6XdaxhAwHiXF0
kXCFWXl3Sq/bb4Zyp6cbAEYdlWAiOA5qw0Hg89iciXXQ7v9eTSRXvH7ddNGFwlnW
fl7RrM/Dn6zLGsOnz70kZc8QZCy+YyrT+4j3CIiOHity0dlDn+pvTJgtXvgS2LoZ
zkuvktkhnePFgosSeMRLjPV36NjLD8E2vOuZqec3uooRzQ2afdFDHV6Ewreu2dyk
PLaxEL0Z8sE=
=vMuw
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed