Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-47933 (GCVE-0-2025-47933)
Vulnerability from cvelistv5 – Published: 2025-05-29 19:30 – Updated: 2025-05-30 12:35
VLAI?
EPSS
Title
Argo CD allows cross-site scripting on repositories page
Summary
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacker can perform arbitrary actions on behalf of the victim via the API. Due to the improper filtering of URL protocols in the repository page, an attacker can achieve cross-site scripting with permission to edit the repository. This issue has been patched in versions 2.13.8, 2.14.13, and 3.0.4.
Severity ?
9.1 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47933",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-30T12:34:55.697431Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T12:35:04.233Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "argo-cd",
"vendor": "argoproj",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.2.0-rc1, \u003c= 1.8.7"
},
{
"status": "affected",
"version": "\u003e= 2.0.0-rc3, \u003c 2.13.8"
},
{
"status": "affected",
"version": "\u003e= 2.14.0-rc1, \u003c 2.14.13"
},
{
"status": "affected",
"version": "\u003e= 3.0.0-rc1, \u003c 3.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacker can perform arbitrary actions on behalf of the victim via the API. Due to the improper filtering of URL protocols in the repository page, an attacker can achieve cross-site scripting with permission to edit the repository. This issue has been patched in versions 2.13.8, 2.14.13, and 3.0.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T19:30:39.108Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2hj5-g64g-fp6p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2hj5-g64g-fp6p"
},
{
"name": "https://github.com/argoproj/argo-cd/commit/a5b4041a79c54bc7b3d090805d070bcdb9a9e4d1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/argoproj/argo-cd/commit/a5b4041a79c54bc7b3d090805d070bcdb9a9e4d1"
}
],
"source": {
"advisory": "GHSA-2hj5-g64g-fp6p",
"discovery": "UNKNOWN"
},
"title": "Argo CD allows cross-site scripting on repositories page"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-47933",
"datePublished": "2025-05-29T19:30:39.108Z",
"dateReserved": "2025-05-14T10:32:43.529Z",
"dateUpdated": "2025-05-30T12:35:04.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-47933\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-05-29T20:15:27.473\",\"lastModified\":\"2025-08-27T02:28:01.647\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacker can perform arbitrary actions on behalf of the victim via the API. Due to the improper filtering of URL protocols in the repository page, an attacker can achieve cross-site scripting with permission to edit the repository. This issue has been patched in versions 2.13.8, 2.14.13, and 3.0.4.\"},{\"lang\":\"es\",\"value\":\"Argo CD es una herramienta declarativa de entrega continua de GitOps para Kubernetes. En versiones anteriores a las 2.13.8, 2.14.13 y 3.0.4, un atacante pod\u00eda realizar acciones arbitrarias en nombre de la v\u00edctima a trav\u00e9s de la API. Debido al filtrado incorrecto de los protocolos de URL en la p\u00e1gina del repositorio, un atacante puede realizar ataques de cross-site scripting con permiso para editar el repositorio. Este problema se ha corregido en las versiones 2.13.8, 2.14.13 y 3.0.4.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":9.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.3,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.2.1\",\"versionEndExcluding\":\"2.13.8\",\"matchCriteriaId\":\"FEB6AB4D-CAF5-43BF-9362-35FA59D22980\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.14.0\",\"versionEndExcluding\":\"2.14.13\",\"matchCriteriaId\":\"D8AA903B-D9F7-4678-B437-2210CE881CD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.0.4\",\"matchCriteriaId\":\"E53FAABC-D715-451D-ABAE-F04B19AA99CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:argoproj:argo_cd:1.2.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA998D51-81E0-475F-8ABE-1CB42F848B8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:argoproj:argo_cd:1.2.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"47306D25-C476-4E30-BEA7-0151CF31F5D7\"}]}]}],\"references\":[{\"url\":\"https://github.com/argoproj/argo-cd/commit/a5b4041a79c54bc7b3d090805d070bcdb9a9e4d1\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/argoproj/argo-cd/security/advisories/GHSA-2hj5-g64g-fp6p\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-47933\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-30T12:34:55.697431Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-30T12:35:00.369Z\"}}], \"cna\": {\"title\": \"Argo CD allows cross-site scripting on repositories page\", \"source\": {\"advisory\": \"GHSA-2hj5-g64g-fp6p\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"argoproj\", \"product\": \"argo-cd\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 1.2.0-rc1, \u003c= 1.8.7\"}, {\"status\": \"affected\", \"version\": \"\u003e= 2.0.0-rc3, \u003c 2.13.8\"}, {\"status\": \"affected\", \"version\": \"\u003e= 2.14.0-rc1, \u003c 2.14.13\"}, {\"status\": \"affected\", \"version\": \"\u003e= 3.0.0-rc1, \u003c 3.0.4\"}]}], \"references\": [{\"url\": \"https://github.com/argoproj/argo-cd/security/advisories/GHSA-2hj5-g64g-fp6p\", \"name\": \"https://github.com/argoproj/argo-cd/security/advisories/GHSA-2hj5-g64g-fp6p\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/argoproj/argo-cd/commit/a5b4041a79c54bc7b3d090805d070bcdb9a9e4d1\", \"name\": \"https://github.com/argoproj/argo-cd/commit/a5b4041a79c54bc7b3d090805d070bcdb9a9e4d1\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacker can perform arbitrary actions on behalf of the victim via the API. Due to the improper filtering of URL protocols in the repository page, an attacker can achieve cross-site scripting with permission to edit the repository. This issue has been patched in versions 2.13.8, 2.14.13, and 3.0.4.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-05-29T19:30:39.108Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-47933\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-30T12:35:04.233Z\", \"dateReserved\": \"2025-05-14T10:32:43.529Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-05-29T19:30:39.108Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
GHSA-2HJ5-G64G-FP6P
Vulnerability from github – Published: 2025-05-28 17:36 – Updated: 2025-05-29 21:59
VLAI?
Summary
Argo CD allows cross-site scripting on repositories page
Details
Impact
This vulnerability allows an attacker to perform arbitrary actions on behalf of the victim via the API, such as creating, modifying, and deleting Kubernetes resources. Due to the improper filtering of URL protocols in the repository page, an attacker can achieve cross-site scripting with permission to edit the repository.
In ui/src/app/shared/components/urls.ts, the following code exists to parse the repository URL.
https://github.com/argoproj/argo-cd/blob/0ae5882d5ae9fe88efc51f65ca8543fb8c3a0aa1/ui/src/app/shared/components/urls.ts#L14-L26
Since this code doesn't validate the protocol of repository URLs, it's possible to inject javascript: URLs here.
https://github.com/argoproj/argo-cd/blob/0ae5882d5ae9fe88efc51f65ca8543fb8c3a0aa1/ui/src/app/shared/components/repo.tsx#L5-L7
As the return value of this function is used in the href attribute of the a tag, it's possible to achieve cross-site scripting by using javascript: URLs.
Browsers may return the proper hostname for javascript: URLs, allowing exploitation of this vulnerability.
Patches
A patch for this vulnerability has been released in the following Argo CD versions: - v3.0.4 - v2.14.13 - v2.13.8
The patch incorporates a way to validate the URL being passed in. Returning null if the validation fails.
Workarounds
There are no workarounds other than depending on the browser to filter the URL.
Credits
Disclosed by @Ry0taK RyotaK.
For more information
Open an issue in the Argo CD issue tracker or discussions Join us on Slack in channel #argo-cd
Severity ?
9.0 (Critical)
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/argoproj/argo-cd"
},
"ranges": [
{
"events": [
{
"introduced": "1.2.0-rc1"
},
{
"last_affected": "1.8.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/argoproj/argo-cd/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0-rc3"
},
{
"fixed": "2.13.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/argoproj/argo-cd/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.14.0-rc1"
},
{
"fixed": "2.14.13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/argoproj/argo-cd/v3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-47933"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2025-05-28T17:36:32Z",
"nvd_published_at": "2025-05-29T20:15:27Z",
"severity": "CRITICAL"
},
"details": "### Impact\nThis vulnerability allows an attacker to perform arbitrary actions on behalf of the victim via the API, such as creating, modifying, and deleting Kubernetes resources. Due to the improper filtering of URL protocols in the repository page, an attacker can achieve cross-site scripting with permission to edit the repository.\n\nIn `ui/src/app/shared/components/urls.ts`, the following code exists to parse the repository URL.\n\nhttps://github.com/argoproj/argo-cd/blob/0ae5882d5ae9fe88efc51f65ca8543fb8c3a0aa1/ui/src/app/shared/components/urls.ts#L14-L26\n\nSince this code doesn\u0027t validate the protocol of repository URLs, it\u0027s possible to inject `javascript:` URLs here.\n\nhttps://github.com/argoproj/argo-cd/blob/0ae5882d5ae9fe88efc51f65ca8543fb8c3a0aa1/ui/src/app/shared/components/repo.tsx#L5-L7\n\nAs the return value of this function is used in the `href` attribute of the `a` tag, it\u0027s possible to achieve cross-site scripting by using `javascript:` URLs.\n\nBrowsers may return the proper hostname for `javascript:` URLs, allowing exploitation of this vulnerability.\n\n### Patches\nA patch for this vulnerability has been released in the following Argo CD versions:\n- v3.0.4\n- v2.14.13\n- v2.13.8\n\n\nThe patch incorporates a way to validate the URL being passed in. Returning `null` if the validation fails.\n\n### Workarounds\nThere are no workarounds other than depending on the browser to filter the URL. \n\n### Credits\nDisclosed by @Ry0taK [RyotaK](https://ryotak.net). \n\n### For more information\nOpen an issue in [the Argo CD issue tracker](https://github.com/argoproj/argo-cd/issues) or [discussions](https://github.com/argoproj/argo-cd/discussions)\nJoin us on [Slack](https://argoproj.github.io/community/join-slack) in channel #argo-cd",
"id": "GHSA-2hj5-g64g-fp6p",
"modified": "2025-05-29T21:59:47Z",
"published": "2025-05-28T17:36:32Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2hj5-g64g-fp6p"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47933"
},
{
"type": "WEB",
"url": "https://github.com/argoproj/argo-cd/commit/a5b4041a79c54bc7b3d090805d070bcdb9a9e4d1"
},
{
"type": "PACKAGE",
"url": "https://github.com/argoproj/argo-cd"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Argo CD allows cross-site scripting on repositories page"
}
WID-SEC-W-2025-1164
Vulnerability from csaf_certbund - Published: 2025-05-29 22:00 - Updated: 2025-06-02 22:00Summary
Red Hat OpenShift GitOps: Schwachstelle ermöglicht Cross-Site Scripting
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff: Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Red Hat OpenShift GitOps ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- UNIX
References
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Red Hat OpenShift GitOps ausnutzen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1164 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1164.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1164 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1164"
},
{
"category": "external",
"summary": "Red Hat Security Advisor vom 2025-05-29",
"url": "https://access.redhat.com/errata/RHSA-2025:8269"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15188-1 vom 2025-06-02",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/5W5NDYFJCKVTB2UYZO6OSRFA7RGWGHY3/"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenShift GitOps: Schwachstelle erm\u00f6glicht Cross-Site Scripting",
"tracking": {
"current_release_date": "2025-06-02T22:00:00.000+00:00",
"generator": {
"date": "2025-06-03T08:58:35.042+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-1164",
"initial_release_date": "2025-05-29T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-05-29T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-06-02T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von openSUSE aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "GitOps \u003c1.16.1",
"product": {
"name": "Red Hat OpenShift GitOps \u003c1.16.1",
"product_id": "T044217"
}
},
{
"category": "product_version",
"name": "GitOps 1.16.1",
"product": {
"name": "Red Hat OpenShift GitOps 1.16.1",
"product_id": "T044217-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:gitops__1.16.1"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47933",
"product_status": {
"known_affected": [
"T044217",
"T027843"
]
},
"release_date": "2025-05-29T22:00:00.000+00:00",
"title": "CVE-2025-47933"
}
]
}
RHSA-2025:8269
Vulnerability from csaf_redhat - Published: 2025-05-28 16:54 - Updated: 2026-02-27 16:40Summary
Red Hat Security Advisory: Red Hat OpenShift GitOps 1.16.1 security release
Severity
Important
Notes
Topic: Errata advisory for Red Hat OpenShift GitOps 1.16.1 security release.
Details: The Red Hat OpenShift GitOps 1.16.1 release provides security updates to
the Argo CD CLI, Argo Rollouts CLI and MicroShift GitOps.
Security Fix(es):
* openshift-gitops-1/argocd-rhel9: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS) [gitops-1.16](CVE-2025-47933)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Argo CD, where improper filtering of repository URLs in the UI allows JavaScript injection. A crafted javascript: link can lead to cross-site scripting when viewed by another user. This can result in unauthorized API actions via the victim's session.
8.2 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:8269
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Errata advisory for Red Hat OpenShift GitOps 1.16.1 security release.",
"title": "Topic"
},
{
"category": "general",
"text": "The Red Hat OpenShift GitOps 1.16.1 release provides security updates to\nthe Argo CD CLI, Argo Rollouts CLI and MicroShift GitOps.\n\nSecurity Fix(es):\n\n* openshift-gitops-1/argocd-rhel9: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS) [gitops-1.16](CVE-2025-47933)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:8269",
"url": "https://access.redhat.com/errata/RHSA-2025:8269"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "GITOPS-6885",
"url": "https://issues.redhat.com/browse/GITOPS-6885"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_8269.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift GitOps 1.16.1 security release",
"tracking": {
"current_release_date": "2026-02-27T16:40:54+00:00",
"generator": {
"date": "2026-02-27T16:40:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.2"
}
},
"id": "RHSA-2025:8269",
"initial_release_date": "2025-05-28T16:54:33+00:00",
"revision_history": [
{
"date": "2025-05-28T16:54:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-05-28T16:54:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-27T16:40:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.16",
"product": {
"name": "Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_gitops:1.16::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.16",
"product": {
"name": "Red Hat OpenShift GitOps 1.16",
"product_id": "9Base-GitOps-1.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_gitops:1.16::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift GitOps"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-argocd-cli-0:1.16.1-26.el8.src",
"product": {
"name": "openshift-gitops-argocd-cli-0:1.16.1-26.el8.src",
"product_id": "openshift-gitops-argocd-cli-0:1.16.1-26.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-gitops-argocd-cli@1.16.1-26.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-argocd-cli-0:1.16.1-10.el9.src",
"product": {
"name": "openshift-gitops-argocd-cli-0:1.16.1-10.el9.src",
"product_id": "openshift-gitops-argocd-cli-0:1.16.1-10.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-gitops-argocd-cli@1.16.1-10.el9?arch=src"
}
}
},
{
"category": "product_version",
"name": "microshift-gitops-0:1.16.1-10.el9.src",
"product": {
"name": "microshift-gitops-0:1.16.1-10.el9.src",
"product_id": "microshift-gitops-0:1.16.1-10.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/microshift-gitops@1.16.1-10.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-argocd-cli-0:1.16.1-26.el8.x86_64",
"product": {
"name": "openshift-gitops-argocd-cli-0:1.16.1-26.el8.x86_64",
"product_id": "openshift-gitops-argocd-cli-0:1.16.1-26.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-gitops-argocd-cli@1.16.1-26.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-argocd-cli-redistributable-0:1.16.1-26.el8.x86_64",
"product": {
"name": "openshift-gitops-argocd-cli-redistributable-0:1.16.1-26.el8.x86_64",
"product_id": "openshift-gitops-argocd-cli-redistributable-0:1.16.1-26.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-gitops-argocd-cli-redistributable@1.16.1-26.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-argocd-cli-0:1.16.1-10.el9.x86_64",
"product": {
"name": "openshift-gitops-argocd-cli-0:1.16.1-10.el9.x86_64",
"product_id": "openshift-gitops-argocd-cli-0:1.16.1-10.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-gitops-argocd-cli@1.16.1-10.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-argocd-cli-redistributable-0:1.16.1-10.el9.x86_64",
"product": {
"name": "openshift-gitops-argocd-cli-redistributable-0:1.16.1-10.el9.x86_64",
"product_id": "openshift-gitops-argocd-cli-redistributable-0:1.16.1-10.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-gitops-argocd-cli-redistributable@1.16.1-10.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "microshift-gitops-0:1.16.1-10.el9.x86_64",
"product": {
"name": "microshift-gitops-0:1.16.1-10.el9.x86_64",
"product_id": "microshift-gitops-0:1.16.1-10.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/microshift-gitops@1.16.1-10.el9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-argocd-cli-0:1.16.1-26.el8.aarch64",
"product": {
"name": "openshift-gitops-argocd-cli-0:1.16.1-26.el8.aarch64",
"product_id": "openshift-gitops-argocd-cli-0:1.16.1-26.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-gitops-argocd-cli@1.16.1-26.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-argocd-cli-0:1.16.1-10.el9.aarch64",
"product": {
"name": "openshift-gitops-argocd-cli-0:1.16.1-10.el9.aarch64",
"product_id": "openshift-gitops-argocd-cli-0:1.16.1-10.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-gitops-argocd-cli@1.16.1-10.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "microshift-gitops-0:1.16.1-10.el9.aarch64",
"product": {
"name": "microshift-gitops-0:1.16.1-10.el9.aarch64",
"product_id": "microshift-gitops-0:1.16.1-10.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/microshift-gitops@1.16.1-10.el9?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-argocd-cli-0:1.16.1-26.el8.ppc64le",
"product": {
"name": "openshift-gitops-argocd-cli-0:1.16.1-26.el8.ppc64le",
"product_id": "openshift-gitops-argocd-cli-0:1.16.1-26.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-gitops-argocd-cli@1.16.1-26.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-argocd-cli-0:1.16.1-26.el8.s390x",
"product": {
"name": "openshift-gitops-argocd-cli-0:1.16.1-26.el8.s390x",
"product_id": "openshift-gitops-argocd-cli-0:1.16.1-26.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-gitops-argocd-cli@1.16.1-26.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "microshift-gitops-release-info-0:1.16.1-10.el9.noarch",
"product": {
"name": "microshift-gitops-release-info-0:1.16.1-10.el9.noarch",
"product_id": "microshift-gitops-release-info-0:1.16.1-10.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/microshift-gitops-release-info@1.16.1-10.el9?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-argocd-cli-0:1.16.1-26.el8.aarch64 as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-argocd-cli-0:1.16.1-26.el8.aarch64"
},
"product_reference": "openshift-gitops-argocd-cli-0:1.16.1-26.el8.aarch64",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-argocd-cli-0:1.16.1-26.el8.ppc64le as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-argocd-cli-0:1.16.1-26.el8.ppc64le"
},
"product_reference": "openshift-gitops-argocd-cli-0:1.16.1-26.el8.ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-argocd-cli-0:1.16.1-26.el8.s390x as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-argocd-cli-0:1.16.1-26.el8.s390x"
},
"product_reference": "openshift-gitops-argocd-cli-0:1.16.1-26.el8.s390x",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-argocd-cli-0:1.16.1-26.el8.src as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-argocd-cli-0:1.16.1-26.el8.src"
},
"product_reference": "openshift-gitops-argocd-cli-0:1.16.1-26.el8.src",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-argocd-cli-0:1.16.1-26.el8.x86_64 as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-argocd-cli-0:1.16.1-26.el8.x86_64"
},
"product_reference": "openshift-gitops-argocd-cli-0:1.16.1-26.el8.x86_64",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-argocd-cli-redistributable-0:1.16.1-26.el8.x86_64 as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-argocd-cli-redistributable-0:1.16.1-26.el8.x86_64"
},
"product_reference": "openshift-gitops-argocd-cli-redistributable-0:1.16.1-26.el8.x86_64",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "microshift-gitops-0:1.16.1-10.el9.aarch64 as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "9Base-GitOps-1.16:microshift-gitops-0:1.16.1-10.el9.aarch64"
},
"product_reference": "microshift-gitops-0:1.16.1-10.el9.aarch64",
"relates_to_product_reference": "9Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "microshift-gitops-0:1.16.1-10.el9.src as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "9Base-GitOps-1.16:microshift-gitops-0:1.16.1-10.el9.src"
},
"product_reference": "microshift-gitops-0:1.16.1-10.el9.src",
"relates_to_product_reference": "9Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "microshift-gitops-0:1.16.1-10.el9.x86_64 as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "9Base-GitOps-1.16:microshift-gitops-0:1.16.1-10.el9.x86_64"
},
"product_reference": "microshift-gitops-0:1.16.1-10.el9.x86_64",
"relates_to_product_reference": "9Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "microshift-gitops-release-info-0:1.16.1-10.el9.noarch as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "9Base-GitOps-1.16:microshift-gitops-release-info-0:1.16.1-10.el9.noarch"
},
"product_reference": "microshift-gitops-release-info-0:1.16.1-10.el9.noarch",
"relates_to_product_reference": "9Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-argocd-cli-0:1.16.1-10.el9.aarch64 as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "9Base-GitOps-1.16:openshift-gitops-argocd-cli-0:1.16.1-10.el9.aarch64"
},
"product_reference": "openshift-gitops-argocd-cli-0:1.16.1-10.el9.aarch64",
"relates_to_product_reference": "9Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-argocd-cli-0:1.16.1-10.el9.src as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "9Base-GitOps-1.16:openshift-gitops-argocd-cli-0:1.16.1-10.el9.src"
},
"product_reference": "openshift-gitops-argocd-cli-0:1.16.1-10.el9.src",
"relates_to_product_reference": "9Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-argocd-cli-0:1.16.1-10.el9.x86_64 as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "9Base-GitOps-1.16:openshift-gitops-argocd-cli-0:1.16.1-10.el9.x86_64"
},
"product_reference": "openshift-gitops-argocd-cli-0:1.16.1-10.el9.x86_64",
"relates_to_product_reference": "9Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-argocd-cli-redistributable-0:1.16.1-10.el9.x86_64 as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "9Base-GitOps-1.16:openshift-gitops-argocd-cli-redistributable-0:1.16.1-10.el9.x86_64"
},
"product_reference": "openshift-gitops-argocd-cli-redistributable-0:1.16.1-10.el9.x86_64",
"relates_to_product_reference": "9Base-GitOps-1.16"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47933",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2025-05-21T07:20:49.941000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367740"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Argo CD, where improper filtering of repository URLs in the UI allows JavaScript injection. A crafted javascript: link can lead to cross-site scripting when viewed by another user. This can result in unauthorized API actions via the victim\u0027s session.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "argocd: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-GitOps-1.16:openshift-gitops-argocd-cli-0:1.16.1-26.el8.aarch64",
"8Base-GitOps-1.16:openshift-gitops-argocd-cli-0:1.16.1-26.el8.ppc64le",
"8Base-GitOps-1.16:openshift-gitops-argocd-cli-0:1.16.1-26.el8.s390x",
"8Base-GitOps-1.16:openshift-gitops-argocd-cli-0:1.16.1-26.el8.src",
"8Base-GitOps-1.16:openshift-gitops-argocd-cli-0:1.16.1-26.el8.x86_64",
"8Base-GitOps-1.16:openshift-gitops-argocd-cli-redistributable-0:1.16.1-26.el8.x86_64",
"9Base-GitOps-1.16:microshift-gitops-0:1.16.1-10.el9.aarch64",
"9Base-GitOps-1.16:microshift-gitops-0:1.16.1-10.el9.src",
"9Base-GitOps-1.16:microshift-gitops-0:1.16.1-10.el9.x86_64",
"9Base-GitOps-1.16:microshift-gitops-release-info-0:1.16.1-10.el9.noarch",
"9Base-GitOps-1.16:openshift-gitops-argocd-cli-0:1.16.1-10.el9.aarch64",
"9Base-GitOps-1.16:openshift-gitops-argocd-cli-0:1.16.1-10.el9.src",
"9Base-GitOps-1.16:openshift-gitops-argocd-cli-0:1.16.1-10.el9.x86_64",
"9Base-GitOps-1.16:openshift-gitops-argocd-cli-redistributable-0:1.16.1-10.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47933"
},
{
"category": "external",
"summary": "RHBZ#2367740",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367740"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47933",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47933"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47933",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47933"
}
],
"release_date": "2025-05-28T14:30:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-28T16:54:33+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-GitOps-1.16:openshift-gitops-argocd-cli-0:1.16.1-26.el8.aarch64",
"8Base-GitOps-1.16:openshift-gitops-argocd-cli-0:1.16.1-26.el8.ppc64le",
"8Base-GitOps-1.16:openshift-gitops-argocd-cli-0:1.16.1-26.el8.s390x",
"8Base-GitOps-1.16:openshift-gitops-argocd-cli-0:1.16.1-26.el8.src",
"8Base-GitOps-1.16:openshift-gitops-argocd-cli-0:1.16.1-26.el8.x86_64",
"8Base-GitOps-1.16:openshift-gitops-argocd-cli-redistributable-0:1.16.1-26.el8.x86_64",
"9Base-GitOps-1.16:microshift-gitops-0:1.16.1-10.el9.aarch64",
"9Base-GitOps-1.16:microshift-gitops-0:1.16.1-10.el9.src",
"9Base-GitOps-1.16:microshift-gitops-0:1.16.1-10.el9.x86_64",
"9Base-GitOps-1.16:microshift-gitops-release-info-0:1.16.1-10.el9.noarch",
"9Base-GitOps-1.16:openshift-gitops-argocd-cli-0:1.16.1-10.el9.aarch64",
"9Base-GitOps-1.16:openshift-gitops-argocd-cli-0:1.16.1-10.el9.src",
"9Base-GitOps-1.16:openshift-gitops-argocd-cli-0:1.16.1-10.el9.x86_64",
"9Base-GitOps-1.16:openshift-gitops-argocd-cli-redistributable-0:1.16.1-10.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8269"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-GitOps-1.16:openshift-gitops-argocd-cli-0:1.16.1-26.el8.aarch64",
"8Base-GitOps-1.16:openshift-gitops-argocd-cli-0:1.16.1-26.el8.ppc64le",
"8Base-GitOps-1.16:openshift-gitops-argocd-cli-0:1.16.1-26.el8.s390x",
"8Base-GitOps-1.16:openshift-gitops-argocd-cli-0:1.16.1-26.el8.src",
"8Base-GitOps-1.16:openshift-gitops-argocd-cli-0:1.16.1-26.el8.x86_64",
"8Base-GitOps-1.16:openshift-gitops-argocd-cli-redistributable-0:1.16.1-26.el8.x86_64",
"9Base-GitOps-1.16:microshift-gitops-0:1.16.1-10.el9.aarch64",
"9Base-GitOps-1.16:microshift-gitops-0:1.16.1-10.el9.src",
"9Base-GitOps-1.16:microshift-gitops-0:1.16.1-10.el9.x86_64",
"9Base-GitOps-1.16:microshift-gitops-release-info-0:1.16.1-10.el9.noarch",
"9Base-GitOps-1.16:openshift-gitops-argocd-cli-0:1.16.1-10.el9.aarch64",
"9Base-GitOps-1.16:openshift-gitops-argocd-cli-0:1.16.1-10.el9.src",
"9Base-GitOps-1.16:openshift-gitops-argocd-cli-0:1.16.1-10.el9.x86_64",
"9Base-GitOps-1.16:openshift-gitops-argocd-cli-redistributable-0:1.16.1-10.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "argocd: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS)"
}
]
}
RHSA-2025:8278
Vulnerability from csaf_redhat - Published: 2025-05-28 20:55 - Updated: 2026-02-27 16:40Summary
Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.16.1 security update
Severity
Important
Notes
Topic: Errata Advisory for Red Hat OpenShift GitOps v1.16.1 security update.
Details: Errata Advisory for Red Hat OpenShift GitOps v1.16.1 security release.
Security Fix(es):
* openshift-gitops-argocd-container: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS) [gitops-1.16](CVE-2025-47933)
* openshift-gitops-1/gitops-operator-bundle: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS) [gitops-1.16](CVE-2025-47933)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Argo CD, where improper filtering of repository URLs in the UI allows JavaScript injection. A crafted javascript: link can lead to cross-site scripting when viewed by another user. This can result in unauthorized API actions via the victim's session.
8.2 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:8278
References
| URL | Category | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Errata Advisory for Red Hat OpenShift GitOps v1.16.1 security update.",
"title": "Topic"
},
{
"category": "general",
"text": "Errata Advisory for Red Hat OpenShift GitOps v1.16.1 security release.\n\nSecurity Fix(es):\n\n* openshift-gitops-argocd-container: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS) [gitops-1.16](CVE-2025-47933)\n* openshift-gitops-1/gitops-operator-bundle: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS) [gitops-1.16](CVE-2025-47933)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:8278",
"url": "https://access.redhat.com/errata/RHSA-2025:8278"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "GITOPS-6721",
"url": "https://issues.redhat.com/browse/GITOPS-6721"
},
{
"category": "external",
"summary": "GITOPS-6759",
"url": "https://issues.redhat.com/browse/GITOPS-6759"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_8278.json"
}
],
"title": "Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.16.1 security update",
"tracking": {
"current_release_date": "2026-02-27T16:40:58+00:00",
"generator": {
"date": "2026-02-27T16:40:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.2"
}
},
"id": "RHSA-2025:8278",
"initial_release_date": "2025-05-28T20:55:14+00:00",
"revision_history": [
{
"date": "2025-05-28T20:55:14+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-05-28T20:55:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-27T16:40:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.16",
"product": {
"name": "Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_gitops:1.16::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.16",
"product": {
"name": "Red Hat OpenShift GitOps 1.16",
"product_id": "9Base-GitOps-1.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_gitops:1.16::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift GitOps"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:ddf1b016616ba297a8bfd962f390e84bd00a9d855fc3b87910cb866800374023_ppc64le",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:ddf1b016616ba297a8bfd962f390e84bd00a9d855fc3b87910cb866800374023_ppc64le",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:ddf1b016616ba297a8bfd962f390e84bd00a9d855fc3b87910cb866800374023_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:ddf1b016616ba297a8bfd962f390e84bd00a9d855fc3b87910cb866800374023?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.16.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-extensions-rhel8@sha256:4ebab81f7caa4c7322f0f6c0bac90c1b9a97265d6e7e23b68d1afd6bffe9b30b_ppc64le",
"product": {
"name": "openshift-gitops-1/argocd-extensions-rhel8@sha256:4ebab81f7caa4c7322f0f6c0bac90c1b9a97265d6e7e23b68d1afd6bffe9b30b_ppc64le",
"product_id": "openshift-gitops-1/argocd-extensions-rhel8@sha256:4ebab81f7caa4c7322f0f6c0bac90c1b9a97265d6e7e23b68d1afd6bffe9b30b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-extensions-rhel8@sha256:4ebab81f7caa4c7322f0f6c0bac90c1b9a97265d6e7e23b68d1afd6bffe9b30b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8\u0026tag=v1.16.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:aae8095403bd38e54074ec528f427218bb3794cde315df01b926f872311f6061_ppc64le",
"product": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:aae8095403bd38e54074ec528f427218bb3794cde315df01b926f872311f6061_ppc64le",
"product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:aae8095403bd38e54074ec528f427218bb3794cde315df01b926f872311f6061_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256:aae8095403bd38e54074ec528f427218bb3794cde315df01b926f872311f6061?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.16.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:a4e8ff1f135c636a67ddc90cb9f907d71b7b9df49818ebb1819e289154c9d0ac_ppc64le",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:a4e8ff1f135c636a67ddc90cb9f907d71b7b9df49818ebb1819e289154c9d0ac_ppc64le",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:a4e8ff1f135c636a67ddc90cb9f907d71b7b9df49818ebb1819e289154c9d0ac_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:a4e8ff1f135c636a67ddc90cb9f907d71b7b9df49818ebb1819e289154c9d0ac?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.16.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:890ad2638a1ac4679d70ff4075f7be46d5b78a158cee7bdcf179698df3e4195c_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:890ad2638a1ac4679d70ff4075f7be46d5b78a158cee7bdcf179698df3e4195c_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:890ad2638a1ac4679d70ff4075f7be46d5b78a158cee7bdcf179698df3e4195c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:890ad2638a1ac4679d70ff4075f7be46d5b78a158cee7bdcf179698df3e4195c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.16.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:a1529921e12066e73493cd8c7f6e98014bab714790eee5cb6868d86c95f63726_ppc64le",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:a1529921e12066e73493cd8c7f6e98014bab714790eee5cb6868d86c95f63726_ppc64le",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:a1529921e12066e73493cd8c7f6e98014bab714790eee5cb6868d86c95f63726_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:a1529921e12066e73493cd8c7f6e98014bab714790eee5cb6868d86c95f63726?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.16.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/must-gather-rhel8@sha256:a741a5785a9502466d074cda2002bd63dc1955a844abcb7558e45a017c5045e0_ppc64le",
"product": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:a741a5785a9502466d074cda2002bd63dc1955a844abcb7558e45a017c5045e0_ppc64le",
"product_id": "openshift-gitops-1/must-gather-rhel8@sha256:a741a5785a9502466d074cda2002bd63dc1955a844abcb7558e45a017c5045e0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256:a741a5785a9502466d074cda2002bd63dc1955a844abcb7558e45a017c5045e0?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.16.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:a0d4da0651c88891561941b7a3450fc15db55a3fbc7b5d825b60fc07b4c6452a_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:a0d4da0651c88891561941b7a3450fc15db55a3fbc7b5d825b60fc07b4c6452a_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:a0d4da0651c88891561941b7a3450fc15db55a3fbc7b5d825b60fc07b4c6452a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:a0d4da0651c88891561941b7a3450fc15db55a3fbc7b5d825b60fc07b4c6452a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.16.1-4"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:296a1efdfe6c79d09e2774a1f14fc0071fd34dd4dec3e20704bd04fd9d92d252_s390x",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:296a1efdfe6c79d09e2774a1f14fc0071fd34dd4dec3e20704bd04fd9d92d252_s390x",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:296a1efdfe6c79d09e2774a1f14fc0071fd34dd4dec3e20704bd04fd9d92d252_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:296a1efdfe6c79d09e2774a1f14fc0071fd34dd4dec3e20704bd04fd9d92d252?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.16.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-extensions-rhel8@sha256:8807044d6ab60f36a7d15a281921a911d9749bf83c3de9a900322ef265a98bdf_s390x",
"product": {
"name": "openshift-gitops-1/argocd-extensions-rhel8@sha256:8807044d6ab60f36a7d15a281921a911d9749bf83c3de9a900322ef265a98bdf_s390x",
"product_id": "openshift-gitops-1/argocd-extensions-rhel8@sha256:8807044d6ab60f36a7d15a281921a911d9749bf83c3de9a900322ef265a98bdf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-extensions-rhel8@sha256:8807044d6ab60f36a7d15a281921a911d9749bf83c3de9a900322ef265a98bdf?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8\u0026tag=v1.16.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:721d7cbb275153b809ab58848f93930ee72c99316544ce2c0bf7c9246f3c768c_s390x",
"product": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:721d7cbb275153b809ab58848f93930ee72c99316544ce2c0bf7c9246f3c768c_s390x",
"product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:721d7cbb275153b809ab58848f93930ee72c99316544ce2c0bf7c9246f3c768c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256:721d7cbb275153b809ab58848f93930ee72c99316544ce2c0bf7c9246f3c768c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.16.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:9016be790965bfb51168aa3f32c314f97db6d9810cd1fc5043539075df76abae_s390x",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:9016be790965bfb51168aa3f32c314f97db6d9810cd1fc5043539075df76abae_s390x",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:9016be790965bfb51168aa3f32c314f97db6d9810cd1fc5043539075df76abae_s390x",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:9016be790965bfb51168aa3f32c314f97db6d9810cd1fc5043539075df76abae?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.16.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:064ee457d8654c3ca85684a2bdef3f07bba2e21afd27857e98284a287108f14b_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:064ee457d8654c3ca85684a2bdef3f07bba2e21afd27857e98284a287108f14b_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:064ee457d8654c3ca85684a2bdef3f07bba2e21afd27857e98284a287108f14b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:064ee457d8654c3ca85684a2bdef3f07bba2e21afd27857e98284a287108f14b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.16.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:6f4c6009d3347fc4ea7a0797c4742507f76e81e3f3a188a10d697a51fa947813_s390x",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:6f4c6009d3347fc4ea7a0797c4742507f76e81e3f3a188a10d697a51fa947813_s390x",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:6f4c6009d3347fc4ea7a0797c4742507f76e81e3f3a188a10d697a51fa947813_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:6f4c6009d3347fc4ea7a0797c4742507f76e81e3f3a188a10d697a51fa947813?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.16.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/must-gather-rhel8@sha256:2edc9ba7f87bb47d718a8cfb9e62b7d3c83d0920992c3cb13403be78042f5222_s390x",
"product": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:2edc9ba7f87bb47d718a8cfb9e62b7d3c83d0920992c3cb13403be78042f5222_s390x",
"product_id": "openshift-gitops-1/must-gather-rhel8@sha256:2edc9ba7f87bb47d718a8cfb9e62b7d3c83d0920992c3cb13403be78042f5222_s390x",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256:2edc9ba7f87bb47d718a8cfb9e62b7d3c83d0920992c3cb13403be78042f5222?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.16.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:5fffd4c7810ad8347cc0ce5c74512b5dfba20e498437b8b872c9f4020450b3a0_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:5fffd4c7810ad8347cc0ce5c74512b5dfba20e498437b8b872c9f4020450b3a0_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:5fffd4c7810ad8347cc0ce5c74512b5dfba20e498437b8b872c9f4020450b3a0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:5fffd4c7810ad8347cc0ce5c74512b5dfba20e498437b8b872c9f4020450b3a0?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.16.1-4"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:33bd2d4b94056f4e3b732d7e0ef78f58ed0d4b3fe31e2a1bff2e26d5426b95f5_amd64",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:33bd2d4b94056f4e3b732d7e0ef78f58ed0d4b3fe31e2a1bff2e26d5426b95f5_amd64",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:33bd2d4b94056f4e3b732d7e0ef78f58ed0d4b3fe31e2a1bff2e26d5426b95f5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:33bd2d4b94056f4e3b732d7e0ef78f58ed0d4b3fe31e2a1bff2e26d5426b95f5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.16.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-extensions-rhel8@sha256:b30edc331dcdbbb4147593f6fc433273478b3200c587abfd4e09d26e92a39218_amd64",
"product": {
"name": "openshift-gitops-1/argocd-extensions-rhel8@sha256:b30edc331dcdbbb4147593f6fc433273478b3200c587abfd4e09d26e92a39218_amd64",
"product_id": "openshift-gitops-1/argocd-extensions-rhel8@sha256:b30edc331dcdbbb4147593f6fc433273478b3200c587abfd4e09d26e92a39218_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-extensions-rhel8@sha256:b30edc331dcdbbb4147593f6fc433273478b3200c587abfd4e09d26e92a39218?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8\u0026tag=v1.16.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel9@sha256:78c0715198d0d9dc8f4fc25197423412eabd5fd4d82151a41f3568a74c4e7317_amd64",
"product": {
"name": "openshift-gitops-1/argocd-rhel9@sha256:78c0715198d0d9dc8f4fc25197423412eabd5fd4d82151a41f3568a74c4e7317_amd64",
"product_id": "openshift-gitops-1/argocd-rhel9@sha256:78c0715198d0d9dc8f4fc25197423412eabd5fd4d82151a41f3568a74c4e7317_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel9@sha256:78c0715198d0d9dc8f4fc25197423412eabd5fd4d82151a41f3568a74c4e7317?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel9\u0026tag=v1.16.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:b104df2409598b052bbd6bd768038f189bad29ca326386d8f5c997d70f45de69_amd64",
"product": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:b104df2409598b052bbd6bd768038f189bad29ca326386d8f5c997d70f45de69_amd64",
"product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:b104df2409598b052bbd6bd768038f189bad29ca326386d8f5c997d70f45de69_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256:b104df2409598b052bbd6bd768038f189bad29ca326386d8f5c997d70f45de69?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.16.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:fa2dc8d8feb489209b4250d509f3a3dcbbf087fc6be437300a885d4b139f5483_amd64",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:fa2dc8d8feb489209b4250d509f3a3dcbbf087fc6be437300a885d4b139f5483_amd64",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:fa2dc8d8feb489209b4250d509f3a3dcbbf087fc6be437300a885d4b139f5483_amd64",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:fa2dc8d8feb489209b4250d509f3a3dcbbf087fc6be437300a885d4b139f5483?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.16.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:548018330614afa2d60e157817eb5bb234975d01c681ef75ccf27a04a3e5d7bc_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:548018330614afa2d60e157817eb5bb234975d01c681ef75ccf27a04a3e5d7bc_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:548018330614afa2d60e157817eb5bb234975d01c681ef75ccf27a04a3e5d7bc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:548018330614afa2d60e157817eb5bb234975d01c681ef75ccf27a04a3e5d7bc?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.16.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:65cb265ba3180c0f8e198bce2bb305e62a7b1b8d9a2e649c44129eeee2977a84_amd64",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:65cb265ba3180c0f8e198bce2bb305e62a7b1b8d9a2e649c44129eeee2977a84_amd64",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:65cb265ba3180c0f8e198bce2bb305e62a7b1b8d9a2e649c44129eeee2977a84_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:65cb265ba3180c0f8e198bce2bb305e62a7b1b8d9a2e649c44129eeee2977a84?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.16.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/must-gather-rhel8@sha256:2f0dd107ba451c5e88eb9c89b5cb8c887499c8e95153a8eaaa3f486a0dc90307_amd64",
"product": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:2f0dd107ba451c5e88eb9c89b5cb8c887499c8e95153a8eaaa3f486a0dc90307_amd64",
"product_id": "openshift-gitops-1/must-gather-rhel8@sha256:2f0dd107ba451c5e88eb9c89b5cb8c887499c8e95153a8eaaa3f486a0dc90307_amd64",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256:2f0dd107ba451c5e88eb9c89b5cb8c887499c8e95153a8eaaa3f486a0dc90307?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.16.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:432bb516e3e7a06087f3f40b2455845a1009ff22f030b120dc01fbbd1715be02_amd64",
"product": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:432bb516e3e7a06087f3f40b2455845a1009ff22f030b120dc01fbbd1715be02_amd64",
"product_id": "openshift-gitops-1/gitops-operator-bundle@sha256:432bb516e3e7a06087f3f40b2455845a1009ff22f030b120dc01fbbd1715be02_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-operator-bundle@sha256:432bb516e3e7a06087f3f40b2455845a1009ff22f030b120dc01fbbd1715be02?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-operator-bundle\u0026tag=v1.16.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:1ea32d9afba50cc967cc0c4ffc474f1d7e1bd3907d23aa722205fddd139fabde_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:1ea32d9afba50cc967cc0c4ffc474f1d7e1bd3907d23aa722205fddd139fabde_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:1ea32d9afba50cc967cc0c4ffc474f1d7e1bd3907d23aa722205fddd139fabde_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:1ea32d9afba50cc967cc0c4ffc474f1d7e1bd3907d23aa722205fddd139fabde?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.16.1-4"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:9640a72f66ffef7329b164734db8057be531ea280b4fb27709ffc58a129a15f6_arm64",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:9640a72f66ffef7329b164734db8057be531ea280b4fb27709ffc58a129a15f6_arm64",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:9640a72f66ffef7329b164734db8057be531ea280b4fb27709ffc58a129a15f6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:9640a72f66ffef7329b164734db8057be531ea280b4fb27709ffc58a129a15f6?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.16.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-extensions-rhel8@sha256:e25f5fac790ac1056d7c6618331f8b50030f7da701b9be70974afd6240b7760f_arm64",
"product": {
"name": "openshift-gitops-1/argocd-extensions-rhel8@sha256:e25f5fac790ac1056d7c6618331f8b50030f7da701b9be70974afd6240b7760f_arm64",
"product_id": "openshift-gitops-1/argocd-extensions-rhel8@sha256:e25f5fac790ac1056d7c6618331f8b50030f7da701b9be70974afd6240b7760f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-extensions-rhel8@sha256:e25f5fac790ac1056d7c6618331f8b50030f7da701b9be70974afd6240b7760f?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8\u0026tag=v1.16.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel9@sha256:e9f89c838a37794fe47d6aa5496f9db2d604e38ed51193e236191dbff0e41c92_arm64",
"product": {
"name": "openshift-gitops-1/argocd-rhel9@sha256:e9f89c838a37794fe47d6aa5496f9db2d604e38ed51193e236191dbff0e41c92_arm64",
"product_id": "openshift-gitops-1/argocd-rhel9@sha256:e9f89c838a37794fe47d6aa5496f9db2d604e38ed51193e236191dbff0e41c92_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel9@sha256:e9f89c838a37794fe47d6aa5496f9db2d604e38ed51193e236191dbff0e41c92?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel9\u0026tag=v1.16.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:5ec3f9ecac054ad51bf46e806ae7bf12fc16ff45af9ca29c3ae997b9ce165299_arm64",
"product": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:5ec3f9ecac054ad51bf46e806ae7bf12fc16ff45af9ca29c3ae997b9ce165299_arm64",
"product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:5ec3f9ecac054ad51bf46e806ae7bf12fc16ff45af9ca29c3ae997b9ce165299_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256:5ec3f9ecac054ad51bf46e806ae7bf12fc16ff45af9ca29c3ae997b9ce165299?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.16.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:e0dd5fa23e8aa5cb8b9ff221fc417cc1b93bcbe2e51a768590c25186c7b41bbf_arm64",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:e0dd5fa23e8aa5cb8b9ff221fc417cc1b93bcbe2e51a768590c25186c7b41bbf_arm64",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:e0dd5fa23e8aa5cb8b9ff221fc417cc1b93bcbe2e51a768590c25186c7b41bbf_arm64",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:e0dd5fa23e8aa5cb8b9ff221fc417cc1b93bcbe2e51a768590c25186c7b41bbf?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.16.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:e0d4da573364c3412da85ec2ec38e105bd1c53db44cb62f9abc297427739c468_arm64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:e0d4da573364c3412da85ec2ec38e105bd1c53db44cb62f9abc297427739c468_arm64",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:e0d4da573364c3412da85ec2ec38e105bd1c53db44cb62f9abc297427739c468_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:e0d4da573364c3412da85ec2ec38e105bd1c53db44cb62f9abc297427739c468?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.16.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:c92e995de334e4318c4993cd1faac5c307af31fa9378ac7fac0ebec4ae62a5c9_arm64",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:c92e995de334e4318c4993cd1faac5c307af31fa9378ac7fac0ebec4ae62a5c9_arm64",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:c92e995de334e4318c4993cd1faac5c307af31fa9378ac7fac0ebec4ae62a5c9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:c92e995de334e4318c4993cd1faac5c307af31fa9378ac7fac0ebec4ae62a5c9?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.16.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/must-gather-rhel8@sha256:982a66ff060285fd15ef6c599634283f4166e31bed73d01b245fca0c8413a6ab_arm64",
"product": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:982a66ff060285fd15ef6c599634283f4166e31bed73d01b245fca0c8413a6ab_arm64",
"product_id": "openshift-gitops-1/must-gather-rhel8@sha256:982a66ff060285fd15ef6c599634283f4166e31bed73d01b245fca0c8413a6ab_arm64",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256:982a66ff060285fd15ef6c599634283f4166e31bed73d01b245fca0c8413a6ab?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.16.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:88d72dc49076d2983ed43311ece085067d468579e0c5aae49a638d2101ca7f6f_arm64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:88d72dc49076d2983ed43311ece085067d468579e0c5aae49a638d2101ca7f6f_arm64",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:88d72dc49076d2983ed43311ece085067d468579e0c5aae49a638d2101ca7f6f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:88d72dc49076d2983ed43311ece085067d468579e0c5aae49a638d2101ca7f6f?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.16.1-4"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:5ec3f9ecac054ad51bf46e806ae7bf12fc16ff45af9ca29c3ae997b9ce165299_arm64 as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-1/argo-rollouts-rhel8@sha256:5ec3f9ecac054ad51bf46e806ae7bf12fc16ff45af9ca29c3ae997b9ce165299_arm64"
},
"product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:5ec3f9ecac054ad51bf46e806ae7bf12fc16ff45af9ca29c3ae997b9ce165299_arm64",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:721d7cbb275153b809ab58848f93930ee72c99316544ce2c0bf7c9246f3c768c_s390x as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-1/argo-rollouts-rhel8@sha256:721d7cbb275153b809ab58848f93930ee72c99316544ce2c0bf7c9246f3c768c_s390x"
},
"product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:721d7cbb275153b809ab58848f93930ee72c99316544ce2c0bf7c9246f3c768c_s390x",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:aae8095403bd38e54074ec528f427218bb3794cde315df01b926f872311f6061_ppc64le as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-1/argo-rollouts-rhel8@sha256:aae8095403bd38e54074ec528f427218bb3794cde315df01b926f872311f6061_ppc64le"
},
"product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:aae8095403bd38e54074ec528f427218bb3794cde315df01b926f872311f6061_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:b104df2409598b052bbd6bd768038f189bad29ca326386d8f5c997d70f45de69_amd64 as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-1/argo-rollouts-rhel8@sha256:b104df2409598b052bbd6bd768038f189bad29ca326386d8f5c997d70f45de69_amd64"
},
"product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:b104df2409598b052bbd6bd768038f189bad29ca326386d8f5c997d70f45de69_amd64",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-extensions-rhel8@sha256:4ebab81f7caa4c7322f0f6c0bac90c1b9a97265d6e7e23b68d1afd6bffe9b30b_ppc64le as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-1/argocd-extensions-rhel8@sha256:4ebab81f7caa4c7322f0f6c0bac90c1b9a97265d6e7e23b68d1afd6bffe9b30b_ppc64le"
},
"product_reference": "openshift-gitops-1/argocd-extensions-rhel8@sha256:4ebab81f7caa4c7322f0f6c0bac90c1b9a97265d6e7e23b68d1afd6bffe9b30b_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-extensions-rhel8@sha256:8807044d6ab60f36a7d15a281921a911d9749bf83c3de9a900322ef265a98bdf_s390x as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-1/argocd-extensions-rhel8@sha256:8807044d6ab60f36a7d15a281921a911d9749bf83c3de9a900322ef265a98bdf_s390x"
},
"product_reference": "openshift-gitops-1/argocd-extensions-rhel8@sha256:8807044d6ab60f36a7d15a281921a911d9749bf83c3de9a900322ef265a98bdf_s390x",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-extensions-rhel8@sha256:b30edc331dcdbbb4147593f6fc433273478b3200c587abfd4e09d26e92a39218_amd64 as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-1/argocd-extensions-rhel8@sha256:b30edc331dcdbbb4147593f6fc433273478b3200c587abfd4e09d26e92a39218_amd64"
},
"product_reference": "openshift-gitops-1/argocd-extensions-rhel8@sha256:b30edc331dcdbbb4147593f6fc433273478b3200c587abfd4e09d26e92a39218_amd64",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-extensions-rhel8@sha256:e25f5fac790ac1056d7c6618331f8b50030f7da701b9be70974afd6240b7760f_arm64 as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-1/argocd-extensions-rhel8@sha256:e25f5fac790ac1056d7c6618331f8b50030f7da701b9be70974afd6240b7760f_arm64"
},
"product_reference": "openshift-gitops-1/argocd-extensions-rhel8@sha256:e25f5fac790ac1056d7c6618331f8b50030f7da701b9be70974afd6240b7760f_arm64",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:296a1efdfe6c79d09e2774a1f14fc0071fd34dd4dec3e20704bd04fd9d92d252_s390x as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-1/argocd-rhel8@sha256:296a1efdfe6c79d09e2774a1f14fc0071fd34dd4dec3e20704bd04fd9d92d252_s390x"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:296a1efdfe6c79d09e2774a1f14fc0071fd34dd4dec3e20704bd04fd9d92d252_s390x",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:33bd2d4b94056f4e3b732d7e0ef78f58ed0d4b3fe31e2a1bff2e26d5426b95f5_amd64 as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-1/argocd-rhel8@sha256:33bd2d4b94056f4e3b732d7e0ef78f58ed0d4b3fe31e2a1bff2e26d5426b95f5_amd64"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:33bd2d4b94056f4e3b732d7e0ef78f58ed0d4b3fe31e2a1bff2e26d5426b95f5_amd64",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:9640a72f66ffef7329b164734db8057be531ea280b4fb27709ffc58a129a15f6_arm64 as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-1/argocd-rhel8@sha256:9640a72f66ffef7329b164734db8057be531ea280b4fb27709ffc58a129a15f6_arm64"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:9640a72f66ffef7329b164734db8057be531ea280b4fb27709ffc58a129a15f6_arm64",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:ddf1b016616ba297a8bfd962f390e84bd00a9d855fc3b87910cb866800374023_ppc64le as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-1/argocd-rhel8@sha256:ddf1b016616ba297a8bfd962f390e84bd00a9d855fc3b87910cb866800374023_ppc64le"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:ddf1b016616ba297a8bfd962f390e84bd00a9d855fc3b87910cb866800374023_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:9016be790965bfb51168aa3f32c314f97db6d9810cd1fc5043539075df76abae_s390x as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-1/console-plugin-rhel8@sha256:9016be790965bfb51168aa3f32c314f97db6d9810cd1fc5043539075df76abae_s390x"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:9016be790965bfb51168aa3f32c314f97db6d9810cd1fc5043539075df76abae_s390x",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:a4e8ff1f135c636a67ddc90cb9f907d71b7b9df49818ebb1819e289154c9d0ac_ppc64le as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-1/console-plugin-rhel8@sha256:a4e8ff1f135c636a67ddc90cb9f907d71b7b9df49818ebb1819e289154c9d0ac_ppc64le"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:a4e8ff1f135c636a67ddc90cb9f907d71b7b9df49818ebb1819e289154c9d0ac_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:e0dd5fa23e8aa5cb8b9ff221fc417cc1b93bcbe2e51a768590c25186c7b41bbf_arm64 as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-1/console-plugin-rhel8@sha256:e0dd5fa23e8aa5cb8b9ff221fc417cc1b93bcbe2e51a768590c25186c7b41bbf_arm64"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:e0dd5fa23e8aa5cb8b9ff221fc417cc1b93bcbe2e51a768590c25186c7b41bbf_arm64",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:fa2dc8d8feb489209b4250d509f3a3dcbbf087fc6be437300a885d4b139f5483_amd64 as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-1/console-plugin-rhel8@sha256:fa2dc8d8feb489209b4250d509f3a3dcbbf087fc6be437300a885d4b139f5483_amd64"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:fa2dc8d8feb489209b4250d509f3a3dcbbf087fc6be437300a885d4b139f5483_amd64",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:65cb265ba3180c0f8e198bce2bb305e62a7b1b8d9a2e649c44129eeee2977a84_amd64 as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-1/dex-rhel8@sha256:65cb265ba3180c0f8e198bce2bb305e62a7b1b8d9a2e649c44129eeee2977a84_amd64"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:65cb265ba3180c0f8e198bce2bb305e62a7b1b8d9a2e649c44129eeee2977a84_amd64",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:6f4c6009d3347fc4ea7a0797c4742507f76e81e3f3a188a10d697a51fa947813_s390x as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-1/dex-rhel8@sha256:6f4c6009d3347fc4ea7a0797c4742507f76e81e3f3a188a10d697a51fa947813_s390x"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:6f4c6009d3347fc4ea7a0797c4742507f76e81e3f3a188a10d697a51fa947813_s390x",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:a1529921e12066e73493cd8c7f6e98014bab714790eee5cb6868d86c95f63726_ppc64le as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-1/dex-rhel8@sha256:a1529921e12066e73493cd8c7f6e98014bab714790eee5cb6868d86c95f63726_ppc64le"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:a1529921e12066e73493cd8c7f6e98014bab714790eee5cb6868d86c95f63726_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:c92e995de334e4318c4993cd1faac5c307af31fa9378ac7fac0ebec4ae62a5c9_arm64 as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-1/dex-rhel8@sha256:c92e995de334e4318c4993cd1faac5c307af31fa9378ac7fac0ebec4ae62a5c9_arm64"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:c92e995de334e4318c4993cd1faac5c307af31fa9378ac7fac0ebec4ae62a5c9_arm64",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:432bb516e3e7a06087f3f40b2455845a1009ff22f030b120dc01fbbd1715be02_amd64 as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-1/gitops-operator-bundle@sha256:432bb516e3e7a06087f3f40b2455845a1009ff22f030b120dc01fbbd1715be02_amd64"
},
"product_reference": "openshift-gitops-1/gitops-operator-bundle@sha256:432bb516e3e7a06087f3f40b2455845a1009ff22f030b120dc01fbbd1715be02_amd64",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:1ea32d9afba50cc967cc0c4ffc474f1d7e1bd3907d23aa722205fddd139fabde_amd64 as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-1/gitops-rhel8-operator@sha256:1ea32d9afba50cc967cc0c4ffc474f1d7e1bd3907d23aa722205fddd139fabde_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:1ea32d9afba50cc967cc0c4ffc474f1d7e1bd3907d23aa722205fddd139fabde_amd64",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:5fffd4c7810ad8347cc0ce5c74512b5dfba20e498437b8b872c9f4020450b3a0_s390x as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-1/gitops-rhel8-operator@sha256:5fffd4c7810ad8347cc0ce5c74512b5dfba20e498437b8b872c9f4020450b3a0_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:5fffd4c7810ad8347cc0ce5c74512b5dfba20e498437b8b872c9f4020450b3a0_s390x",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:88d72dc49076d2983ed43311ece085067d468579e0c5aae49a638d2101ca7f6f_arm64 as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-1/gitops-rhel8-operator@sha256:88d72dc49076d2983ed43311ece085067d468579e0c5aae49a638d2101ca7f6f_arm64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:88d72dc49076d2983ed43311ece085067d468579e0c5aae49a638d2101ca7f6f_arm64",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:a0d4da0651c88891561941b7a3450fc15db55a3fbc7b5d825b60fc07b4c6452a_ppc64le as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-1/gitops-rhel8-operator@sha256:a0d4da0651c88891561941b7a3450fc15db55a3fbc7b5d825b60fc07b4c6452a_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:a0d4da0651c88891561941b7a3450fc15db55a3fbc7b5d825b60fc07b4c6452a_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:064ee457d8654c3ca85684a2bdef3f07bba2e21afd27857e98284a287108f14b_s390x as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-1/gitops-rhel8@sha256:064ee457d8654c3ca85684a2bdef3f07bba2e21afd27857e98284a287108f14b_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:064ee457d8654c3ca85684a2bdef3f07bba2e21afd27857e98284a287108f14b_s390x",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:548018330614afa2d60e157817eb5bb234975d01c681ef75ccf27a04a3e5d7bc_amd64 as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-1/gitops-rhel8@sha256:548018330614afa2d60e157817eb5bb234975d01c681ef75ccf27a04a3e5d7bc_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:548018330614afa2d60e157817eb5bb234975d01c681ef75ccf27a04a3e5d7bc_amd64",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:890ad2638a1ac4679d70ff4075f7be46d5b78a158cee7bdcf179698df3e4195c_ppc64le as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-1/gitops-rhel8@sha256:890ad2638a1ac4679d70ff4075f7be46d5b78a158cee7bdcf179698df3e4195c_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:890ad2638a1ac4679d70ff4075f7be46d5b78a158cee7bdcf179698df3e4195c_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:e0d4da573364c3412da85ec2ec38e105bd1c53db44cb62f9abc297427739c468_arm64 as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-1/gitops-rhel8@sha256:e0d4da573364c3412da85ec2ec38e105bd1c53db44cb62f9abc297427739c468_arm64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:e0d4da573364c3412da85ec2ec38e105bd1c53db44cb62f9abc297427739c468_arm64",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:2edc9ba7f87bb47d718a8cfb9e62b7d3c83d0920992c3cb13403be78042f5222_s390x as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-1/must-gather-rhel8@sha256:2edc9ba7f87bb47d718a8cfb9e62b7d3c83d0920992c3cb13403be78042f5222_s390x"
},
"product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:2edc9ba7f87bb47d718a8cfb9e62b7d3c83d0920992c3cb13403be78042f5222_s390x",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:2f0dd107ba451c5e88eb9c89b5cb8c887499c8e95153a8eaaa3f486a0dc90307_amd64 as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-1/must-gather-rhel8@sha256:2f0dd107ba451c5e88eb9c89b5cb8c887499c8e95153a8eaaa3f486a0dc90307_amd64"
},
"product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:2f0dd107ba451c5e88eb9c89b5cb8c887499c8e95153a8eaaa3f486a0dc90307_amd64",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:982a66ff060285fd15ef6c599634283f4166e31bed73d01b245fca0c8413a6ab_arm64 as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-1/must-gather-rhel8@sha256:982a66ff060285fd15ef6c599634283f4166e31bed73d01b245fca0c8413a6ab_arm64"
},
"product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:982a66ff060285fd15ef6c599634283f4166e31bed73d01b245fca0c8413a6ab_arm64",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:a741a5785a9502466d074cda2002bd63dc1955a844abcb7558e45a017c5045e0_ppc64le as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "8Base-GitOps-1.16:openshift-gitops-1/must-gather-rhel8@sha256:a741a5785a9502466d074cda2002bd63dc1955a844abcb7558e45a017c5045e0_ppc64le"
},
"product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:a741a5785a9502466d074cda2002bd63dc1955a844abcb7558e45a017c5045e0_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel9@sha256:78c0715198d0d9dc8f4fc25197423412eabd5fd4d82151a41f3568a74c4e7317_amd64 as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "9Base-GitOps-1.16:openshift-gitops-1/argocd-rhel9@sha256:78c0715198d0d9dc8f4fc25197423412eabd5fd4d82151a41f3568a74c4e7317_amd64"
},
"product_reference": "openshift-gitops-1/argocd-rhel9@sha256:78c0715198d0d9dc8f4fc25197423412eabd5fd4d82151a41f3568a74c4e7317_amd64",
"relates_to_product_reference": "9Base-GitOps-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel9@sha256:e9f89c838a37794fe47d6aa5496f9db2d604e38ed51193e236191dbff0e41c92_arm64 as a component of Red Hat OpenShift GitOps 1.16",
"product_id": "9Base-GitOps-1.16:openshift-gitops-1/argocd-rhel9@sha256:e9f89c838a37794fe47d6aa5496f9db2d604e38ed51193e236191dbff0e41c92_arm64"
},
"product_reference": "openshift-gitops-1/argocd-rhel9@sha256:e9f89c838a37794fe47d6aa5496f9db2d604e38ed51193e236191dbff0e41c92_arm64",
"relates_to_product_reference": "9Base-GitOps-1.16"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47933",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2025-05-21T07:20:49.941000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367740"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Argo CD, where improper filtering of repository URLs in the UI allows JavaScript injection. A crafted javascript: link can lead to cross-site scripting when viewed by another user. This can result in unauthorized API actions via the victim\u0027s session.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "argocd: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-GitOps-1.16:openshift-gitops-1/argo-rollouts-rhel8@sha256:5ec3f9ecac054ad51bf46e806ae7bf12fc16ff45af9ca29c3ae997b9ce165299_arm64",
"8Base-GitOps-1.16:openshift-gitops-1/argo-rollouts-rhel8@sha256:721d7cbb275153b809ab58848f93930ee72c99316544ce2c0bf7c9246f3c768c_s390x",
"8Base-GitOps-1.16:openshift-gitops-1/argo-rollouts-rhel8@sha256:aae8095403bd38e54074ec528f427218bb3794cde315df01b926f872311f6061_ppc64le",
"8Base-GitOps-1.16:openshift-gitops-1/argo-rollouts-rhel8@sha256:b104df2409598b052bbd6bd768038f189bad29ca326386d8f5c997d70f45de69_amd64",
"8Base-GitOps-1.16:openshift-gitops-1/argocd-extensions-rhel8@sha256:4ebab81f7caa4c7322f0f6c0bac90c1b9a97265d6e7e23b68d1afd6bffe9b30b_ppc64le",
"8Base-GitOps-1.16:openshift-gitops-1/argocd-extensions-rhel8@sha256:8807044d6ab60f36a7d15a281921a911d9749bf83c3de9a900322ef265a98bdf_s390x",
"8Base-GitOps-1.16:openshift-gitops-1/argocd-extensions-rhel8@sha256:b30edc331dcdbbb4147593f6fc433273478b3200c587abfd4e09d26e92a39218_amd64",
"8Base-GitOps-1.16:openshift-gitops-1/argocd-extensions-rhel8@sha256:e25f5fac790ac1056d7c6618331f8b50030f7da701b9be70974afd6240b7760f_arm64",
"8Base-GitOps-1.16:openshift-gitops-1/argocd-rhel8@sha256:296a1efdfe6c79d09e2774a1f14fc0071fd34dd4dec3e20704bd04fd9d92d252_s390x",
"8Base-GitOps-1.16:openshift-gitops-1/argocd-rhel8@sha256:33bd2d4b94056f4e3b732d7e0ef78f58ed0d4b3fe31e2a1bff2e26d5426b95f5_amd64",
"8Base-GitOps-1.16:openshift-gitops-1/argocd-rhel8@sha256:9640a72f66ffef7329b164734db8057be531ea280b4fb27709ffc58a129a15f6_arm64",
"8Base-GitOps-1.16:openshift-gitops-1/argocd-rhel8@sha256:ddf1b016616ba297a8bfd962f390e84bd00a9d855fc3b87910cb866800374023_ppc64le",
"8Base-GitOps-1.16:openshift-gitops-1/console-plugin-rhel8@sha256:9016be790965bfb51168aa3f32c314f97db6d9810cd1fc5043539075df76abae_s390x",
"8Base-GitOps-1.16:openshift-gitops-1/console-plugin-rhel8@sha256:a4e8ff1f135c636a67ddc90cb9f907d71b7b9df49818ebb1819e289154c9d0ac_ppc64le",
"8Base-GitOps-1.16:openshift-gitops-1/console-plugin-rhel8@sha256:e0dd5fa23e8aa5cb8b9ff221fc417cc1b93bcbe2e51a768590c25186c7b41bbf_arm64",
"8Base-GitOps-1.16:openshift-gitops-1/console-plugin-rhel8@sha256:fa2dc8d8feb489209b4250d509f3a3dcbbf087fc6be437300a885d4b139f5483_amd64",
"8Base-GitOps-1.16:openshift-gitops-1/dex-rhel8@sha256:65cb265ba3180c0f8e198bce2bb305e62a7b1b8d9a2e649c44129eeee2977a84_amd64",
"8Base-GitOps-1.16:openshift-gitops-1/dex-rhel8@sha256:6f4c6009d3347fc4ea7a0797c4742507f76e81e3f3a188a10d697a51fa947813_s390x",
"8Base-GitOps-1.16:openshift-gitops-1/dex-rhel8@sha256:a1529921e12066e73493cd8c7f6e98014bab714790eee5cb6868d86c95f63726_ppc64le",
"8Base-GitOps-1.16:openshift-gitops-1/dex-rhel8@sha256:c92e995de334e4318c4993cd1faac5c307af31fa9378ac7fac0ebec4ae62a5c9_arm64",
"8Base-GitOps-1.16:openshift-gitops-1/gitops-operator-bundle@sha256:432bb516e3e7a06087f3f40b2455845a1009ff22f030b120dc01fbbd1715be02_amd64",
"8Base-GitOps-1.16:openshift-gitops-1/gitops-rhel8-operator@sha256:1ea32d9afba50cc967cc0c4ffc474f1d7e1bd3907d23aa722205fddd139fabde_amd64",
"8Base-GitOps-1.16:openshift-gitops-1/gitops-rhel8-operator@sha256:5fffd4c7810ad8347cc0ce5c74512b5dfba20e498437b8b872c9f4020450b3a0_s390x",
"8Base-GitOps-1.16:openshift-gitops-1/gitops-rhel8-operator@sha256:88d72dc49076d2983ed43311ece085067d468579e0c5aae49a638d2101ca7f6f_arm64",
"8Base-GitOps-1.16:openshift-gitops-1/gitops-rhel8-operator@sha256:a0d4da0651c88891561941b7a3450fc15db55a3fbc7b5d825b60fc07b4c6452a_ppc64le",
"8Base-GitOps-1.16:openshift-gitops-1/gitops-rhel8@sha256:064ee457d8654c3ca85684a2bdef3f07bba2e21afd27857e98284a287108f14b_s390x",
"8Base-GitOps-1.16:openshift-gitops-1/gitops-rhel8@sha256:548018330614afa2d60e157817eb5bb234975d01c681ef75ccf27a04a3e5d7bc_amd64",
"8Base-GitOps-1.16:openshift-gitops-1/gitops-rhel8@sha256:890ad2638a1ac4679d70ff4075f7be46d5b78a158cee7bdcf179698df3e4195c_ppc64le",
"8Base-GitOps-1.16:openshift-gitops-1/gitops-rhel8@sha256:e0d4da573364c3412da85ec2ec38e105bd1c53db44cb62f9abc297427739c468_arm64",
"8Base-GitOps-1.16:openshift-gitops-1/must-gather-rhel8@sha256:2edc9ba7f87bb47d718a8cfb9e62b7d3c83d0920992c3cb13403be78042f5222_s390x",
"8Base-GitOps-1.16:openshift-gitops-1/must-gather-rhel8@sha256:2f0dd107ba451c5e88eb9c89b5cb8c887499c8e95153a8eaaa3f486a0dc90307_amd64",
"8Base-GitOps-1.16:openshift-gitops-1/must-gather-rhel8@sha256:982a66ff060285fd15ef6c599634283f4166e31bed73d01b245fca0c8413a6ab_arm64",
"8Base-GitOps-1.16:openshift-gitops-1/must-gather-rhel8@sha256:a741a5785a9502466d074cda2002bd63dc1955a844abcb7558e45a017c5045e0_ppc64le",
"9Base-GitOps-1.16:openshift-gitops-1/argocd-rhel9@sha256:78c0715198d0d9dc8f4fc25197423412eabd5fd4d82151a41f3568a74c4e7317_amd64",
"9Base-GitOps-1.16:openshift-gitops-1/argocd-rhel9@sha256:e9f89c838a37794fe47d6aa5496f9db2d604e38ed51193e236191dbff0e41c92_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47933"
},
{
"category": "external",
"summary": "RHBZ#2367740",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367740"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47933",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47933"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47933",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47933"
}
],
"release_date": "2025-05-28T14:30:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-28T20:55:14+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-GitOps-1.16:openshift-gitops-1/argo-rollouts-rhel8@sha256:5ec3f9ecac054ad51bf46e806ae7bf12fc16ff45af9ca29c3ae997b9ce165299_arm64",
"8Base-GitOps-1.16:openshift-gitops-1/argo-rollouts-rhel8@sha256:721d7cbb275153b809ab58848f93930ee72c99316544ce2c0bf7c9246f3c768c_s390x",
"8Base-GitOps-1.16:openshift-gitops-1/argo-rollouts-rhel8@sha256:aae8095403bd38e54074ec528f427218bb3794cde315df01b926f872311f6061_ppc64le",
"8Base-GitOps-1.16:openshift-gitops-1/argo-rollouts-rhel8@sha256:b104df2409598b052bbd6bd768038f189bad29ca326386d8f5c997d70f45de69_amd64",
"8Base-GitOps-1.16:openshift-gitops-1/argocd-extensions-rhel8@sha256:4ebab81f7caa4c7322f0f6c0bac90c1b9a97265d6e7e23b68d1afd6bffe9b30b_ppc64le",
"8Base-GitOps-1.16:openshift-gitops-1/argocd-extensions-rhel8@sha256:8807044d6ab60f36a7d15a281921a911d9749bf83c3de9a900322ef265a98bdf_s390x",
"8Base-GitOps-1.16:openshift-gitops-1/argocd-extensions-rhel8@sha256:b30edc331dcdbbb4147593f6fc433273478b3200c587abfd4e09d26e92a39218_amd64",
"8Base-GitOps-1.16:openshift-gitops-1/argocd-extensions-rhel8@sha256:e25f5fac790ac1056d7c6618331f8b50030f7da701b9be70974afd6240b7760f_arm64",
"8Base-GitOps-1.16:openshift-gitops-1/argocd-rhel8@sha256:296a1efdfe6c79d09e2774a1f14fc0071fd34dd4dec3e20704bd04fd9d92d252_s390x",
"8Base-GitOps-1.16:openshift-gitops-1/argocd-rhel8@sha256:33bd2d4b94056f4e3b732d7e0ef78f58ed0d4b3fe31e2a1bff2e26d5426b95f5_amd64",
"8Base-GitOps-1.16:openshift-gitops-1/argocd-rhel8@sha256:9640a72f66ffef7329b164734db8057be531ea280b4fb27709ffc58a129a15f6_arm64",
"8Base-GitOps-1.16:openshift-gitops-1/argocd-rhel8@sha256:ddf1b016616ba297a8bfd962f390e84bd00a9d855fc3b87910cb866800374023_ppc64le",
"8Base-GitOps-1.16:openshift-gitops-1/console-plugin-rhel8@sha256:9016be790965bfb51168aa3f32c314f97db6d9810cd1fc5043539075df76abae_s390x",
"8Base-GitOps-1.16:openshift-gitops-1/console-plugin-rhel8@sha256:a4e8ff1f135c636a67ddc90cb9f907d71b7b9df49818ebb1819e289154c9d0ac_ppc64le",
"8Base-GitOps-1.16:openshift-gitops-1/console-plugin-rhel8@sha256:e0dd5fa23e8aa5cb8b9ff221fc417cc1b93bcbe2e51a768590c25186c7b41bbf_arm64",
"8Base-GitOps-1.16:openshift-gitops-1/console-plugin-rhel8@sha256:fa2dc8d8feb489209b4250d509f3a3dcbbf087fc6be437300a885d4b139f5483_amd64",
"8Base-GitOps-1.16:openshift-gitops-1/dex-rhel8@sha256:65cb265ba3180c0f8e198bce2bb305e62a7b1b8d9a2e649c44129eeee2977a84_amd64",
"8Base-GitOps-1.16:openshift-gitops-1/dex-rhel8@sha256:6f4c6009d3347fc4ea7a0797c4742507f76e81e3f3a188a10d697a51fa947813_s390x",
"8Base-GitOps-1.16:openshift-gitops-1/dex-rhel8@sha256:a1529921e12066e73493cd8c7f6e98014bab714790eee5cb6868d86c95f63726_ppc64le",
"8Base-GitOps-1.16:openshift-gitops-1/dex-rhel8@sha256:c92e995de334e4318c4993cd1faac5c307af31fa9378ac7fac0ebec4ae62a5c9_arm64",
"8Base-GitOps-1.16:openshift-gitops-1/gitops-operator-bundle@sha256:432bb516e3e7a06087f3f40b2455845a1009ff22f030b120dc01fbbd1715be02_amd64",
"8Base-GitOps-1.16:openshift-gitops-1/gitops-rhel8-operator@sha256:1ea32d9afba50cc967cc0c4ffc474f1d7e1bd3907d23aa722205fddd139fabde_amd64",
"8Base-GitOps-1.16:openshift-gitops-1/gitops-rhel8-operator@sha256:5fffd4c7810ad8347cc0ce5c74512b5dfba20e498437b8b872c9f4020450b3a0_s390x",
"8Base-GitOps-1.16:openshift-gitops-1/gitops-rhel8-operator@sha256:88d72dc49076d2983ed43311ece085067d468579e0c5aae49a638d2101ca7f6f_arm64",
"8Base-GitOps-1.16:openshift-gitops-1/gitops-rhel8-operator@sha256:a0d4da0651c88891561941b7a3450fc15db55a3fbc7b5d825b60fc07b4c6452a_ppc64le",
"8Base-GitOps-1.16:openshift-gitops-1/gitops-rhel8@sha256:064ee457d8654c3ca85684a2bdef3f07bba2e21afd27857e98284a287108f14b_s390x",
"8Base-GitOps-1.16:openshift-gitops-1/gitops-rhel8@sha256:548018330614afa2d60e157817eb5bb234975d01c681ef75ccf27a04a3e5d7bc_amd64",
"8Base-GitOps-1.16:openshift-gitops-1/gitops-rhel8@sha256:890ad2638a1ac4679d70ff4075f7be46d5b78a158cee7bdcf179698df3e4195c_ppc64le",
"8Base-GitOps-1.16:openshift-gitops-1/gitops-rhel8@sha256:e0d4da573364c3412da85ec2ec38e105bd1c53db44cb62f9abc297427739c468_arm64",
"8Base-GitOps-1.16:openshift-gitops-1/must-gather-rhel8@sha256:2edc9ba7f87bb47d718a8cfb9e62b7d3c83d0920992c3cb13403be78042f5222_s390x",
"8Base-GitOps-1.16:openshift-gitops-1/must-gather-rhel8@sha256:2f0dd107ba451c5e88eb9c89b5cb8c887499c8e95153a8eaaa3f486a0dc90307_amd64",
"8Base-GitOps-1.16:openshift-gitops-1/must-gather-rhel8@sha256:982a66ff060285fd15ef6c599634283f4166e31bed73d01b245fca0c8413a6ab_arm64",
"8Base-GitOps-1.16:openshift-gitops-1/must-gather-rhel8@sha256:a741a5785a9502466d074cda2002bd63dc1955a844abcb7558e45a017c5045e0_ppc64le",
"9Base-GitOps-1.16:openshift-gitops-1/argocd-rhel9@sha256:78c0715198d0d9dc8f4fc25197423412eabd5fd4d82151a41f3568a74c4e7317_amd64",
"9Base-GitOps-1.16:openshift-gitops-1/argocd-rhel9@sha256:e9f89c838a37794fe47d6aa5496f9db2d604e38ed51193e236191dbff0e41c92_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8278"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-GitOps-1.16:openshift-gitops-1/argo-rollouts-rhel8@sha256:5ec3f9ecac054ad51bf46e806ae7bf12fc16ff45af9ca29c3ae997b9ce165299_arm64",
"8Base-GitOps-1.16:openshift-gitops-1/argo-rollouts-rhel8@sha256:721d7cbb275153b809ab58848f93930ee72c99316544ce2c0bf7c9246f3c768c_s390x",
"8Base-GitOps-1.16:openshift-gitops-1/argo-rollouts-rhel8@sha256:aae8095403bd38e54074ec528f427218bb3794cde315df01b926f872311f6061_ppc64le",
"8Base-GitOps-1.16:openshift-gitops-1/argo-rollouts-rhel8@sha256:b104df2409598b052bbd6bd768038f189bad29ca326386d8f5c997d70f45de69_amd64",
"8Base-GitOps-1.16:openshift-gitops-1/argocd-extensions-rhel8@sha256:4ebab81f7caa4c7322f0f6c0bac90c1b9a97265d6e7e23b68d1afd6bffe9b30b_ppc64le",
"8Base-GitOps-1.16:openshift-gitops-1/argocd-extensions-rhel8@sha256:8807044d6ab60f36a7d15a281921a911d9749bf83c3de9a900322ef265a98bdf_s390x",
"8Base-GitOps-1.16:openshift-gitops-1/argocd-extensions-rhel8@sha256:b30edc331dcdbbb4147593f6fc433273478b3200c587abfd4e09d26e92a39218_amd64",
"8Base-GitOps-1.16:openshift-gitops-1/argocd-extensions-rhel8@sha256:e25f5fac790ac1056d7c6618331f8b50030f7da701b9be70974afd6240b7760f_arm64",
"8Base-GitOps-1.16:openshift-gitops-1/argocd-rhel8@sha256:296a1efdfe6c79d09e2774a1f14fc0071fd34dd4dec3e20704bd04fd9d92d252_s390x",
"8Base-GitOps-1.16:openshift-gitops-1/argocd-rhel8@sha256:33bd2d4b94056f4e3b732d7e0ef78f58ed0d4b3fe31e2a1bff2e26d5426b95f5_amd64",
"8Base-GitOps-1.16:openshift-gitops-1/argocd-rhel8@sha256:9640a72f66ffef7329b164734db8057be531ea280b4fb27709ffc58a129a15f6_arm64",
"8Base-GitOps-1.16:openshift-gitops-1/argocd-rhel8@sha256:ddf1b016616ba297a8bfd962f390e84bd00a9d855fc3b87910cb866800374023_ppc64le",
"8Base-GitOps-1.16:openshift-gitops-1/console-plugin-rhel8@sha256:9016be790965bfb51168aa3f32c314f97db6d9810cd1fc5043539075df76abae_s390x",
"8Base-GitOps-1.16:openshift-gitops-1/console-plugin-rhel8@sha256:a4e8ff1f135c636a67ddc90cb9f907d71b7b9df49818ebb1819e289154c9d0ac_ppc64le",
"8Base-GitOps-1.16:openshift-gitops-1/console-plugin-rhel8@sha256:e0dd5fa23e8aa5cb8b9ff221fc417cc1b93bcbe2e51a768590c25186c7b41bbf_arm64",
"8Base-GitOps-1.16:openshift-gitops-1/console-plugin-rhel8@sha256:fa2dc8d8feb489209b4250d509f3a3dcbbf087fc6be437300a885d4b139f5483_amd64",
"8Base-GitOps-1.16:openshift-gitops-1/dex-rhel8@sha256:65cb265ba3180c0f8e198bce2bb305e62a7b1b8d9a2e649c44129eeee2977a84_amd64",
"8Base-GitOps-1.16:openshift-gitops-1/dex-rhel8@sha256:6f4c6009d3347fc4ea7a0797c4742507f76e81e3f3a188a10d697a51fa947813_s390x",
"8Base-GitOps-1.16:openshift-gitops-1/dex-rhel8@sha256:a1529921e12066e73493cd8c7f6e98014bab714790eee5cb6868d86c95f63726_ppc64le",
"8Base-GitOps-1.16:openshift-gitops-1/dex-rhel8@sha256:c92e995de334e4318c4993cd1faac5c307af31fa9378ac7fac0ebec4ae62a5c9_arm64",
"8Base-GitOps-1.16:openshift-gitops-1/gitops-operator-bundle@sha256:432bb516e3e7a06087f3f40b2455845a1009ff22f030b120dc01fbbd1715be02_amd64",
"8Base-GitOps-1.16:openshift-gitops-1/gitops-rhel8-operator@sha256:1ea32d9afba50cc967cc0c4ffc474f1d7e1bd3907d23aa722205fddd139fabde_amd64",
"8Base-GitOps-1.16:openshift-gitops-1/gitops-rhel8-operator@sha256:5fffd4c7810ad8347cc0ce5c74512b5dfba20e498437b8b872c9f4020450b3a0_s390x",
"8Base-GitOps-1.16:openshift-gitops-1/gitops-rhel8-operator@sha256:88d72dc49076d2983ed43311ece085067d468579e0c5aae49a638d2101ca7f6f_arm64",
"8Base-GitOps-1.16:openshift-gitops-1/gitops-rhel8-operator@sha256:a0d4da0651c88891561941b7a3450fc15db55a3fbc7b5d825b60fc07b4c6452a_ppc64le",
"8Base-GitOps-1.16:openshift-gitops-1/gitops-rhel8@sha256:064ee457d8654c3ca85684a2bdef3f07bba2e21afd27857e98284a287108f14b_s390x",
"8Base-GitOps-1.16:openshift-gitops-1/gitops-rhel8@sha256:548018330614afa2d60e157817eb5bb234975d01c681ef75ccf27a04a3e5d7bc_amd64",
"8Base-GitOps-1.16:openshift-gitops-1/gitops-rhel8@sha256:890ad2638a1ac4679d70ff4075f7be46d5b78a158cee7bdcf179698df3e4195c_ppc64le",
"8Base-GitOps-1.16:openshift-gitops-1/gitops-rhel8@sha256:e0d4da573364c3412da85ec2ec38e105bd1c53db44cb62f9abc297427739c468_arm64",
"8Base-GitOps-1.16:openshift-gitops-1/must-gather-rhel8@sha256:2edc9ba7f87bb47d718a8cfb9e62b7d3c83d0920992c3cb13403be78042f5222_s390x",
"8Base-GitOps-1.16:openshift-gitops-1/must-gather-rhel8@sha256:2f0dd107ba451c5e88eb9c89b5cb8c887499c8e95153a8eaaa3f486a0dc90307_amd64",
"8Base-GitOps-1.16:openshift-gitops-1/must-gather-rhel8@sha256:982a66ff060285fd15ef6c599634283f4166e31bed73d01b245fca0c8413a6ab_arm64",
"8Base-GitOps-1.16:openshift-gitops-1/must-gather-rhel8@sha256:a741a5785a9502466d074cda2002bd63dc1955a844abcb7558e45a017c5045e0_ppc64le",
"9Base-GitOps-1.16:openshift-gitops-1/argocd-rhel9@sha256:78c0715198d0d9dc8f4fc25197423412eabd5fd4d82151a41f3568a74c4e7317_amd64",
"9Base-GitOps-1.16:openshift-gitops-1/argocd-rhel9@sha256:e9f89c838a37794fe47d6aa5496f9db2d604e38ed51193e236191dbff0e41c92_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "argocd: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS)"
}
]
}
RHSA-2025:8274
Vulnerability from csaf_redhat - Published: 2025-05-28 20:39 - Updated: 2026-03-17 06:46Summary
Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.14.4 security update
Severity
Important
Notes
Topic: Errata Advisory for Red Hat OpenShift GitOps v1.14.4 security update.
Details: Errata Advisory for Red Hat OpenShift GitOps v1.14.4 security release.
Security Fix(es):
* openshift-gitops-argocd-container: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS) [gitops-1.14](CVE-2025-47933 )
* openshift-gitops-1/gitops-operator-bundle: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS) [gitops-1.14](CVE-2025-47933)
* openshift-gitops-1/argocd-rhel9: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS) [gitops-1.14](CVE-2025-47933)
* openshift-gitops-operator-container: Namespace Isolation Break [gitops-1.14](CVE-2024-13484)
* openshift-gitops-dex-container: Unexpected memory consumption during token parsing in golang.org/x/oauth2 [gitops-1.14](CVE-2025-22868)
* openshift-gitops-container: Potential denial of service in golang.org/x/crypto [gitops-1.14](CVE-2025-22869)
* openshift-gitops-argo-rollouts-container: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS [gitops-1.14](CVE-2023-45288)
* openshift-gitops-argocd-container: jwt-go allows excessive memory allocation during header parsing [gitops-1.14](CVE-2025-30204)
* openshift-gitops-argocd-rhel9-container: jwt-go allows excessive memory allocation during header parsing [gitops-1.14](CVE-2025-30204)
* openshift-gitops-argocd-container: Prototype Pollution in redoc [gitops-1.14](CVE-2024-57083)
* openshift-gitops-argocd-rhel9-container: Prototype Pollution in redoc [gitops-1.14](CVE-2024-57083)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:8274
Workaround
In some environments where http/2 support is not required, it may be possible to disable this feature to reduce risk.
A flaw was found in openshift-gitops-operator-container. The openshift.io/cluster-monitoring label is applied to all namespaces that deploy an ArgoCD CR instance, allowing the namespace to create a rogue PrometheusRule. This issue can have adverse effects on the platform monitoring stack, as the rule is rolled out cluster-wide when the label is applied.
8.2 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:8274
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in redoc. This vulnerability can allow an attacker to cause a Denial of Service (DoS) via supplying a crafted payload.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:8274
A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, ".")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:8274
Workaround
To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.
A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:8274
Workaround
This flaw can be mitigated when using the client only connecting to trusted servers.
A flaw was found in the golang-jwt implementation of JSON Web Tokens (JWT). In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an application crash, leading to a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:8274
Workaround
Red Hat Product Security does not have a recommended mitigation at this time.
A flaw was found in Argo CD, where improper filtering of repository URLs in the UI allows JavaScript injection. A crafted javascript: link can lead to cross-site scripting when viewed by another user. This can result in unauthorized API actions via the victim's session.
8.2 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:8274
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Acknowledgments
nowotarski.info
Bartek Nowotarski
jub0bs
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Errata Advisory for Red Hat OpenShift GitOps v1.14.4 security update.",
"title": "Topic"
},
{
"category": "general",
"text": "Errata Advisory for Red Hat OpenShift GitOps v1.14.4 security release.\n\nSecurity Fix(es):\n\n* openshift-gitops-argocd-container: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS) [gitops-1.14](CVE-2025-47933 )\n* openshift-gitops-1/gitops-operator-bundle: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS) [gitops-1.14](CVE-2025-47933)\n* openshift-gitops-1/argocd-rhel9: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS) [gitops-1.14](CVE-2025-47933)\n* openshift-gitops-operator-container: Namespace Isolation Break [gitops-1.14](CVE-2024-13484)\n* openshift-gitops-dex-container: Unexpected memory consumption during token parsing in golang.org/x/oauth2 [gitops-1.14](CVE-2025-22868)\n* openshift-gitops-container: Potential denial of service in golang.org/x/crypto [gitops-1.14](CVE-2025-22869)\n* openshift-gitops-argo-rollouts-container: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS [gitops-1.14](CVE-2023-45288)\n* openshift-gitops-argocd-container: jwt-go allows excessive memory allocation during header parsing [gitops-1.14](CVE-2025-30204)\n* openshift-gitops-argocd-rhel9-container: jwt-go allows excessive memory allocation during header parsing [gitops-1.14](CVE-2025-30204)\n* openshift-gitops-argocd-container: Prototype Pollution in redoc [gitops-1.14](CVE-2024-57083)\n* openshift-gitops-argocd-rhel9-container: Prototype Pollution in redoc [gitops-1.14](CVE-2024-57083)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:8274",
"url": "https://access.redhat.com/errata/RHSA-2025:8274"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "GITOPS-6254",
"url": "https://issues.redhat.com/browse/GITOPS-6254"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_8274.json"
}
],
"title": "Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.14.4 security update",
"tracking": {
"current_release_date": "2026-03-17T06:46:22+00:00",
"generator": {
"date": "2026-03-17T06:46:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:8274",
"initial_release_date": "2025-05-28T20:39:49+00:00",
"revision_history": [
{
"date": "2025-05-28T20:39:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-05-28T20:39:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-17T06:46:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.14",
"product": {
"name": "Red Hat OpenShift GitOps 1.14",
"product_id": "8Base-GitOps-1.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_gitops:1.14::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.14",
"product": {
"name": "Red Hat OpenShift GitOps 1.14",
"product_id": "9Base-GitOps-1.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_gitops:1.14::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift GitOps"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:cb5b95895261589a9845628f6ba2f0d8bea6bde9908ed8d49c3e4ae24d447f50_amd64",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:cb5b95895261589a9845628f6ba2f0d8bea6bde9908ed8d49c3e4ae24d447f50_amd64",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:cb5b95895261589a9845628f6ba2f0d8bea6bde9908ed8d49c3e4ae24d447f50_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:cb5b95895261589a9845628f6ba2f0d8bea6bde9908ed8d49c3e4ae24d447f50?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.14.4-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel9@sha256:b7c3bb5d3cbde94a34aa0244bb0362e7069a3de221dec6b8b820c0d235bd76fe_amd64",
"product": {
"name": "openshift-gitops-1/argocd-rhel9@sha256:b7c3bb5d3cbde94a34aa0244bb0362e7069a3de221dec6b8b820c0d235bd76fe_amd64",
"product_id": "openshift-gitops-1/argocd-rhel9@sha256:b7c3bb5d3cbde94a34aa0244bb0362e7069a3de221dec6b8b820c0d235bd76fe_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel9@sha256:b7c3bb5d3cbde94a34aa0244bb0362e7069a3de221dec6b8b820c0d235bd76fe?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel9\u0026tag=v1.14.4-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:fdb7dba204200801073ff293ad3842c6ae48b6decafae292729ad7d571e90f19_amd64",
"product": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:fdb7dba204200801073ff293ad3842c6ae48b6decafae292729ad7d571e90f19_amd64",
"product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:fdb7dba204200801073ff293ad3842c6ae48b6decafae292729ad7d571e90f19_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256:fdb7dba204200801073ff293ad3842c6ae48b6decafae292729ad7d571e90f19?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.14.4-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:8dc71e6ebd38cb2e54de2cc2c13717e170944598b206e332d799acb5bd411a40_amd64",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:8dc71e6ebd38cb2e54de2cc2c13717e170944598b206e332d799acb5bd411a40_amd64",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:8dc71e6ebd38cb2e54de2cc2c13717e170944598b206e332d799acb5bd411a40_amd64",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:8dc71e6ebd38cb2e54de2cc2c13717e170944598b206e332d799acb5bd411a40?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.14.4-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:fa82571fbf077de163d8d56d9d587971f5179740e9455e9e7bd6bc62b0330ba3_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:fa82571fbf077de163d8d56d9d587971f5179740e9455e9e7bd6bc62b0330ba3_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:fa82571fbf077de163d8d56d9d587971f5179740e9455e9e7bd6bc62b0330ba3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:fa82571fbf077de163d8d56d9d587971f5179740e9455e9e7bd6bc62b0330ba3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.14.4-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:bd801415cb506c52d03a390323c098c7fa8f99af1895301708d1a0a56f72b215_amd64",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:bd801415cb506c52d03a390323c098c7fa8f99af1895301708d1a0a56f72b215_amd64",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:bd801415cb506c52d03a390323c098c7fa8f99af1895301708d1a0a56f72b215_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:bd801415cb506c52d03a390323c098c7fa8f99af1895301708d1a0a56f72b215?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.14.4-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:cec57b21fa14774d14295464b3344c0517f24b72cef6e4360f55fdb350366557_amd64",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:cec57b21fa14774d14295464b3344c0517f24b72cef6e4360f55fdb350366557_amd64",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:cec57b21fa14774d14295464b3344c0517f24b72cef6e4360f55fdb350366557_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:cec57b21fa14774d14295464b3344c0517f24b72cef6e4360f55fdb350366557?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.14.4-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/must-gather-rhel8@sha256:87c02c7ae9f6be6e8159bb23d18d9c6e4625d28a8309e43fa60b51a168266051_amd64",
"product": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:87c02c7ae9f6be6e8159bb23d18d9c6e4625d28a8309e43fa60b51a168266051_amd64",
"product_id": "openshift-gitops-1/must-gather-rhel8@sha256:87c02c7ae9f6be6e8159bb23d18d9c6e4625d28a8309e43fa60b51a168266051_amd64",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256:87c02c7ae9f6be6e8159bb23d18d9c6e4625d28a8309e43fa60b51a168266051?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.14.4-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:773592dfb9964970f444871a8812e8b74db3f205faaa0bf148defa1a2b87b649_amd64",
"product": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:773592dfb9964970f444871a8812e8b74db3f205faaa0bf148defa1a2b87b649_amd64",
"product_id": "openshift-gitops-1/gitops-operator-bundle@sha256:773592dfb9964970f444871a8812e8b74db3f205faaa0bf148defa1a2b87b649_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-operator-bundle@sha256:773592dfb9964970f444871a8812e8b74db3f205faaa0bf148defa1a2b87b649?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-operator-bundle\u0026tag=v1.14.4-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:97603cb305c6ff71a01aef4c494ca4e4b013bb1f55e4a98c99734d57fb03f4f8_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:97603cb305c6ff71a01aef4c494ca4e4b013bb1f55e4a98c99734d57fb03f4f8_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:97603cb305c6ff71a01aef4c494ca4e4b013bb1f55e4a98c99734d57fb03f4f8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:97603cb305c6ff71a01aef4c494ca4e4b013bb1f55e4a98c99734d57fb03f4f8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.14.4-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:30d63e8254a436279fc5e11c5bf7b62d85502acc221d4207fd70a15e54a7ee16_s390x",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:30d63e8254a436279fc5e11c5bf7b62d85502acc221d4207fd70a15e54a7ee16_s390x",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:30d63e8254a436279fc5e11c5bf7b62d85502acc221d4207fd70a15e54a7ee16_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:30d63e8254a436279fc5e11c5bf7b62d85502acc221d4207fd70a15e54a7ee16?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.14.4-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:23a8aac6d2e009bbba4b0bd7beec63306f0c1509f34d2dd8ab8a611011dc17dd_s390x",
"product": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:23a8aac6d2e009bbba4b0bd7beec63306f0c1509f34d2dd8ab8a611011dc17dd_s390x",
"product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:23a8aac6d2e009bbba4b0bd7beec63306f0c1509f34d2dd8ab8a611011dc17dd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256:23a8aac6d2e009bbba4b0bd7beec63306f0c1509f34d2dd8ab8a611011dc17dd?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.14.4-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:0512fba38410f128d3137fa397281b5ca95b76943dd51fcf78a7feacbb16d96b_s390x",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:0512fba38410f128d3137fa397281b5ca95b76943dd51fcf78a7feacbb16d96b_s390x",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:0512fba38410f128d3137fa397281b5ca95b76943dd51fcf78a7feacbb16d96b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:0512fba38410f128d3137fa397281b5ca95b76943dd51fcf78a7feacbb16d96b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.14.4-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:e8b3e42c2ca79b6665920f9a739461f94937e511c2e7ccf60da338460084de0f_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:e8b3e42c2ca79b6665920f9a739461f94937e511c2e7ccf60da338460084de0f_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:e8b3e42c2ca79b6665920f9a739461f94937e511c2e7ccf60da338460084de0f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:e8b3e42c2ca79b6665920f9a739461f94937e511c2e7ccf60da338460084de0f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.14.4-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:e7f8db64e7c7a2ae31caf2f54c60debc803acacc7f0df18e49c246f3f878557e_s390x",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:e7f8db64e7c7a2ae31caf2f54c60debc803acacc7f0df18e49c246f3f878557e_s390x",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:e7f8db64e7c7a2ae31caf2f54c60debc803acacc7f0df18e49c246f3f878557e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:e7f8db64e7c7a2ae31caf2f54c60debc803acacc7f0df18e49c246f3f878557e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.14.4-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:2e641073b54b27f405def00c4b8731cbf9cdffe2ed8f89c9c29782c18fb55b67_s390x",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:2e641073b54b27f405def00c4b8731cbf9cdffe2ed8f89c9c29782c18fb55b67_s390x",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:2e641073b54b27f405def00c4b8731cbf9cdffe2ed8f89c9c29782c18fb55b67_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:2e641073b54b27f405def00c4b8731cbf9cdffe2ed8f89c9c29782c18fb55b67?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.14.4-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/must-gather-rhel8@sha256:e8ab6cd8d0bb3464eb21b54580af300e43bf8b7d5ff66d99eb30abd586c0f198_s390x",
"product": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:e8ab6cd8d0bb3464eb21b54580af300e43bf8b7d5ff66d99eb30abd586c0f198_s390x",
"product_id": "openshift-gitops-1/must-gather-rhel8@sha256:e8ab6cd8d0bb3464eb21b54580af300e43bf8b7d5ff66d99eb30abd586c0f198_s390x",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256:e8ab6cd8d0bb3464eb21b54580af300e43bf8b7d5ff66d99eb30abd586c0f198?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.14.4-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:57388b8ed2c018728f7efed7d355fa1ac066d19c224a27a7517a2fba01c5d3f6_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:57388b8ed2c018728f7efed7d355fa1ac066d19c224a27a7517a2fba01c5d3f6_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:57388b8ed2c018728f7efed7d355fa1ac066d19c224a27a7517a2fba01c5d3f6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:57388b8ed2c018728f7efed7d355fa1ac066d19c224a27a7517a2fba01c5d3f6?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.14.4-1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:d238690e3827286b7aba7f7d259ec0aaae1ae3fe923c56b00c742ec8737a7c8c_arm64",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:d238690e3827286b7aba7f7d259ec0aaae1ae3fe923c56b00c742ec8737a7c8c_arm64",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:d238690e3827286b7aba7f7d259ec0aaae1ae3fe923c56b00c742ec8737a7c8c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:d238690e3827286b7aba7f7d259ec0aaae1ae3fe923c56b00c742ec8737a7c8c?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.14.4-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel9@sha256:9e0f1ba8a30ad561367651c67f641fd0053f45d17bb175f9f6889f8461bae790_arm64",
"product": {
"name": "openshift-gitops-1/argocd-rhel9@sha256:9e0f1ba8a30ad561367651c67f641fd0053f45d17bb175f9f6889f8461bae790_arm64",
"product_id": "openshift-gitops-1/argocd-rhel9@sha256:9e0f1ba8a30ad561367651c67f641fd0053f45d17bb175f9f6889f8461bae790_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel9@sha256:9e0f1ba8a30ad561367651c67f641fd0053f45d17bb175f9f6889f8461bae790?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel9\u0026tag=v1.14.4-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:d72734b90db1ce7201a96c524ac571c87a49da09ff4d318f68ae6852c6d16b76_arm64",
"product": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:d72734b90db1ce7201a96c524ac571c87a49da09ff4d318f68ae6852c6d16b76_arm64",
"product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:d72734b90db1ce7201a96c524ac571c87a49da09ff4d318f68ae6852c6d16b76_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256:d72734b90db1ce7201a96c524ac571c87a49da09ff4d318f68ae6852c6d16b76?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.14.4-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:49d66633f974c5ce83a09bca0a69538271b4991f1e7df4b35e2d7fb2540188f7_arm64",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:49d66633f974c5ce83a09bca0a69538271b4991f1e7df4b35e2d7fb2540188f7_arm64",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:49d66633f974c5ce83a09bca0a69538271b4991f1e7df4b35e2d7fb2540188f7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:49d66633f974c5ce83a09bca0a69538271b4991f1e7df4b35e2d7fb2540188f7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.14.4-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:e7e7dba53756f1053ca385b6c279889c9c87bf05adc604b77619fec12c582f99_arm64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:e7e7dba53756f1053ca385b6c279889c9c87bf05adc604b77619fec12c582f99_arm64",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:e7e7dba53756f1053ca385b6c279889c9c87bf05adc604b77619fec12c582f99_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:e7e7dba53756f1053ca385b6c279889c9c87bf05adc604b77619fec12c582f99?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.14.4-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:455f5ae73a9f061ee99f914544abbfef7a5b902179fdaf956802edcee20d767a_arm64",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:455f5ae73a9f061ee99f914544abbfef7a5b902179fdaf956802edcee20d767a_arm64",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:455f5ae73a9f061ee99f914544abbfef7a5b902179fdaf956802edcee20d767a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:455f5ae73a9f061ee99f914544abbfef7a5b902179fdaf956802edcee20d767a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.14.4-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:aa624fcfd4bd94f512dcb1c3e626049f5ab2c7b6babde284c9b800420e315697_arm64",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:aa624fcfd4bd94f512dcb1c3e626049f5ab2c7b6babde284c9b800420e315697_arm64",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:aa624fcfd4bd94f512dcb1c3e626049f5ab2c7b6babde284c9b800420e315697_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:aa624fcfd4bd94f512dcb1c3e626049f5ab2c7b6babde284c9b800420e315697?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.14.4-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/must-gather-rhel8@sha256:589a8d9e59219c7cceafb4c0abc3d0e8e90857a625d9dc6a11c7b3ed92fa509e_arm64",
"product": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:589a8d9e59219c7cceafb4c0abc3d0e8e90857a625d9dc6a11c7b3ed92fa509e_arm64",
"product_id": "openshift-gitops-1/must-gather-rhel8@sha256:589a8d9e59219c7cceafb4c0abc3d0e8e90857a625d9dc6a11c7b3ed92fa509e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256:589a8d9e59219c7cceafb4c0abc3d0e8e90857a625d9dc6a11c7b3ed92fa509e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.14.4-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:8181401cb43af84059707ab096fa7f0599a251aadc4f7d53bb38098b5e7dd752_arm64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:8181401cb43af84059707ab096fa7f0599a251aadc4f7d53bb38098b5e7dd752_arm64",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:8181401cb43af84059707ab096fa7f0599a251aadc4f7d53bb38098b5e7dd752_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:8181401cb43af84059707ab096fa7f0599a251aadc4f7d53bb38098b5e7dd752?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.14.4-1"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:7c537c7cf6a0432646b7ab05ee73e0977f5f3b7b0fd3d6be37c02f9396a1d737_ppc64le",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:7c537c7cf6a0432646b7ab05ee73e0977f5f3b7b0fd3d6be37c02f9396a1d737_ppc64le",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:7c537c7cf6a0432646b7ab05ee73e0977f5f3b7b0fd3d6be37c02f9396a1d737_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:7c537c7cf6a0432646b7ab05ee73e0977f5f3b7b0fd3d6be37c02f9396a1d737?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.14.4-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:dbdb2e380a47e55c12c4c4fea9fc4b69f9073ef00138dd82923dc095250d4db6_ppc64le",
"product": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:dbdb2e380a47e55c12c4c4fea9fc4b69f9073ef00138dd82923dc095250d4db6_ppc64le",
"product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:dbdb2e380a47e55c12c4c4fea9fc4b69f9073ef00138dd82923dc095250d4db6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256:dbdb2e380a47e55c12c4c4fea9fc4b69f9073ef00138dd82923dc095250d4db6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.14.4-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:c3c850aa2526b48853e27a808b3565dcfd133770229be259b60fb9286f8f5d2e_ppc64le",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:c3c850aa2526b48853e27a808b3565dcfd133770229be259b60fb9286f8f5d2e_ppc64le",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:c3c850aa2526b48853e27a808b3565dcfd133770229be259b60fb9286f8f5d2e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:c3c850aa2526b48853e27a808b3565dcfd133770229be259b60fb9286f8f5d2e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.14.4-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:8989ea6a8e7cb8a7ef64635fcf28c9b800c9287411071444f8fb358df832fe38_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:8989ea6a8e7cb8a7ef64635fcf28c9b800c9287411071444f8fb358df832fe38_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:8989ea6a8e7cb8a7ef64635fcf28c9b800c9287411071444f8fb358df832fe38_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:8989ea6a8e7cb8a7ef64635fcf28c9b800c9287411071444f8fb358df832fe38?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.14.4-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:f32c097916c50ab0718ec75c1bf6ea12abc99b1b29e4cb3ece122fa4112e6a42_ppc64le",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:f32c097916c50ab0718ec75c1bf6ea12abc99b1b29e4cb3ece122fa4112e6a42_ppc64le",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:f32c097916c50ab0718ec75c1bf6ea12abc99b1b29e4cb3ece122fa4112e6a42_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:f32c097916c50ab0718ec75c1bf6ea12abc99b1b29e4cb3ece122fa4112e6a42?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.14.4-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:78c9599b4298cb6dcb59c871c52bd4b0e135fc03c723fa1d02ce584193ac14c7_ppc64le",
"product": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:78c9599b4298cb6dcb59c871c52bd4b0e135fc03c723fa1d02ce584193ac14c7_ppc64le",
"product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:78c9599b4298cb6dcb59c871c52bd4b0e135fc03c723fa1d02ce584193ac14c7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kam-delivery-rhel8@sha256:78c9599b4298cb6dcb59c871c52bd4b0e135fc03c723fa1d02ce584193ac14c7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.14.4-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/must-gather-rhel8@sha256:0db60917a32763220ae442c97b1e199b1dd0a713db0ae0a8fe11dfe392e9bd63_ppc64le",
"product": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:0db60917a32763220ae442c97b1e199b1dd0a713db0ae0a8fe11dfe392e9bd63_ppc64le",
"product_id": "openshift-gitops-1/must-gather-rhel8@sha256:0db60917a32763220ae442c97b1e199b1dd0a713db0ae0a8fe11dfe392e9bd63_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256:0db60917a32763220ae442c97b1e199b1dd0a713db0ae0a8fe11dfe392e9bd63?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.14.4-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:a3c3733bb827d469b5f51b9804a1515a13f58dd21e9f436bbdd0df280bb49f93_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:a3c3733bb827d469b5f51b9804a1515a13f58dd21e9f436bbdd0df280bb49f93_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:a3c3733bb827d469b5f51b9804a1515a13f58dd21e9f436bbdd0df280bb49f93_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:a3c3733bb827d469b5f51b9804a1515a13f58dd21e9f436bbdd0df280bb49f93?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.14.4-1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:23a8aac6d2e009bbba4b0bd7beec63306f0c1509f34d2dd8ab8a611011dc17dd_s390x as a component of Red Hat OpenShift GitOps 1.14",
"product_id": "8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:23a8aac6d2e009bbba4b0bd7beec63306f0c1509f34d2dd8ab8a611011dc17dd_s390x"
},
"product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:23a8aac6d2e009bbba4b0bd7beec63306f0c1509f34d2dd8ab8a611011dc17dd_s390x",
"relates_to_product_reference": "8Base-GitOps-1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:d72734b90db1ce7201a96c524ac571c87a49da09ff4d318f68ae6852c6d16b76_arm64 as a component of Red Hat OpenShift GitOps 1.14",
"product_id": "8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:d72734b90db1ce7201a96c524ac571c87a49da09ff4d318f68ae6852c6d16b76_arm64"
},
"product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:d72734b90db1ce7201a96c524ac571c87a49da09ff4d318f68ae6852c6d16b76_arm64",
"relates_to_product_reference": "8Base-GitOps-1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:dbdb2e380a47e55c12c4c4fea9fc4b69f9073ef00138dd82923dc095250d4db6_ppc64le as a component of Red Hat OpenShift GitOps 1.14",
"product_id": "8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:dbdb2e380a47e55c12c4c4fea9fc4b69f9073ef00138dd82923dc095250d4db6_ppc64le"
},
"product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:dbdb2e380a47e55c12c4c4fea9fc4b69f9073ef00138dd82923dc095250d4db6_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:fdb7dba204200801073ff293ad3842c6ae48b6decafae292729ad7d571e90f19_amd64 as a component of Red Hat OpenShift GitOps 1.14",
"product_id": "8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:fdb7dba204200801073ff293ad3842c6ae48b6decafae292729ad7d571e90f19_amd64"
},
"product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:fdb7dba204200801073ff293ad3842c6ae48b6decafae292729ad7d571e90f19_amd64",
"relates_to_product_reference": "8Base-GitOps-1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:30d63e8254a436279fc5e11c5bf7b62d85502acc221d4207fd70a15e54a7ee16_s390x as a component of Red Hat OpenShift GitOps 1.14",
"product_id": "8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:30d63e8254a436279fc5e11c5bf7b62d85502acc221d4207fd70a15e54a7ee16_s390x"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:30d63e8254a436279fc5e11c5bf7b62d85502acc221d4207fd70a15e54a7ee16_s390x",
"relates_to_product_reference": "8Base-GitOps-1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:7c537c7cf6a0432646b7ab05ee73e0977f5f3b7b0fd3d6be37c02f9396a1d737_ppc64le as a component of Red Hat OpenShift GitOps 1.14",
"product_id": "8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:7c537c7cf6a0432646b7ab05ee73e0977f5f3b7b0fd3d6be37c02f9396a1d737_ppc64le"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:7c537c7cf6a0432646b7ab05ee73e0977f5f3b7b0fd3d6be37c02f9396a1d737_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:cb5b95895261589a9845628f6ba2f0d8bea6bde9908ed8d49c3e4ae24d447f50_amd64 as a component of Red Hat OpenShift GitOps 1.14",
"product_id": "8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:cb5b95895261589a9845628f6ba2f0d8bea6bde9908ed8d49c3e4ae24d447f50_amd64"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:cb5b95895261589a9845628f6ba2f0d8bea6bde9908ed8d49c3e4ae24d447f50_amd64",
"relates_to_product_reference": "8Base-GitOps-1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:d238690e3827286b7aba7f7d259ec0aaae1ae3fe923c56b00c742ec8737a7c8c_arm64 as a component of Red Hat OpenShift GitOps 1.14",
"product_id": "8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:d238690e3827286b7aba7f7d259ec0aaae1ae3fe923c56b00c742ec8737a7c8c_arm64"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:d238690e3827286b7aba7f7d259ec0aaae1ae3fe923c56b00c742ec8737a7c8c_arm64",
"relates_to_product_reference": "8Base-GitOps-1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:0512fba38410f128d3137fa397281b5ca95b76943dd51fcf78a7feacbb16d96b_s390x as a component of Red Hat OpenShift GitOps 1.14",
"product_id": "8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:0512fba38410f128d3137fa397281b5ca95b76943dd51fcf78a7feacbb16d96b_s390x"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:0512fba38410f128d3137fa397281b5ca95b76943dd51fcf78a7feacbb16d96b_s390x",
"relates_to_product_reference": "8Base-GitOps-1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:49d66633f974c5ce83a09bca0a69538271b4991f1e7df4b35e2d7fb2540188f7_arm64 as a component of Red Hat OpenShift GitOps 1.14",
"product_id": "8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:49d66633f974c5ce83a09bca0a69538271b4991f1e7df4b35e2d7fb2540188f7_arm64"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:49d66633f974c5ce83a09bca0a69538271b4991f1e7df4b35e2d7fb2540188f7_arm64",
"relates_to_product_reference": "8Base-GitOps-1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:8dc71e6ebd38cb2e54de2cc2c13717e170944598b206e332d799acb5bd411a40_amd64 as a component of Red Hat OpenShift GitOps 1.14",
"product_id": "8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:8dc71e6ebd38cb2e54de2cc2c13717e170944598b206e332d799acb5bd411a40_amd64"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:8dc71e6ebd38cb2e54de2cc2c13717e170944598b206e332d799acb5bd411a40_amd64",
"relates_to_product_reference": "8Base-GitOps-1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:c3c850aa2526b48853e27a808b3565dcfd133770229be259b60fb9286f8f5d2e_ppc64le as a component of Red Hat OpenShift GitOps 1.14",
"product_id": "8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:c3c850aa2526b48853e27a808b3565dcfd133770229be259b60fb9286f8f5d2e_ppc64le"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:c3c850aa2526b48853e27a808b3565dcfd133770229be259b60fb9286f8f5d2e_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:455f5ae73a9f061ee99f914544abbfef7a5b902179fdaf956802edcee20d767a_arm64 as a component of Red Hat OpenShift GitOps 1.14",
"product_id": "8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:455f5ae73a9f061ee99f914544abbfef7a5b902179fdaf956802edcee20d767a_arm64"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:455f5ae73a9f061ee99f914544abbfef7a5b902179fdaf956802edcee20d767a_arm64",
"relates_to_product_reference": "8Base-GitOps-1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:bd801415cb506c52d03a390323c098c7fa8f99af1895301708d1a0a56f72b215_amd64 as a component of Red Hat OpenShift GitOps 1.14",
"product_id": "8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:bd801415cb506c52d03a390323c098c7fa8f99af1895301708d1a0a56f72b215_amd64"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:bd801415cb506c52d03a390323c098c7fa8f99af1895301708d1a0a56f72b215_amd64",
"relates_to_product_reference": "8Base-GitOps-1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:e7f8db64e7c7a2ae31caf2f54c60debc803acacc7f0df18e49c246f3f878557e_s390x as a component of Red Hat OpenShift GitOps 1.14",
"product_id": "8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:e7f8db64e7c7a2ae31caf2f54c60debc803acacc7f0df18e49c246f3f878557e_s390x"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:e7f8db64e7c7a2ae31caf2f54c60debc803acacc7f0df18e49c246f3f878557e_s390x",
"relates_to_product_reference": "8Base-GitOps-1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:f32c097916c50ab0718ec75c1bf6ea12abc99b1b29e4cb3ece122fa4112e6a42_ppc64le as a component of Red Hat OpenShift GitOps 1.14",
"product_id": "8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:f32c097916c50ab0718ec75c1bf6ea12abc99b1b29e4cb3ece122fa4112e6a42_ppc64le"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:f32c097916c50ab0718ec75c1bf6ea12abc99b1b29e4cb3ece122fa4112e6a42_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:773592dfb9964970f444871a8812e8b74db3f205faaa0bf148defa1a2b87b649_amd64 as a component of Red Hat OpenShift GitOps 1.14",
"product_id": "8Base-GitOps-1.14:openshift-gitops-1/gitops-operator-bundle@sha256:773592dfb9964970f444871a8812e8b74db3f205faaa0bf148defa1a2b87b649_amd64"
},
"product_reference": "openshift-gitops-1/gitops-operator-bundle@sha256:773592dfb9964970f444871a8812e8b74db3f205faaa0bf148defa1a2b87b649_amd64",
"relates_to_product_reference": "8Base-GitOps-1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:57388b8ed2c018728f7efed7d355fa1ac066d19c224a27a7517a2fba01c5d3f6_s390x as a component of Red Hat OpenShift GitOps 1.14",
"product_id": "8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:57388b8ed2c018728f7efed7d355fa1ac066d19c224a27a7517a2fba01c5d3f6_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:57388b8ed2c018728f7efed7d355fa1ac066d19c224a27a7517a2fba01c5d3f6_s390x",
"relates_to_product_reference": "8Base-GitOps-1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:8181401cb43af84059707ab096fa7f0599a251aadc4f7d53bb38098b5e7dd752_arm64 as a component of Red Hat OpenShift GitOps 1.14",
"product_id": "8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:8181401cb43af84059707ab096fa7f0599a251aadc4f7d53bb38098b5e7dd752_arm64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:8181401cb43af84059707ab096fa7f0599a251aadc4f7d53bb38098b5e7dd752_arm64",
"relates_to_product_reference": "8Base-GitOps-1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:97603cb305c6ff71a01aef4c494ca4e4b013bb1f55e4a98c99734d57fb03f4f8_amd64 as a component of Red Hat OpenShift GitOps 1.14",
"product_id": "8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:97603cb305c6ff71a01aef4c494ca4e4b013bb1f55e4a98c99734d57fb03f4f8_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:97603cb305c6ff71a01aef4c494ca4e4b013bb1f55e4a98c99734d57fb03f4f8_amd64",
"relates_to_product_reference": "8Base-GitOps-1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:a3c3733bb827d469b5f51b9804a1515a13f58dd21e9f436bbdd0df280bb49f93_ppc64le as a component of Red Hat OpenShift GitOps 1.14",
"product_id": "8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:a3c3733bb827d469b5f51b9804a1515a13f58dd21e9f436bbdd0df280bb49f93_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:a3c3733bb827d469b5f51b9804a1515a13f58dd21e9f436bbdd0df280bb49f93_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:8989ea6a8e7cb8a7ef64635fcf28c9b800c9287411071444f8fb358df832fe38_ppc64le as a component of Red Hat OpenShift GitOps 1.14",
"product_id": "8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:8989ea6a8e7cb8a7ef64635fcf28c9b800c9287411071444f8fb358df832fe38_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:8989ea6a8e7cb8a7ef64635fcf28c9b800c9287411071444f8fb358df832fe38_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:e7e7dba53756f1053ca385b6c279889c9c87bf05adc604b77619fec12c582f99_arm64 as a component of Red Hat OpenShift GitOps 1.14",
"product_id": "8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e7e7dba53756f1053ca385b6c279889c9c87bf05adc604b77619fec12c582f99_arm64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:e7e7dba53756f1053ca385b6c279889c9c87bf05adc604b77619fec12c582f99_arm64",
"relates_to_product_reference": "8Base-GitOps-1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:e8b3e42c2ca79b6665920f9a739461f94937e511c2e7ccf60da338460084de0f_s390x as a component of Red Hat OpenShift GitOps 1.14",
"product_id": "8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e8b3e42c2ca79b6665920f9a739461f94937e511c2e7ccf60da338460084de0f_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:e8b3e42c2ca79b6665920f9a739461f94937e511c2e7ccf60da338460084de0f_s390x",
"relates_to_product_reference": "8Base-GitOps-1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:fa82571fbf077de163d8d56d9d587971f5179740e9455e9e7bd6bc62b0330ba3_amd64 as a component of Red Hat OpenShift GitOps 1.14",
"product_id": "8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:fa82571fbf077de163d8d56d9d587971f5179740e9455e9e7bd6bc62b0330ba3_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:fa82571fbf077de163d8d56d9d587971f5179740e9455e9e7bd6bc62b0330ba3_amd64",
"relates_to_product_reference": "8Base-GitOps-1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:2e641073b54b27f405def00c4b8731cbf9cdffe2ed8f89c9c29782c18fb55b67_s390x as a component of Red Hat OpenShift GitOps 1.14",
"product_id": "8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:2e641073b54b27f405def00c4b8731cbf9cdffe2ed8f89c9c29782c18fb55b67_s390x"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:2e641073b54b27f405def00c4b8731cbf9cdffe2ed8f89c9c29782c18fb55b67_s390x",
"relates_to_product_reference": "8Base-GitOps-1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:78c9599b4298cb6dcb59c871c52bd4b0e135fc03c723fa1d02ce584193ac14c7_ppc64le as a component of Red Hat OpenShift GitOps 1.14",
"product_id": "8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:78c9599b4298cb6dcb59c871c52bd4b0e135fc03c723fa1d02ce584193ac14c7_ppc64le"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:78c9599b4298cb6dcb59c871c52bd4b0e135fc03c723fa1d02ce584193ac14c7_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:aa624fcfd4bd94f512dcb1c3e626049f5ab2c7b6babde284c9b800420e315697_arm64 as a component of Red Hat OpenShift GitOps 1.14",
"product_id": "8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:aa624fcfd4bd94f512dcb1c3e626049f5ab2c7b6babde284c9b800420e315697_arm64"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:aa624fcfd4bd94f512dcb1c3e626049f5ab2c7b6babde284c9b800420e315697_arm64",
"relates_to_product_reference": "8Base-GitOps-1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/kam-delivery-rhel8@sha256:cec57b21fa14774d14295464b3344c0517f24b72cef6e4360f55fdb350366557_amd64 as a component of Red Hat OpenShift GitOps 1.14",
"product_id": "8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:cec57b21fa14774d14295464b3344c0517f24b72cef6e4360f55fdb350366557_amd64"
},
"product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:cec57b21fa14774d14295464b3344c0517f24b72cef6e4360f55fdb350366557_amd64",
"relates_to_product_reference": "8Base-GitOps-1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:0db60917a32763220ae442c97b1e199b1dd0a713db0ae0a8fe11dfe392e9bd63_ppc64le as a component of Red Hat OpenShift GitOps 1.14",
"product_id": "8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:0db60917a32763220ae442c97b1e199b1dd0a713db0ae0a8fe11dfe392e9bd63_ppc64le"
},
"product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:0db60917a32763220ae442c97b1e199b1dd0a713db0ae0a8fe11dfe392e9bd63_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:589a8d9e59219c7cceafb4c0abc3d0e8e90857a625d9dc6a11c7b3ed92fa509e_arm64 as a component of Red Hat OpenShift GitOps 1.14",
"product_id": "8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:589a8d9e59219c7cceafb4c0abc3d0e8e90857a625d9dc6a11c7b3ed92fa509e_arm64"
},
"product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:589a8d9e59219c7cceafb4c0abc3d0e8e90857a625d9dc6a11c7b3ed92fa509e_arm64",
"relates_to_product_reference": "8Base-GitOps-1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:87c02c7ae9f6be6e8159bb23d18d9c6e4625d28a8309e43fa60b51a168266051_amd64 as a component of Red Hat OpenShift GitOps 1.14",
"product_id": "8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:87c02c7ae9f6be6e8159bb23d18d9c6e4625d28a8309e43fa60b51a168266051_amd64"
},
"product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:87c02c7ae9f6be6e8159bb23d18d9c6e4625d28a8309e43fa60b51a168266051_amd64",
"relates_to_product_reference": "8Base-GitOps-1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:e8ab6cd8d0bb3464eb21b54580af300e43bf8b7d5ff66d99eb30abd586c0f198_s390x as a component of Red Hat OpenShift GitOps 1.14",
"product_id": "8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:e8ab6cd8d0bb3464eb21b54580af300e43bf8b7d5ff66d99eb30abd586c0f198_s390x"
},
"product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:e8ab6cd8d0bb3464eb21b54580af300e43bf8b7d5ff66d99eb30abd586c0f198_s390x",
"relates_to_product_reference": "8Base-GitOps-1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel9@sha256:9e0f1ba8a30ad561367651c67f641fd0053f45d17bb175f9f6889f8461bae790_arm64 as a component of Red Hat OpenShift GitOps 1.14",
"product_id": "9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:9e0f1ba8a30ad561367651c67f641fd0053f45d17bb175f9f6889f8461bae790_arm64"
},
"product_reference": "openshift-gitops-1/argocd-rhel9@sha256:9e0f1ba8a30ad561367651c67f641fd0053f45d17bb175f9f6889f8461bae790_arm64",
"relates_to_product_reference": "9Base-GitOps-1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel9@sha256:b7c3bb5d3cbde94a34aa0244bb0362e7069a3de221dec6b8b820c0d235bd76fe_amd64 as a component of Red Hat OpenShift GitOps 1.14",
"product_id": "9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:b7c3bb5d3cbde94a34aa0244bb0362e7069a3de221dec6b8b820c0d235bd76fe_amd64"
},
"product_reference": "openshift-gitops-1/argocd-rhel9@sha256:b7c3bb5d3cbde94a34aa0244bb0362e7069a3de221dec6b8b820c0d235bd76fe_amd64",
"relates_to_product_reference": "9Base-GitOps-1.14"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Bartek Nowotarski"
],
"organization": "nowotarski.info"
}
],
"cve": "CVE-2023-45288",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268273"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a denial of service. It is simple to exploit, could significantly impact availability, and there is not a suitable mitigation for all use cases. Once an attack has ended, the system should return to normal operations on its own.\n\nThis vulnerability only impacts servers which have HTTP/2 enabled. It stems from an imperfect definition of the protocol. As the Go programming language is widely utilized across nearly every major Red Hat offering, a full listing of impacted packages will not be provided. Therefore, the \u201cAffected Packages and Issued Red Hat Security Errata\u201d section contains a simplified list of what offerings need to remediate this vulnerability. Every impacted offering has at least one representative component listed, but potentially not all of them. Rest assured that Red Hat is committed to remediating this vulnerability across our entire portfolio.\n\nMany components are rated as Low impact due to configurations which reduce the attack surface or significantly increase the difficulty of exploitation. A summary of these scenarios are:\n* The container includes a package that provides a vulnerable webserver, but it is not used or running during operation\n* HTTP/2 is disabled by default and is not supported\n* Only a client implementation is provided, which is not vulnerable\n* A vulnerable module (either golang.org/net/http or golang.org/x/net/http2) is included, but disabled\n* Access to a vulnerable server is restricted within the container (loopback only connections)\n* Golang is available in the container but is not used\n\n\nWithin the Red Hat OpenShift Container Platform, the majority of vulnerable components are not externally accessible. This means an attacker must already have access to a container within your environment to exploit this vulnerability. However, the ose-hyperkube (openshift-enterprise-hyperkube) container is externally accessible, so there are less barriers to exploitation. Fixes for this specific container are already available.\n\nWithin Red Hat Ansible Automation Platform, the impacted component is Receptor. The impact has been reduced to Low as the vulnerable code is present, but not utilized. There are three potential exposures within this component:\n* Receptor utilizes QUIC a UDP based protocol which does not run over HTTP/2\n* Receptor utilizes the x/net/ipv4 and ipv6 packages, both of which are not affected",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:23a8aac6d2e009bbba4b0bd7beec63306f0c1509f34d2dd8ab8a611011dc17dd_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:d72734b90db1ce7201a96c524ac571c87a49da09ff4d318f68ae6852c6d16b76_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:dbdb2e380a47e55c12c4c4fea9fc4b69f9073ef00138dd82923dc095250d4db6_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:fdb7dba204200801073ff293ad3842c6ae48b6decafae292729ad7d571e90f19_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:30d63e8254a436279fc5e11c5bf7b62d85502acc221d4207fd70a15e54a7ee16_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:7c537c7cf6a0432646b7ab05ee73e0977f5f3b7b0fd3d6be37c02f9396a1d737_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:cb5b95895261589a9845628f6ba2f0d8bea6bde9908ed8d49c3e4ae24d447f50_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:d238690e3827286b7aba7f7d259ec0aaae1ae3fe923c56b00c742ec8737a7c8c_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:0512fba38410f128d3137fa397281b5ca95b76943dd51fcf78a7feacbb16d96b_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:49d66633f974c5ce83a09bca0a69538271b4991f1e7df4b35e2d7fb2540188f7_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:8dc71e6ebd38cb2e54de2cc2c13717e170944598b206e332d799acb5bd411a40_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:c3c850aa2526b48853e27a808b3565dcfd133770229be259b60fb9286f8f5d2e_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:455f5ae73a9f061ee99f914544abbfef7a5b902179fdaf956802edcee20d767a_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:bd801415cb506c52d03a390323c098c7fa8f99af1895301708d1a0a56f72b215_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:e7f8db64e7c7a2ae31caf2f54c60debc803acacc7f0df18e49c246f3f878557e_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:f32c097916c50ab0718ec75c1bf6ea12abc99b1b29e4cb3ece122fa4112e6a42_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-operator-bundle@sha256:773592dfb9964970f444871a8812e8b74db3f205faaa0bf148defa1a2b87b649_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:57388b8ed2c018728f7efed7d355fa1ac066d19c224a27a7517a2fba01c5d3f6_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:8181401cb43af84059707ab096fa7f0599a251aadc4f7d53bb38098b5e7dd752_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:97603cb305c6ff71a01aef4c494ca4e4b013bb1f55e4a98c99734d57fb03f4f8_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:a3c3733bb827d469b5f51b9804a1515a13f58dd21e9f436bbdd0df280bb49f93_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:8989ea6a8e7cb8a7ef64635fcf28c9b800c9287411071444f8fb358df832fe38_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e7e7dba53756f1053ca385b6c279889c9c87bf05adc604b77619fec12c582f99_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e8b3e42c2ca79b6665920f9a739461f94937e511c2e7ccf60da338460084de0f_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:fa82571fbf077de163d8d56d9d587971f5179740e9455e9e7bd6bc62b0330ba3_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:2e641073b54b27f405def00c4b8731cbf9cdffe2ed8f89c9c29782c18fb55b67_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:78c9599b4298cb6dcb59c871c52bd4b0e135fc03c723fa1d02ce584193ac14c7_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:aa624fcfd4bd94f512dcb1c3e626049f5ab2c7b6babde284c9b800420e315697_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:cec57b21fa14774d14295464b3344c0517f24b72cef6e4360f55fdb350366557_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:0db60917a32763220ae442c97b1e199b1dd0a713db0ae0a8fe11dfe392e9bd63_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:589a8d9e59219c7cceafb4c0abc3d0e8e90857a625d9dc6a11c7b3ed92fa509e_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:87c02c7ae9f6be6e8159bb23d18d9c6e4625d28a8309e43fa60b51a168266051_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:e8ab6cd8d0bb3464eb21b54580af300e43bf8b7d5ff66d99eb30abd586c0f198_s390x",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:9e0f1ba8a30ad561367651c67f641fd0053f45d17bb175f9f6889f8461bae790_arm64",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:b7c3bb5d3cbde94a34aa0244bb0362e7069a3de221dec6b8b820c0d235bd76fe_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "RHBZ#2268273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nowotarski.info/http2-continuation-flood/",
"url": "https://nowotarski.info/http2-continuation-flood/"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2687",
"url": "https://pkg.go.dev/vuln/GO-2024-2687"
},
{
"category": "external",
"summary": "https://www.kb.cert.org/vuls/id/421644",
"url": "https://www.kb.cert.org/vuls/id/421644"
}
],
"release_date": "2024-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-28T20:39:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:23a8aac6d2e009bbba4b0bd7beec63306f0c1509f34d2dd8ab8a611011dc17dd_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:d72734b90db1ce7201a96c524ac571c87a49da09ff4d318f68ae6852c6d16b76_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:dbdb2e380a47e55c12c4c4fea9fc4b69f9073ef00138dd82923dc095250d4db6_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:fdb7dba204200801073ff293ad3842c6ae48b6decafae292729ad7d571e90f19_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:30d63e8254a436279fc5e11c5bf7b62d85502acc221d4207fd70a15e54a7ee16_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:7c537c7cf6a0432646b7ab05ee73e0977f5f3b7b0fd3d6be37c02f9396a1d737_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:cb5b95895261589a9845628f6ba2f0d8bea6bde9908ed8d49c3e4ae24d447f50_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:d238690e3827286b7aba7f7d259ec0aaae1ae3fe923c56b00c742ec8737a7c8c_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:0512fba38410f128d3137fa397281b5ca95b76943dd51fcf78a7feacbb16d96b_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:49d66633f974c5ce83a09bca0a69538271b4991f1e7df4b35e2d7fb2540188f7_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:8dc71e6ebd38cb2e54de2cc2c13717e170944598b206e332d799acb5bd411a40_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:c3c850aa2526b48853e27a808b3565dcfd133770229be259b60fb9286f8f5d2e_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:455f5ae73a9f061ee99f914544abbfef7a5b902179fdaf956802edcee20d767a_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:bd801415cb506c52d03a390323c098c7fa8f99af1895301708d1a0a56f72b215_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:e7f8db64e7c7a2ae31caf2f54c60debc803acacc7f0df18e49c246f3f878557e_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:f32c097916c50ab0718ec75c1bf6ea12abc99b1b29e4cb3ece122fa4112e6a42_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-operator-bundle@sha256:773592dfb9964970f444871a8812e8b74db3f205faaa0bf148defa1a2b87b649_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:57388b8ed2c018728f7efed7d355fa1ac066d19c224a27a7517a2fba01c5d3f6_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:8181401cb43af84059707ab096fa7f0599a251aadc4f7d53bb38098b5e7dd752_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:97603cb305c6ff71a01aef4c494ca4e4b013bb1f55e4a98c99734d57fb03f4f8_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:a3c3733bb827d469b5f51b9804a1515a13f58dd21e9f436bbdd0df280bb49f93_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:8989ea6a8e7cb8a7ef64635fcf28c9b800c9287411071444f8fb358df832fe38_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e7e7dba53756f1053ca385b6c279889c9c87bf05adc604b77619fec12c582f99_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e8b3e42c2ca79b6665920f9a739461f94937e511c2e7ccf60da338460084de0f_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:fa82571fbf077de163d8d56d9d587971f5179740e9455e9e7bd6bc62b0330ba3_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:2e641073b54b27f405def00c4b8731cbf9cdffe2ed8f89c9c29782c18fb55b67_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:78c9599b4298cb6dcb59c871c52bd4b0e135fc03c723fa1d02ce584193ac14c7_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:aa624fcfd4bd94f512dcb1c3e626049f5ab2c7b6babde284c9b800420e315697_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:cec57b21fa14774d14295464b3344c0517f24b72cef6e4360f55fdb350366557_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:0db60917a32763220ae442c97b1e199b1dd0a713db0ae0a8fe11dfe392e9bd63_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:589a8d9e59219c7cceafb4c0abc3d0e8e90857a625d9dc6a11c7b3ed92fa509e_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:87c02c7ae9f6be6e8159bb23d18d9c6e4625d28a8309e43fa60b51a168266051_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:e8ab6cd8d0bb3464eb21b54580af300e43bf8b7d5ff66d99eb30abd586c0f198_s390x",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:9e0f1ba8a30ad561367651c67f641fd0053f45d17bb175f9f6889f8461bae790_arm64",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:b7c3bb5d3cbde94a34aa0244bb0362e7069a3de221dec6b8b820c0d235bd76fe_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8274"
},
{
"category": "workaround",
"details": "In some environments where http/2 support is not required, it may be possible to disable this feature to reduce risk.",
"product_ids": [
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:23a8aac6d2e009bbba4b0bd7beec63306f0c1509f34d2dd8ab8a611011dc17dd_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:d72734b90db1ce7201a96c524ac571c87a49da09ff4d318f68ae6852c6d16b76_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:dbdb2e380a47e55c12c4c4fea9fc4b69f9073ef00138dd82923dc095250d4db6_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:fdb7dba204200801073ff293ad3842c6ae48b6decafae292729ad7d571e90f19_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:30d63e8254a436279fc5e11c5bf7b62d85502acc221d4207fd70a15e54a7ee16_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:7c537c7cf6a0432646b7ab05ee73e0977f5f3b7b0fd3d6be37c02f9396a1d737_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:cb5b95895261589a9845628f6ba2f0d8bea6bde9908ed8d49c3e4ae24d447f50_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:d238690e3827286b7aba7f7d259ec0aaae1ae3fe923c56b00c742ec8737a7c8c_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:0512fba38410f128d3137fa397281b5ca95b76943dd51fcf78a7feacbb16d96b_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:49d66633f974c5ce83a09bca0a69538271b4991f1e7df4b35e2d7fb2540188f7_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:8dc71e6ebd38cb2e54de2cc2c13717e170944598b206e332d799acb5bd411a40_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:c3c850aa2526b48853e27a808b3565dcfd133770229be259b60fb9286f8f5d2e_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:455f5ae73a9f061ee99f914544abbfef7a5b902179fdaf956802edcee20d767a_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:bd801415cb506c52d03a390323c098c7fa8f99af1895301708d1a0a56f72b215_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:e7f8db64e7c7a2ae31caf2f54c60debc803acacc7f0df18e49c246f3f878557e_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:f32c097916c50ab0718ec75c1bf6ea12abc99b1b29e4cb3ece122fa4112e6a42_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-operator-bundle@sha256:773592dfb9964970f444871a8812e8b74db3f205faaa0bf148defa1a2b87b649_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:57388b8ed2c018728f7efed7d355fa1ac066d19c224a27a7517a2fba01c5d3f6_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:8181401cb43af84059707ab096fa7f0599a251aadc4f7d53bb38098b5e7dd752_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:97603cb305c6ff71a01aef4c494ca4e4b013bb1f55e4a98c99734d57fb03f4f8_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:a3c3733bb827d469b5f51b9804a1515a13f58dd21e9f436bbdd0df280bb49f93_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:8989ea6a8e7cb8a7ef64635fcf28c9b800c9287411071444f8fb358df832fe38_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e7e7dba53756f1053ca385b6c279889c9c87bf05adc604b77619fec12c582f99_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e8b3e42c2ca79b6665920f9a739461f94937e511c2e7ccf60da338460084de0f_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:fa82571fbf077de163d8d56d9d587971f5179740e9455e9e7bd6bc62b0330ba3_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:2e641073b54b27f405def00c4b8731cbf9cdffe2ed8f89c9c29782c18fb55b67_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:78c9599b4298cb6dcb59c871c52bd4b0e135fc03c723fa1d02ce584193ac14c7_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:aa624fcfd4bd94f512dcb1c3e626049f5ab2c7b6babde284c9b800420e315697_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:cec57b21fa14774d14295464b3344c0517f24b72cef6e4360f55fdb350366557_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:0db60917a32763220ae442c97b1e199b1dd0a713db0ae0a8fe11dfe392e9bd63_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:589a8d9e59219c7cceafb4c0abc3d0e8e90857a625d9dc6a11c7b3ed92fa509e_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:87c02c7ae9f6be6e8159bb23d18d9c6e4625d28a8309e43fa60b51a168266051_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:e8ab6cd8d0bb3464eb21b54580af300e43bf8b7d5ff66d99eb30abd586c0f198_s390x",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:9e0f1ba8a30ad561367651c67f641fd0053f45d17bb175f9f6889f8461bae790_arm64",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:b7c3bb5d3cbde94a34aa0244bb0362e7069a3de221dec6b8b820c0d235bd76fe_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:23a8aac6d2e009bbba4b0bd7beec63306f0c1509f34d2dd8ab8a611011dc17dd_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:d72734b90db1ce7201a96c524ac571c87a49da09ff4d318f68ae6852c6d16b76_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:dbdb2e380a47e55c12c4c4fea9fc4b69f9073ef00138dd82923dc095250d4db6_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:fdb7dba204200801073ff293ad3842c6ae48b6decafae292729ad7d571e90f19_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:30d63e8254a436279fc5e11c5bf7b62d85502acc221d4207fd70a15e54a7ee16_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:7c537c7cf6a0432646b7ab05ee73e0977f5f3b7b0fd3d6be37c02f9396a1d737_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:cb5b95895261589a9845628f6ba2f0d8bea6bde9908ed8d49c3e4ae24d447f50_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:d238690e3827286b7aba7f7d259ec0aaae1ae3fe923c56b00c742ec8737a7c8c_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:0512fba38410f128d3137fa397281b5ca95b76943dd51fcf78a7feacbb16d96b_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:49d66633f974c5ce83a09bca0a69538271b4991f1e7df4b35e2d7fb2540188f7_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:8dc71e6ebd38cb2e54de2cc2c13717e170944598b206e332d799acb5bd411a40_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:c3c850aa2526b48853e27a808b3565dcfd133770229be259b60fb9286f8f5d2e_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:455f5ae73a9f061ee99f914544abbfef7a5b902179fdaf956802edcee20d767a_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:bd801415cb506c52d03a390323c098c7fa8f99af1895301708d1a0a56f72b215_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:e7f8db64e7c7a2ae31caf2f54c60debc803acacc7f0df18e49c246f3f878557e_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:f32c097916c50ab0718ec75c1bf6ea12abc99b1b29e4cb3ece122fa4112e6a42_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-operator-bundle@sha256:773592dfb9964970f444871a8812e8b74db3f205faaa0bf148defa1a2b87b649_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:57388b8ed2c018728f7efed7d355fa1ac066d19c224a27a7517a2fba01c5d3f6_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:8181401cb43af84059707ab096fa7f0599a251aadc4f7d53bb38098b5e7dd752_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:97603cb305c6ff71a01aef4c494ca4e4b013bb1f55e4a98c99734d57fb03f4f8_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:a3c3733bb827d469b5f51b9804a1515a13f58dd21e9f436bbdd0df280bb49f93_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:8989ea6a8e7cb8a7ef64635fcf28c9b800c9287411071444f8fb358df832fe38_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e7e7dba53756f1053ca385b6c279889c9c87bf05adc604b77619fec12c582f99_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e8b3e42c2ca79b6665920f9a739461f94937e511c2e7ccf60da338460084de0f_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:fa82571fbf077de163d8d56d9d587971f5179740e9455e9e7bd6bc62b0330ba3_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:2e641073b54b27f405def00c4b8731cbf9cdffe2ed8f89c9c29782c18fb55b67_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:78c9599b4298cb6dcb59c871c52bd4b0e135fc03c723fa1d02ce584193ac14c7_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:aa624fcfd4bd94f512dcb1c3e626049f5ab2c7b6babde284c9b800420e315697_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:cec57b21fa14774d14295464b3344c0517f24b72cef6e4360f55fdb350366557_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:0db60917a32763220ae442c97b1e199b1dd0a713db0ae0a8fe11dfe392e9bd63_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:589a8d9e59219c7cceafb4c0abc3d0e8e90857a625d9dc6a11c7b3ed92fa509e_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:87c02c7ae9f6be6e8159bb23d18d9c6e4625d28a8309e43fa60b51a168266051_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:e8ab6cd8d0bb3464eb21b54580af300e43bf8b7d5ff66d99eb30abd586c0f198_s390x",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:9e0f1ba8a30ad561367651c67f641fd0053f45d17bb175f9f6889f8461bae790_arm64",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:b7c3bb5d3cbde94a34aa0244bb0362e7069a3de221dec6b8b820c0d235bd76fe_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS"
},
{
"cve": "CVE-2024-13484",
"cwe": {
"id": "CWE-668",
"name": "Exposure of Resource to Wrong Sphere"
},
"discovery_date": "2024-03-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2269376"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openshift-gitops-operator-container. The openshift.io/cluster-monitoring label is applied to all namespaces that deploy an ArgoCD CR instance, allowing the namespace to create a rogue PrometheusRule. This issue can have adverse effects on the platform monitoring stack, as the rule is rolled out cluster-wide when the label is applied.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openshift-gitops-operator-container: Namespace Isolation Break",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, a local attacker must be logged into the system with admin privileges, limiting the possibility of this issue to be exploited.\nFor this reason, this flaw has been rated with a Moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:23a8aac6d2e009bbba4b0bd7beec63306f0c1509f34d2dd8ab8a611011dc17dd_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:d72734b90db1ce7201a96c524ac571c87a49da09ff4d318f68ae6852c6d16b76_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:dbdb2e380a47e55c12c4c4fea9fc4b69f9073ef00138dd82923dc095250d4db6_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:fdb7dba204200801073ff293ad3842c6ae48b6decafae292729ad7d571e90f19_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:30d63e8254a436279fc5e11c5bf7b62d85502acc221d4207fd70a15e54a7ee16_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:7c537c7cf6a0432646b7ab05ee73e0977f5f3b7b0fd3d6be37c02f9396a1d737_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:cb5b95895261589a9845628f6ba2f0d8bea6bde9908ed8d49c3e4ae24d447f50_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:d238690e3827286b7aba7f7d259ec0aaae1ae3fe923c56b00c742ec8737a7c8c_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:0512fba38410f128d3137fa397281b5ca95b76943dd51fcf78a7feacbb16d96b_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:49d66633f974c5ce83a09bca0a69538271b4991f1e7df4b35e2d7fb2540188f7_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:8dc71e6ebd38cb2e54de2cc2c13717e170944598b206e332d799acb5bd411a40_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:c3c850aa2526b48853e27a808b3565dcfd133770229be259b60fb9286f8f5d2e_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:455f5ae73a9f061ee99f914544abbfef7a5b902179fdaf956802edcee20d767a_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:bd801415cb506c52d03a390323c098c7fa8f99af1895301708d1a0a56f72b215_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:e7f8db64e7c7a2ae31caf2f54c60debc803acacc7f0df18e49c246f3f878557e_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:f32c097916c50ab0718ec75c1bf6ea12abc99b1b29e4cb3ece122fa4112e6a42_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-operator-bundle@sha256:773592dfb9964970f444871a8812e8b74db3f205faaa0bf148defa1a2b87b649_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:57388b8ed2c018728f7efed7d355fa1ac066d19c224a27a7517a2fba01c5d3f6_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:8181401cb43af84059707ab096fa7f0599a251aadc4f7d53bb38098b5e7dd752_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:97603cb305c6ff71a01aef4c494ca4e4b013bb1f55e4a98c99734d57fb03f4f8_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:a3c3733bb827d469b5f51b9804a1515a13f58dd21e9f436bbdd0df280bb49f93_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:8989ea6a8e7cb8a7ef64635fcf28c9b800c9287411071444f8fb358df832fe38_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e7e7dba53756f1053ca385b6c279889c9c87bf05adc604b77619fec12c582f99_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e8b3e42c2ca79b6665920f9a739461f94937e511c2e7ccf60da338460084de0f_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:fa82571fbf077de163d8d56d9d587971f5179740e9455e9e7bd6bc62b0330ba3_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:2e641073b54b27f405def00c4b8731cbf9cdffe2ed8f89c9c29782c18fb55b67_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:78c9599b4298cb6dcb59c871c52bd4b0e135fc03c723fa1d02ce584193ac14c7_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:aa624fcfd4bd94f512dcb1c3e626049f5ab2c7b6babde284c9b800420e315697_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:cec57b21fa14774d14295464b3344c0517f24b72cef6e4360f55fdb350366557_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:0db60917a32763220ae442c97b1e199b1dd0a713db0ae0a8fe11dfe392e9bd63_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:589a8d9e59219c7cceafb4c0abc3d0e8e90857a625d9dc6a11c7b3ed92fa509e_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:87c02c7ae9f6be6e8159bb23d18d9c6e4625d28a8309e43fa60b51a168266051_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:e8ab6cd8d0bb3464eb21b54580af300e43bf8b7d5ff66d99eb30abd586c0f198_s390x",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:9e0f1ba8a30ad561367651c67f641fd0053f45d17bb175f9f6889f8461bae790_arm64",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:b7c3bb5d3cbde94a34aa0244bb0362e7069a3de221dec6b8b820c0d235bd76fe_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-13484"
},
{
"category": "external",
"summary": "RHBZ#2269376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-13484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13484"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-13484",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13484"
}
],
"release_date": "2025-01-28T17:43:15.879000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-28T20:39:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:23a8aac6d2e009bbba4b0bd7beec63306f0c1509f34d2dd8ab8a611011dc17dd_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:d72734b90db1ce7201a96c524ac571c87a49da09ff4d318f68ae6852c6d16b76_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:dbdb2e380a47e55c12c4c4fea9fc4b69f9073ef00138dd82923dc095250d4db6_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:fdb7dba204200801073ff293ad3842c6ae48b6decafae292729ad7d571e90f19_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:30d63e8254a436279fc5e11c5bf7b62d85502acc221d4207fd70a15e54a7ee16_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:7c537c7cf6a0432646b7ab05ee73e0977f5f3b7b0fd3d6be37c02f9396a1d737_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:cb5b95895261589a9845628f6ba2f0d8bea6bde9908ed8d49c3e4ae24d447f50_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:d238690e3827286b7aba7f7d259ec0aaae1ae3fe923c56b00c742ec8737a7c8c_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:0512fba38410f128d3137fa397281b5ca95b76943dd51fcf78a7feacbb16d96b_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:49d66633f974c5ce83a09bca0a69538271b4991f1e7df4b35e2d7fb2540188f7_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:8dc71e6ebd38cb2e54de2cc2c13717e170944598b206e332d799acb5bd411a40_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:c3c850aa2526b48853e27a808b3565dcfd133770229be259b60fb9286f8f5d2e_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:455f5ae73a9f061ee99f914544abbfef7a5b902179fdaf956802edcee20d767a_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:bd801415cb506c52d03a390323c098c7fa8f99af1895301708d1a0a56f72b215_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:e7f8db64e7c7a2ae31caf2f54c60debc803acacc7f0df18e49c246f3f878557e_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:f32c097916c50ab0718ec75c1bf6ea12abc99b1b29e4cb3ece122fa4112e6a42_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-operator-bundle@sha256:773592dfb9964970f444871a8812e8b74db3f205faaa0bf148defa1a2b87b649_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:57388b8ed2c018728f7efed7d355fa1ac066d19c224a27a7517a2fba01c5d3f6_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:8181401cb43af84059707ab096fa7f0599a251aadc4f7d53bb38098b5e7dd752_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:97603cb305c6ff71a01aef4c494ca4e4b013bb1f55e4a98c99734d57fb03f4f8_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:a3c3733bb827d469b5f51b9804a1515a13f58dd21e9f436bbdd0df280bb49f93_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:8989ea6a8e7cb8a7ef64635fcf28c9b800c9287411071444f8fb358df832fe38_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e7e7dba53756f1053ca385b6c279889c9c87bf05adc604b77619fec12c582f99_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e8b3e42c2ca79b6665920f9a739461f94937e511c2e7ccf60da338460084de0f_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:fa82571fbf077de163d8d56d9d587971f5179740e9455e9e7bd6bc62b0330ba3_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:2e641073b54b27f405def00c4b8731cbf9cdffe2ed8f89c9c29782c18fb55b67_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:78c9599b4298cb6dcb59c871c52bd4b0e135fc03c723fa1d02ce584193ac14c7_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:aa624fcfd4bd94f512dcb1c3e626049f5ab2c7b6babde284c9b800420e315697_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:cec57b21fa14774d14295464b3344c0517f24b72cef6e4360f55fdb350366557_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:0db60917a32763220ae442c97b1e199b1dd0a713db0ae0a8fe11dfe392e9bd63_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:589a8d9e59219c7cceafb4c0abc3d0e8e90857a625d9dc6a11c7b3ed92fa509e_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:87c02c7ae9f6be6e8159bb23d18d9c6e4625d28a8309e43fa60b51a168266051_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:e8ab6cd8d0bb3464eb21b54580af300e43bf8b7d5ff66d99eb30abd586c0f198_s390x",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:9e0f1ba8a30ad561367651c67f641fd0053f45d17bb175f9f6889f8461bae790_arm64",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:b7c3bb5d3cbde94a34aa0244bb0362e7069a3de221dec6b8b820c0d235bd76fe_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8274"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:23a8aac6d2e009bbba4b0bd7beec63306f0c1509f34d2dd8ab8a611011dc17dd_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:d72734b90db1ce7201a96c524ac571c87a49da09ff4d318f68ae6852c6d16b76_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:dbdb2e380a47e55c12c4c4fea9fc4b69f9073ef00138dd82923dc095250d4db6_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:fdb7dba204200801073ff293ad3842c6ae48b6decafae292729ad7d571e90f19_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:30d63e8254a436279fc5e11c5bf7b62d85502acc221d4207fd70a15e54a7ee16_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:7c537c7cf6a0432646b7ab05ee73e0977f5f3b7b0fd3d6be37c02f9396a1d737_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:cb5b95895261589a9845628f6ba2f0d8bea6bde9908ed8d49c3e4ae24d447f50_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:d238690e3827286b7aba7f7d259ec0aaae1ae3fe923c56b00c742ec8737a7c8c_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:0512fba38410f128d3137fa397281b5ca95b76943dd51fcf78a7feacbb16d96b_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:49d66633f974c5ce83a09bca0a69538271b4991f1e7df4b35e2d7fb2540188f7_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:8dc71e6ebd38cb2e54de2cc2c13717e170944598b206e332d799acb5bd411a40_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:c3c850aa2526b48853e27a808b3565dcfd133770229be259b60fb9286f8f5d2e_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:455f5ae73a9f061ee99f914544abbfef7a5b902179fdaf956802edcee20d767a_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:bd801415cb506c52d03a390323c098c7fa8f99af1895301708d1a0a56f72b215_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:e7f8db64e7c7a2ae31caf2f54c60debc803acacc7f0df18e49c246f3f878557e_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:f32c097916c50ab0718ec75c1bf6ea12abc99b1b29e4cb3ece122fa4112e6a42_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-operator-bundle@sha256:773592dfb9964970f444871a8812e8b74db3f205faaa0bf148defa1a2b87b649_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:57388b8ed2c018728f7efed7d355fa1ac066d19c224a27a7517a2fba01c5d3f6_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:8181401cb43af84059707ab096fa7f0599a251aadc4f7d53bb38098b5e7dd752_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:97603cb305c6ff71a01aef4c494ca4e4b013bb1f55e4a98c99734d57fb03f4f8_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:a3c3733bb827d469b5f51b9804a1515a13f58dd21e9f436bbdd0df280bb49f93_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:8989ea6a8e7cb8a7ef64635fcf28c9b800c9287411071444f8fb358df832fe38_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e7e7dba53756f1053ca385b6c279889c9c87bf05adc604b77619fec12c582f99_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e8b3e42c2ca79b6665920f9a739461f94937e511c2e7ccf60da338460084de0f_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:fa82571fbf077de163d8d56d9d587971f5179740e9455e9e7bd6bc62b0330ba3_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:2e641073b54b27f405def00c4b8731cbf9cdffe2ed8f89c9c29782c18fb55b67_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:78c9599b4298cb6dcb59c871c52bd4b0e135fc03c723fa1d02ce584193ac14c7_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:aa624fcfd4bd94f512dcb1c3e626049f5ab2c7b6babde284c9b800420e315697_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:cec57b21fa14774d14295464b3344c0517f24b72cef6e4360f55fdb350366557_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:0db60917a32763220ae442c97b1e199b1dd0a713db0ae0a8fe11dfe392e9bd63_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:589a8d9e59219c7cceafb4c0abc3d0e8e90857a625d9dc6a11c7b3ed92fa509e_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:87c02c7ae9f6be6e8159bb23d18d9c6e4625d28a8309e43fa60b51a168266051_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:e8ab6cd8d0bb3464eb21b54580af300e43bf8b7d5ff66d99eb30abd586c0f198_s390x",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:9e0f1ba8a30ad561367651c67f641fd0053f45d17bb175f9f6889f8461bae790_arm64",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:b7c3bb5d3cbde94a34aa0244bb0362e7069a3de221dec6b8b820c0d235bd76fe_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:23a8aac6d2e009bbba4b0bd7beec63306f0c1509f34d2dd8ab8a611011dc17dd_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:d72734b90db1ce7201a96c524ac571c87a49da09ff4d318f68ae6852c6d16b76_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:dbdb2e380a47e55c12c4c4fea9fc4b69f9073ef00138dd82923dc095250d4db6_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:fdb7dba204200801073ff293ad3842c6ae48b6decafae292729ad7d571e90f19_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:30d63e8254a436279fc5e11c5bf7b62d85502acc221d4207fd70a15e54a7ee16_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:7c537c7cf6a0432646b7ab05ee73e0977f5f3b7b0fd3d6be37c02f9396a1d737_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:cb5b95895261589a9845628f6ba2f0d8bea6bde9908ed8d49c3e4ae24d447f50_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:d238690e3827286b7aba7f7d259ec0aaae1ae3fe923c56b00c742ec8737a7c8c_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:0512fba38410f128d3137fa397281b5ca95b76943dd51fcf78a7feacbb16d96b_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:49d66633f974c5ce83a09bca0a69538271b4991f1e7df4b35e2d7fb2540188f7_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:8dc71e6ebd38cb2e54de2cc2c13717e170944598b206e332d799acb5bd411a40_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:c3c850aa2526b48853e27a808b3565dcfd133770229be259b60fb9286f8f5d2e_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:455f5ae73a9f061ee99f914544abbfef7a5b902179fdaf956802edcee20d767a_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:bd801415cb506c52d03a390323c098c7fa8f99af1895301708d1a0a56f72b215_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:e7f8db64e7c7a2ae31caf2f54c60debc803acacc7f0df18e49c246f3f878557e_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:f32c097916c50ab0718ec75c1bf6ea12abc99b1b29e4cb3ece122fa4112e6a42_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-operator-bundle@sha256:773592dfb9964970f444871a8812e8b74db3f205faaa0bf148defa1a2b87b649_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:57388b8ed2c018728f7efed7d355fa1ac066d19c224a27a7517a2fba01c5d3f6_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:8181401cb43af84059707ab096fa7f0599a251aadc4f7d53bb38098b5e7dd752_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:97603cb305c6ff71a01aef4c494ca4e4b013bb1f55e4a98c99734d57fb03f4f8_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:a3c3733bb827d469b5f51b9804a1515a13f58dd21e9f436bbdd0df280bb49f93_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:8989ea6a8e7cb8a7ef64635fcf28c9b800c9287411071444f8fb358df832fe38_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e7e7dba53756f1053ca385b6c279889c9c87bf05adc604b77619fec12c582f99_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e8b3e42c2ca79b6665920f9a739461f94937e511c2e7ccf60da338460084de0f_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:fa82571fbf077de163d8d56d9d587971f5179740e9455e9e7bd6bc62b0330ba3_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:2e641073b54b27f405def00c4b8731cbf9cdffe2ed8f89c9c29782c18fb55b67_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:78c9599b4298cb6dcb59c871c52bd4b0e135fc03c723fa1d02ce584193ac14c7_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:aa624fcfd4bd94f512dcb1c3e626049f5ab2c7b6babde284c9b800420e315697_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:cec57b21fa14774d14295464b3344c0517f24b72cef6e4360f55fdb350366557_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:0db60917a32763220ae442c97b1e199b1dd0a713db0ae0a8fe11dfe392e9bd63_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:589a8d9e59219c7cceafb4c0abc3d0e8e90857a625d9dc6a11c7b3ed92fa509e_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:87c02c7ae9f6be6e8159bb23d18d9c6e4625d28a8309e43fa60b51a168266051_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:e8ab6cd8d0bb3464eb21b54580af300e43bf8b7d5ff66d99eb30abd586c0f198_s390x",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:9e0f1ba8a30ad561367651c67f641fd0053f45d17bb175f9f6889f8461bae790_arm64",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:b7c3bb5d3cbde94a34aa0244bb0362e7069a3de221dec6b8b820c0d235bd76fe_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openshift-gitops-operator-container: Namespace Isolation Break"
},
{
"cve": "CVE-2024-57083",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2025-03-28T21:01:02.993057+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2355865"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in redoc. This vulnerability can allow an attacker to cause a Denial of Service (DoS) via supplying a crafted payload.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "redoc: Prototype Pollution in redoc",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because it allows attackers to exploit a prototype pollution issue in the Module.mergeObjects method by crafting a malicious payload. An attacker can alter the built-in Object.prototype, causing a Denial of Service (DoS) condition, leading to system instability, impacting the availability of the affected system.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:23a8aac6d2e009bbba4b0bd7beec63306f0c1509f34d2dd8ab8a611011dc17dd_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:d72734b90db1ce7201a96c524ac571c87a49da09ff4d318f68ae6852c6d16b76_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:dbdb2e380a47e55c12c4c4fea9fc4b69f9073ef00138dd82923dc095250d4db6_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:fdb7dba204200801073ff293ad3842c6ae48b6decafae292729ad7d571e90f19_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:30d63e8254a436279fc5e11c5bf7b62d85502acc221d4207fd70a15e54a7ee16_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:7c537c7cf6a0432646b7ab05ee73e0977f5f3b7b0fd3d6be37c02f9396a1d737_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:cb5b95895261589a9845628f6ba2f0d8bea6bde9908ed8d49c3e4ae24d447f50_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:d238690e3827286b7aba7f7d259ec0aaae1ae3fe923c56b00c742ec8737a7c8c_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:0512fba38410f128d3137fa397281b5ca95b76943dd51fcf78a7feacbb16d96b_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:49d66633f974c5ce83a09bca0a69538271b4991f1e7df4b35e2d7fb2540188f7_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:8dc71e6ebd38cb2e54de2cc2c13717e170944598b206e332d799acb5bd411a40_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:c3c850aa2526b48853e27a808b3565dcfd133770229be259b60fb9286f8f5d2e_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:455f5ae73a9f061ee99f914544abbfef7a5b902179fdaf956802edcee20d767a_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:bd801415cb506c52d03a390323c098c7fa8f99af1895301708d1a0a56f72b215_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:e7f8db64e7c7a2ae31caf2f54c60debc803acacc7f0df18e49c246f3f878557e_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:f32c097916c50ab0718ec75c1bf6ea12abc99b1b29e4cb3ece122fa4112e6a42_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-operator-bundle@sha256:773592dfb9964970f444871a8812e8b74db3f205faaa0bf148defa1a2b87b649_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:57388b8ed2c018728f7efed7d355fa1ac066d19c224a27a7517a2fba01c5d3f6_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:8181401cb43af84059707ab096fa7f0599a251aadc4f7d53bb38098b5e7dd752_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:97603cb305c6ff71a01aef4c494ca4e4b013bb1f55e4a98c99734d57fb03f4f8_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:a3c3733bb827d469b5f51b9804a1515a13f58dd21e9f436bbdd0df280bb49f93_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:8989ea6a8e7cb8a7ef64635fcf28c9b800c9287411071444f8fb358df832fe38_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e7e7dba53756f1053ca385b6c279889c9c87bf05adc604b77619fec12c582f99_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e8b3e42c2ca79b6665920f9a739461f94937e511c2e7ccf60da338460084de0f_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:fa82571fbf077de163d8d56d9d587971f5179740e9455e9e7bd6bc62b0330ba3_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:2e641073b54b27f405def00c4b8731cbf9cdffe2ed8f89c9c29782c18fb55b67_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:78c9599b4298cb6dcb59c871c52bd4b0e135fc03c723fa1d02ce584193ac14c7_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:aa624fcfd4bd94f512dcb1c3e626049f5ab2c7b6babde284c9b800420e315697_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:cec57b21fa14774d14295464b3344c0517f24b72cef6e4360f55fdb350366557_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:0db60917a32763220ae442c97b1e199b1dd0a713db0ae0a8fe11dfe392e9bd63_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:589a8d9e59219c7cceafb4c0abc3d0e8e90857a625d9dc6a11c7b3ed92fa509e_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:87c02c7ae9f6be6e8159bb23d18d9c6e4625d28a8309e43fa60b51a168266051_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:e8ab6cd8d0bb3464eb21b54580af300e43bf8b7d5ff66d99eb30abd586c0f198_s390x",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:9e0f1ba8a30ad561367651c67f641fd0053f45d17bb175f9f6889f8461bae790_arm64",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:b7c3bb5d3cbde94a34aa0244bb0362e7069a3de221dec6b8b820c0d235bd76fe_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-57083"
},
{
"category": "external",
"summary": "RHBZ#2355865",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355865"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-57083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57083"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-57083",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57083"
},
{
"category": "external",
"summary": "https://github.com/Redocly/redoc/issues/2499",
"url": "https://github.com/Redocly/redoc/issues/2499"
}
],
"release_date": "2025-03-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-28T20:39:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:23a8aac6d2e009bbba4b0bd7beec63306f0c1509f34d2dd8ab8a611011dc17dd_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:d72734b90db1ce7201a96c524ac571c87a49da09ff4d318f68ae6852c6d16b76_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:dbdb2e380a47e55c12c4c4fea9fc4b69f9073ef00138dd82923dc095250d4db6_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:fdb7dba204200801073ff293ad3842c6ae48b6decafae292729ad7d571e90f19_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:30d63e8254a436279fc5e11c5bf7b62d85502acc221d4207fd70a15e54a7ee16_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:7c537c7cf6a0432646b7ab05ee73e0977f5f3b7b0fd3d6be37c02f9396a1d737_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:cb5b95895261589a9845628f6ba2f0d8bea6bde9908ed8d49c3e4ae24d447f50_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:d238690e3827286b7aba7f7d259ec0aaae1ae3fe923c56b00c742ec8737a7c8c_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:0512fba38410f128d3137fa397281b5ca95b76943dd51fcf78a7feacbb16d96b_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:49d66633f974c5ce83a09bca0a69538271b4991f1e7df4b35e2d7fb2540188f7_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:8dc71e6ebd38cb2e54de2cc2c13717e170944598b206e332d799acb5bd411a40_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:c3c850aa2526b48853e27a808b3565dcfd133770229be259b60fb9286f8f5d2e_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:455f5ae73a9f061ee99f914544abbfef7a5b902179fdaf956802edcee20d767a_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:bd801415cb506c52d03a390323c098c7fa8f99af1895301708d1a0a56f72b215_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:e7f8db64e7c7a2ae31caf2f54c60debc803acacc7f0df18e49c246f3f878557e_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:f32c097916c50ab0718ec75c1bf6ea12abc99b1b29e4cb3ece122fa4112e6a42_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-operator-bundle@sha256:773592dfb9964970f444871a8812e8b74db3f205faaa0bf148defa1a2b87b649_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:57388b8ed2c018728f7efed7d355fa1ac066d19c224a27a7517a2fba01c5d3f6_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:8181401cb43af84059707ab096fa7f0599a251aadc4f7d53bb38098b5e7dd752_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:97603cb305c6ff71a01aef4c494ca4e4b013bb1f55e4a98c99734d57fb03f4f8_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:a3c3733bb827d469b5f51b9804a1515a13f58dd21e9f436bbdd0df280bb49f93_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:8989ea6a8e7cb8a7ef64635fcf28c9b800c9287411071444f8fb358df832fe38_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e7e7dba53756f1053ca385b6c279889c9c87bf05adc604b77619fec12c582f99_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e8b3e42c2ca79b6665920f9a739461f94937e511c2e7ccf60da338460084de0f_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:fa82571fbf077de163d8d56d9d587971f5179740e9455e9e7bd6bc62b0330ba3_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:2e641073b54b27f405def00c4b8731cbf9cdffe2ed8f89c9c29782c18fb55b67_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:78c9599b4298cb6dcb59c871c52bd4b0e135fc03c723fa1d02ce584193ac14c7_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:aa624fcfd4bd94f512dcb1c3e626049f5ab2c7b6babde284c9b800420e315697_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:cec57b21fa14774d14295464b3344c0517f24b72cef6e4360f55fdb350366557_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:0db60917a32763220ae442c97b1e199b1dd0a713db0ae0a8fe11dfe392e9bd63_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:589a8d9e59219c7cceafb4c0abc3d0e8e90857a625d9dc6a11c7b3ed92fa509e_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:87c02c7ae9f6be6e8159bb23d18d9c6e4625d28a8309e43fa60b51a168266051_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:e8ab6cd8d0bb3464eb21b54580af300e43bf8b7d5ff66d99eb30abd586c0f198_s390x",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:9e0f1ba8a30ad561367651c67f641fd0053f45d17bb175f9f6889f8461bae790_arm64",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:b7c3bb5d3cbde94a34aa0244bb0362e7069a3de221dec6b8b820c0d235bd76fe_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8274"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:23a8aac6d2e009bbba4b0bd7beec63306f0c1509f34d2dd8ab8a611011dc17dd_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:d72734b90db1ce7201a96c524ac571c87a49da09ff4d318f68ae6852c6d16b76_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:dbdb2e380a47e55c12c4c4fea9fc4b69f9073ef00138dd82923dc095250d4db6_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:fdb7dba204200801073ff293ad3842c6ae48b6decafae292729ad7d571e90f19_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:30d63e8254a436279fc5e11c5bf7b62d85502acc221d4207fd70a15e54a7ee16_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:7c537c7cf6a0432646b7ab05ee73e0977f5f3b7b0fd3d6be37c02f9396a1d737_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:cb5b95895261589a9845628f6ba2f0d8bea6bde9908ed8d49c3e4ae24d447f50_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:d238690e3827286b7aba7f7d259ec0aaae1ae3fe923c56b00c742ec8737a7c8c_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:0512fba38410f128d3137fa397281b5ca95b76943dd51fcf78a7feacbb16d96b_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:49d66633f974c5ce83a09bca0a69538271b4991f1e7df4b35e2d7fb2540188f7_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:8dc71e6ebd38cb2e54de2cc2c13717e170944598b206e332d799acb5bd411a40_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:c3c850aa2526b48853e27a808b3565dcfd133770229be259b60fb9286f8f5d2e_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:455f5ae73a9f061ee99f914544abbfef7a5b902179fdaf956802edcee20d767a_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:bd801415cb506c52d03a390323c098c7fa8f99af1895301708d1a0a56f72b215_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:e7f8db64e7c7a2ae31caf2f54c60debc803acacc7f0df18e49c246f3f878557e_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:f32c097916c50ab0718ec75c1bf6ea12abc99b1b29e4cb3ece122fa4112e6a42_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-operator-bundle@sha256:773592dfb9964970f444871a8812e8b74db3f205faaa0bf148defa1a2b87b649_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:57388b8ed2c018728f7efed7d355fa1ac066d19c224a27a7517a2fba01c5d3f6_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:8181401cb43af84059707ab096fa7f0599a251aadc4f7d53bb38098b5e7dd752_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:97603cb305c6ff71a01aef4c494ca4e4b013bb1f55e4a98c99734d57fb03f4f8_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:a3c3733bb827d469b5f51b9804a1515a13f58dd21e9f436bbdd0df280bb49f93_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:8989ea6a8e7cb8a7ef64635fcf28c9b800c9287411071444f8fb358df832fe38_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e7e7dba53756f1053ca385b6c279889c9c87bf05adc604b77619fec12c582f99_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e8b3e42c2ca79b6665920f9a739461f94937e511c2e7ccf60da338460084de0f_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:fa82571fbf077de163d8d56d9d587971f5179740e9455e9e7bd6bc62b0330ba3_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:2e641073b54b27f405def00c4b8731cbf9cdffe2ed8f89c9c29782c18fb55b67_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:78c9599b4298cb6dcb59c871c52bd4b0e135fc03c723fa1d02ce584193ac14c7_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:aa624fcfd4bd94f512dcb1c3e626049f5ab2c7b6babde284c9b800420e315697_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:cec57b21fa14774d14295464b3344c0517f24b72cef6e4360f55fdb350366557_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:0db60917a32763220ae442c97b1e199b1dd0a713db0ae0a8fe11dfe392e9bd63_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:589a8d9e59219c7cceafb4c0abc3d0e8e90857a625d9dc6a11c7b3ed92fa509e_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:87c02c7ae9f6be6e8159bb23d18d9c6e4625d28a8309e43fa60b51a168266051_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:e8ab6cd8d0bb3464eb21b54580af300e43bf8b7d5ff66d99eb30abd586c0f198_s390x",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:9e0f1ba8a30ad561367651c67f641fd0053f45d17bb175f9f6889f8461bae790_arm64",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:b7c3bb5d3cbde94a34aa0244bb0362e7069a3de221dec6b8b820c0d235bd76fe_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "redoc: Prototype Pollution in redoc"
},
{
"acknowledgments": [
{
"names": [
"jub0bs"
]
}
],
"cve": "CVE-2025-22868",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-02-26T04:00:44.350024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, \".\")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:23a8aac6d2e009bbba4b0bd7beec63306f0c1509f34d2dd8ab8a611011dc17dd_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:d72734b90db1ce7201a96c524ac571c87a49da09ff4d318f68ae6852c6d16b76_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:dbdb2e380a47e55c12c4c4fea9fc4b69f9073ef00138dd82923dc095250d4db6_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:fdb7dba204200801073ff293ad3842c6ae48b6decafae292729ad7d571e90f19_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:30d63e8254a436279fc5e11c5bf7b62d85502acc221d4207fd70a15e54a7ee16_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:7c537c7cf6a0432646b7ab05ee73e0977f5f3b7b0fd3d6be37c02f9396a1d737_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:cb5b95895261589a9845628f6ba2f0d8bea6bde9908ed8d49c3e4ae24d447f50_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:d238690e3827286b7aba7f7d259ec0aaae1ae3fe923c56b00c742ec8737a7c8c_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:0512fba38410f128d3137fa397281b5ca95b76943dd51fcf78a7feacbb16d96b_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:49d66633f974c5ce83a09bca0a69538271b4991f1e7df4b35e2d7fb2540188f7_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:8dc71e6ebd38cb2e54de2cc2c13717e170944598b206e332d799acb5bd411a40_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:c3c850aa2526b48853e27a808b3565dcfd133770229be259b60fb9286f8f5d2e_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:455f5ae73a9f061ee99f914544abbfef7a5b902179fdaf956802edcee20d767a_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:bd801415cb506c52d03a390323c098c7fa8f99af1895301708d1a0a56f72b215_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:e7f8db64e7c7a2ae31caf2f54c60debc803acacc7f0df18e49c246f3f878557e_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:f32c097916c50ab0718ec75c1bf6ea12abc99b1b29e4cb3ece122fa4112e6a42_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-operator-bundle@sha256:773592dfb9964970f444871a8812e8b74db3f205faaa0bf148defa1a2b87b649_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:57388b8ed2c018728f7efed7d355fa1ac066d19c224a27a7517a2fba01c5d3f6_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:8181401cb43af84059707ab096fa7f0599a251aadc4f7d53bb38098b5e7dd752_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:97603cb305c6ff71a01aef4c494ca4e4b013bb1f55e4a98c99734d57fb03f4f8_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:a3c3733bb827d469b5f51b9804a1515a13f58dd21e9f436bbdd0df280bb49f93_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:8989ea6a8e7cb8a7ef64635fcf28c9b800c9287411071444f8fb358df832fe38_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e7e7dba53756f1053ca385b6c279889c9c87bf05adc604b77619fec12c582f99_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e8b3e42c2ca79b6665920f9a739461f94937e511c2e7ccf60da338460084de0f_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:fa82571fbf077de163d8d56d9d587971f5179740e9455e9e7bd6bc62b0330ba3_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:2e641073b54b27f405def00c4b8731cbf9cdffe2ed8f89c9c29782c18fb55b67_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:78c9599b4298cb6dcb59c871c52bd4b0e135fc03c723fa1d02ce584193ac14c7_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:aa624fcfd4bd94f512dcb1c3e626049f5ab2c7b6babde284c9b800420e315697_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:cec57b21fa14774d14295464b3344c0517f24b72cef6e4360f55fdb350366557_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:0db60917a32763220ae442c97b1e199b1dd0a713db0ae0a8fe11dfe392e9bd63_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:589a8d9e59219c7cceafb4c0abc3d0e8e90857a625d9dc6a11c7b3ed92fa509e_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:87c02c7ae9f6be6e8159bb23d18d9c6e4625d28a8309e43fa60b51a168266051_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:e8ab6cd8d0bb3464eb21b54580af300e43bf8b7d5ff66d99eb30abd586c0f198_s390x",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:9e0f1ba8a30ad561367651c67f641fd0053f45d17bb175f9f6889f8461bae790_arm64",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:b7c3bb5d3cbde94a34aa0244bb0362e7069a3de221dec6b8b820c0d235bd76fe_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "RHBZ#2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://go.dev/cl/652155",
"url": "https://go.dev/cl/652155"
},
{
"category": "external",
"summary": "https://go.dev/issue/71490",
"url": "https://go.dev/issue/71490"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3488",
"url": "https://pkg.go.dev/vuln/GO-2025-3488"
}
],
"release_date": "2025-02-26T03:07:49.012000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-28T20:39:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:23a8aac6d2e009bbba4b0bd7beec63306f0c1509f34d2dd8ab8a611011dc17dd_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:d72734b90db1ce7201a96c524ac571c87a49da09ff4d318f68ae6852c6d16b76_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:dbdb2e380a47e55c12c4c4fea9fc4b69f9073ef00138dd82923dc095250d4db6_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:fdb7dba204200801073ff293ad3842c6ae48b6decafae292729ad7d571e90f19_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:30d63e8254a436279fc5e11c5bf7b62d85502acc221d4207fd70a15e54a7ee16_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:7c537c7cf6a0432646b7ab05ee73e0977f5f3b7b0fd3d6be37c02f9396a1d737_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:cb5b95895261589a9845628f6ba2f0d8bea6bde9908ed8d49c3e4ae24d447f50_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:d238690e3827286b7aba7f7d259ec0aaae1ae3fe923c56b00c742ec8737a7c8c_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:0512fba38410f128d3137fa397281b5ca95b76943dd51fcf78a7feacbb16d96b_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:49d66633f974c5ce83a09bca0a69538271b4991f1e7df4b35e2d7fb2540188f7_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:8dc71e6ebd38cb2e54de2cc2c13717e170944598b206e332d799acb5bd411a40_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:c3c850aa2526b48853e27a808b3565dcfd133770229be259b60fb9286f8f5d2e_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:455f5ae73a9f061ee99f914544abbfef7a5b902179fdaf956802edcee20d767a_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:bd801415cb506c52d03a390323c098c7fa8f99af1895301708d1a0a56f72b215_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:e7f8db64e7c7a2ae31caf2f54c60debc803acacc7f0df18e49c246f3f878557e_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:f32c097916c50ab0718ec75c1bf6ea12abc99b1b29e4cb3ece122fa4112e6a42_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-operator-bundle@sha256:773592dfb9964970f444871a8812e8b74db3f205faaa0bf148defa1a2b87b649_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:57388b8ed2c018728f7efed7d355fa1ac066d19c224a27a7517a2fba01c5d3f6_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:8181401cb43af84059707ab096fa7f0599a251aadc4f7d53bb38098b5e7dd752_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:97603cb305c6ff71a01aef4c494ca4e4b013bb1f55e4a98c99734d57fb03f4f8_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:a3c3733bb827d469b5f51b9804a1515a13f58dd21e9f436bbdd0df280bb49f93_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:8989ea6a8e7cb8a7ef64635fcf28c9b800c9287411071444f8fb358df832fe38_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e7e7dba53756f1053ca385b6c279889c9c87bf05adc604b77619fec12c582f99_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e8b3e42c2ca79b6665920f9a739461f94937e511c2e7ccf60da338460084de0f_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:fa82571fbf077de163d8d56d9d587971f5179740e9455e9e7bd6bc62b0330ba3_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:2e641073b54b27f405def00c4b8731cbf9cdffe2ed8f89c9c29782c18fb55b67_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:78c9599b4298cb6dcb59c871c52bd4b0e135fc03c723fa1d02ce584193ac14c7_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:aa624fcfd4bd94f512dcb1c3e626049f5ab2c7b6babde284c9b800420e315697_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:cec57b21fa14774d14295464b3344c0517f24b72cef6e4360f55fdb350366557_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:0db60917a32763220ae442c97b1e199b1dd0a713db0ae0a8fe11dfe392e9bd63_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:589a8d9e59219c7cceafb4c0abc3d0e8e90857a625d9dc6a11c7b3ed92fa509e_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:87c02c7ae9f6be6e8159bb23d18d9c6e4625d28a8309e43fa60b51a168266051_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:e8ab6cd8d0bb3464eb21b54580af300e43bf8b7d5ff66d99eb30abd586c0f198_s390x",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:9e0f1ba8a30ad561367651c67f641fd0053f45d17bb175f9f6889f8461bae790_arm64",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:b7c3bb5d3cbde94a34aa0244bb0362e7069a3de221dec6b8b820c0d235bd76fe_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8274"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.",
"product_ids": [
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:23a8aac6d2e009bbba4b0bd7beec63306f0c1509f34d2dd8ab8a611011dc17dd_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:d72734b90db1ce7201a96c524ac571c87a49da09ff4d318f68ae6852c6d16b76_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:dbdb2e380a47e55c12c4c4fea9fc4b69f9073ef00138dd82923dc095250d4db6_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:fdb7dba204200801073ff293ad3842c6ae48b6decafae292729ad7d571e90f19_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:30d63e8254a436279fc5e11c5bf7b62d85502acc221d4207fd70a15e54a7ee16_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:7c537c7cf6a0432646b7ab05ee73e0977f5f3b7b0fd3d6be37c02f9396a1d737_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:cb5b95895261589a9845628f6ba2f0d8bea6bde9908ed8d49c3e4ae24d447f50_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:d238690e3827286b7aba7f7d259ec0aaae1ae3fe923c56b00c742ec8737a7c8c_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:0512fba38410f128d3137fa397281b5ca95b76943dd51fcf78a7feacbb16d96b_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:49d66633f974c5ce83a09bca0a69538271b4991f1e7df4b35e2d7fb2540188f7_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:8dc71e6ebd38cb2e54de2cc2c13717e170944598b206e332d799acb5bd411a40_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:c3c850aa2526b48853e27a808b3565dcfd133770229be259b60fb9286f8f5d2e_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:455f5ae73a9f061ee99f914544abbfef7a5b902179fdaf956802edcee20d767a_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:bd801415cb506c52d03a390323c098c7fa8f99af1895301708d1a0a56f72b215_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:e7f8db64e7c7a2ae31caf2f54c60debc803acacc7f0df18e49c246f3f878557e_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:f32c097916c50ab0718ec75c1bf6ea12abc99b1b29e4cb3ece122fa4112e6a42_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-operator-bundle@sha256:773592dfb9964970f444871a8812e8b74db3f205faaa0bf148defa1a2b87b649_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:57388b8ed2c018728f7efed7d355fa1ac066d19c224a27a7517a2fba01c5d3f6_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:8181401cb43af84059707ab096fa7f0599a251aadc4f7d53bb38098b5e7dd752_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:97603cb305c6ff71a01aef4c494ca4e4b013bb1f55e4a98c99734d57fb03f4f8_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:a3c3733bb827d469b5f51b9804a1515a13f58dd21e9f436bbdd0df280bb49f93_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:8989ea6a8e7cb8a7ef64635fcf28c9b800c9287411071444f8fb358df832fe38_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e7e7dba53756f1053ca385b6c279889c9c87bf05adc604b77619fec12c582f99_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e8b3e42c2ca79b6665920f9a739461f94937e511c2e7ccf60da338460084de0f_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:fa82571fbf077de163d8d56d9d587971f5179740e9455e9e7bd6bc62b0330ba3_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:2e641073b54b27f405def00c4b8731cbf9cdffe2ed8f89c9c29782c18fb55b67_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:78c9599b4298cb6dcb59c871c52bd4b0e135fc03c723fa1d02ce584193ac14c7_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:aa624fcfd4bd94f512dcb1c3e626049f5ab2c7b6babde284c9b800420e315697_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:cec57b21fa14774d14295464b3344c0517f24b72cef6e4360f55fdb350366557_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:0db60917a32763220ae442c97b1e199b1dd0a713db0ae0a8fe11dfe392e9bd63_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:589a8d9e59219c7cceafb4c0abc3d0e8e90857a625d9dc6a11c7b3ed92fa509e_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:87c02c7ae9f6be6e8159bb23d18d9c6e4625d28a8309e43fa60b51a168266051_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:e8ab6cd8d0bb3464eb21b54580af300e43bf8b7d5ff66d99eb30abd586c0f198_s390x",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:9e0f1ba8a30ad561367651c67f641fd0053f45d17bb175f9f6889f8461bae790_arm64",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:b7c3bb5d3cbde94a34aa0244bb0362e7069a3de221dec6b8b820c0d235bd76fe_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:23a8aac6d2e009bbba4b0bd7beec63306f0c1509f34d2dd8ab8a611011dc17dd_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:d72734b90db1ce7201a96c524ac571c87a49da09ff4d318f68ae6852c6d16b76_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:dbdb2e380a47e55c12c4c4fea9fc4b69f9073ef00138dd82923dc095250d4db6_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:fdb7dba204200801073ff293ad3842c6ae48b6decafae292729ad7d571e90f19_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:30d63e8254a436279fc5e11c5bf7b62d85502acc221d4207fd70a15e54a7ee16_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:7c537c7cf6a0432646b7ab05ee73e0977f5f3b7b0fd3d6be37c02f9396a1d737_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:cb5b95895261589a9845628f6ba2f0d8bea6bde9908ed8d49c3e4ae24d447f50_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:d238690e3827286b7aba7f7d259ec0aaae1ae3fe923c56b00c742ec8737a7c8c_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:0512fba38410f128d3137fa397281b5ca95b76943dd51fcf78a7feacbb16d96b_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:49d66633f974c5ce83a09bca0a69538271b4991f1e7df4b35e2d7fb2540188f7_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:8dc71e6ebd38cb2e54de2cc2c13717e170944598b206e332d799acb5bd411a40_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:c3c850aa2526b48853e27a808b3565dcfd133770229be259b60fb9286f8f5d2e_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:455f5ae73a9f061ee99f914544abbfef7a5b902179fdaf956802edcee20d767a_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:bd801415cb506c52d03a390323c098c7fa8f99af1895301708d1a0a56f72b215_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:e7f8db64e7c7a2ae31caf2f54c60debc803acacc7f0df18e49c246f3f878557e_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:f32c097916c50ab0718ec75c1bf6ea12abc99b1b29e4cb3ece122fa4112e6a42_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-operator-bundle@sha256:773592dfb9964970f444871a8812e8b74db3f205faaa0bf148defa1a2b87b649_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:57388b8ed2c018728f7efed7d355fa1ac066d19c224a27a7517a2fba01c5d3f6_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:8181401cb43af84059707ab096fa7f0599a251aadc4f7d53bb38098b5e7dd752_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:97603cb305c6ff71a01aef4c494ca4e4b013bb1f55e4a98c99734d57fb03f4f8_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:a3c3733bb827d469b5f51b9804a1515a13f58dd21e9f436bbdd0df280bb49f93_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:8989ea6a8e7cb8a7ef64635fcf28c9b800c9287411071444f8fb358df832fe38_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e7e7dba53756f1053ca385b6c279889c9c87bf05adc604b77619fec12c582f99_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e8b3e42c2ca79b6665920f9a739461f94937e511c2e7ccf60da338460084de0f_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:fa82571fbf077de163d8d56d9d587971f5179740e9455e9e7bd6bc62b0330ba3_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:2e641073b54b27f405def00c4b8731cbf9cdffe2ed8f89c9c29782c18fb55b67_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:78c9599b4298cb6dcb59c871c52bd4b0e135fc03c723fa1d02ce584193ac14c7_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:aa624fcfd4bd94f512dcb1c3e626049f5ab2c7b6babde284c9b800420e315697_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:cec57b21fa14774d14295464b3344c0517f24b72cef6e4360f55fdb350366557_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:0db60917a32763220ae442c97b1e199b1dd0a713db0ae0a8fe11dfe392e9bd63_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:589a8d9e59219c7cceafb4c0abc3d0e8e90857a625d9dc6a11c7b3ed92fa509e_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:87c02c7ae9f6be6e8159bb23d18d9c6e4625d28a8309e43fa60b51a168266051_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:e8ab6cd8d0bb3464eb21b54580af300e43bf8b7d5ff66d99eb30abd586c0f198_s390x",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:9e0f1ba8a30ad561367651c67f641fd0053f45d17bb175f9f6889f8461bae790_arm64",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:b7c3bb5d3cbde94a34aa0244bb0362e7069a3de221dec6b8b820c0d235bd76fe_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws"
},
{
"cve": "CVE-2025-22869",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-02-26T04:00:47.683125+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348367"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While this flaw affects both SSH clients and servers implemented with golang.org/x/crypto/ssh, realistically the flaw will only lead to a DoS when transferring large files, greatly reducing the likelihood of exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:23a8aac6d2e009bbba4b0bd7beec63306f0c1509f34d2dd8ab8a611011dc17dd_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:d72734b90db1ce7201a96c524ac571c87a49da09ff4d318f68ae6852c6d16b76_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:dbdb2e380a47e55c12c4c4fea9fc4b69f9073ef00138dd82923dc095250d4db6_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:fdb7dba204200801073ff293ad3842c6ae48b6decafae292729ad7d571e90f19_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:30d63e8254a436279fc5e11c5bf7b62d85502acc221d4207fd70a15e54a7ee16_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:7c537c7cf6a0432646b7ab05ee73e0977f5f3b7b0fd3d6be37c02f9396a1d737_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:cb5b95895261589a9845628f6ba2f0d8bea6bde9908ed8d49c3e4ae24d447f50_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:d238690e3827286b7aba7f7d259ec0aaae1ae3fe923c56b00c742ec8737a7c8c_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:0512fba38410f128d3137fa397281b5ca95b76943dd51fcf78a7feacbb16d96b_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:49d66633f974c5ce83a09bca0a69538271b4991f1e7df4b35e2d7fb2540188f7_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:8dc71e6ebd38cb2e54de2cc2c13717e170944598b206e332d799acb5bd411a40_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:c3c850aa2526b48853e27a808b3565dcfd133770229be259b60fb9286f8f5d2e_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:455f5ae73a9f061ee99f914544abbfef7a5b902179fdaf956802edcee20d767a_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:bd801415cb506c52d03a390323c098c7fa8f99af1895301708d1a0a56f72b215_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:e7f8db64e7c7a2ae31caf2f54c60debc803acacc7f0df18e49c246f3f878557e_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:f32c097916c50ab0718ec75c1bf6ea12abc99b1b29e4cb3ece122fa4112e6a42_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-operator-bundle@sha256:773592dfb9964970f444871a8812e8b74db3f205faaa0bf148defa1a2b87b649_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:57388b8ed2c018728f7efed7d355fa1ac066d19c224a27a7517a2fba01c5d3f6_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:8181401cb43af84059707ab096fa7f0599a251aadc4f7d53bb38098b5e7dd752_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:97603cb305c6ff71a01aef4c494ca4e4b013bb1f55e4a98c99734d57fb03f4f8_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:a3c3733bb827d469b5f51b9804a1515a13f58dd21e9f436bbdd0df280bb49f93_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:8989ea6a8e7cb8a7ef64635fcf28c9b800c9287411071444f8fb358df832fe38_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e7e7dba53756f1053ca385b6c279889c9c87bf05adc604b77619fec12c582f99_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e8b3e42c2ca79b6665920f9a739461f94937e511c2e7ccf60da338460084de0f_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:fa82571fbf077de163d8d56d9d587971f5179740e9455e9e7bd6bc62b0330ba3_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:2e641073b54b27f405def00c4b8731cbf9cdffe2ed8f89c9c29782c18fb55b67_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:78c9599b4298cb6dcb59c871c52bd4b0e135fc03c723fa1d02ce584193ac14c7_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:aa624fcfd4bd94f512dcb1c3e626049f5ab2c7b6babde284c9b800420e315697_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:cec57b21fa14774d14295464b3344c0517f24b72cef6e4360f55fdb350366557_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:0db60917a32763220ae442c97b1e199b1dd0a713db0ae0a8fe11dfe392e9bd63_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:589a8d9e59219c7cceafb4c0abc3d0e8e90857a625d9dc6a11c7b3ed92fa509e_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:87c02c7ae9f6be6e8159bb23d18d9c6e4625d28a8309e43fa60b51a168266051_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:e8ab6cd8d0bb3464eb21b54580af300e43bf8b7d5ff66d99eb30abd586c0f198_s390x",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:9e0f1ba8a30ad561367651c67f641fd0053f45d17bb175f9f6889f8461bae790_arm64",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:b7c3bb5d3cbde94a34aa0244bb0362e7069a3de221dec6b8b820c0d235bd76fe_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "RHBZ#2348367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348367"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869"
},
{
"category": "external",
"summary": "https://go.dev/cl/652135",
"url": "https://go.dev/cl/652135"
},
{
"category": "external",
"summary": "https://go.dev/issue/71931",
"url": "https://go.dev/issue/71931"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3487",
"url": "https://pkg.go.dev/vuln/GO-2025-3487"
}
],
"release_date": "2025-02-26T03:07:48.855000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-28T20:39:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:23a8aac6d2e009bbba4b0bd7beec63306f0c1509f34d2dd8ab8a611011dc17dd_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:d72734b90db1ce7201a96c524ac571c87a49da09ff4d318f68ae6852c6d16b76_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:dbdb2e380a47e55c12c4c4fea9fc4b69f9073ef00138dd82923dc095250d4db6_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:fdb7dba204200801073ff293ad3842c6ae48b6decafae292729ad7d571e90f19_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:30d63e8254a436279fc5e11c5bf7b62d85502acc221d4207fd70a15e54a7ee16_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:7c537c7cf6a0432646b7ab05ee73e0977f5f3b7b0fd3d6be37c02f9396a1d737_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:cb5b95895261589a9845628f6ba2f0d8bea6bde9908ed8d49c3e4ae24d447f50_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:d238690e3827286b7aba7f7d259ec0aaae1ae3fe923c56b00c742ec8737a7c8c_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:0512fba38410f128d3137fa397281b5ca95b76943dd51fcf78a7feacbb16d96b_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:49d66633f974c5ce83a09bca0a69538271b4991f1e7df4b35e2d7fb2540188f7_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:8dc71e6ebd38cb2e54de2cc2c13717e170944598b206e332d799acb5bd411a40_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:c3c850aa2526b48853e27a808b3565dcfd133770229be259b60fb9286f8f5d2e_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:455f5ae73a9f061ee99f914544abbfef7a5b902179fdaf956802edcee20d767a_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:bd801415cb506c52d03a390323c098c7fa8f99af1895301708d1a0a56f72b215_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:e7f8db64e7c7a2ae31caf2f54c60debc803acacc7f0df18e49c246f3f878557e_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:f32c097916c50ab0718ec75c1bf6ea12abc99b1b29e4cb3ece122fa4112e6a42_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-operator-bundle@sha256:773592dfb9964970f444871a8812e8b74db3f205faaa0bf148defa1a2b87b649_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:57388b8ed2c018728f7efed7d355fa1ac066d19c224a27a7517a2fba01c5d3f6_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:8181401cb43af84059707ab096fa7f0599a251aadc4f7d53bb38098b5e7dd752_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:97603cb305c6ff71a01aef4c494ca4e4b013bb1f55e4a98c99734d57fb03f4f8_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:a3c3733bb827d469b5f51b9804a1515a13f58dd21e9f436bbdd0df280bb49f93_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:8989ea6a8e7cb8a7ef64635fcf28c9b800c9287411071444f8fb358df832fe38_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e7e7dba53756f1053ca385b6c279889c9c87bf05adc604b77619fec12c582f99_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e8b3e42c2ca79b6665920f9a739461f94937e511c2e7ccf60da338460084de0f_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:fa82571fbf077de163d8d56d9d587971f5179740e9455e9e7bd6bc62b0330ba3_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:2e641073b54b27f405def00c4b8731cbf9cdffe2ed8f89c9c29782c18fb55b67_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:78c9599b4298cb6dcb59c871c52bd4b0e135fc03c723fa1d02ce584193ac14c7_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:aa624fcfd4bd94f512dcb1c3e626049f5ab2c7b6babde284c9b800420e315697_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:cec57b21fa14774d14295464b3344c0517f24b72cef6e4360f55fdb350366557_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:0db60917a32763220ae442c97b1e199b1dd0a713db0ae0a8fe11dfe392e9bd63_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:589a8d9e59219c7cceafb4c0abc3d0e8e90857a625d9dc6a11c7b3ed92fa509e_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:87c02c7ae9f6be6e8159bb23d18d9c6e4625d28a8309e43fa60b51a168266051_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:e8ab6cd8d0bb3464eb21b54580af300e43bf8b7d5ff66d99eb30abd586c0f198_s390x",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:9e0f1ba8a30ad561367651c67f641fd0053f45d17bb175f9f6889f8461bae790_arm64",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:b7c3bb5d3cbde94a34aa0244bb0362e7069a3de221dec6b8b820c0d235bd76fe_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8274"
},
{
"category": "workaround",
"details": "This flaw can be mitigated when using the client only connecting to trusted servers.",
"product_ids": [
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:23a8aac6d2e009bbba4b0bd7beec63306f0c1509f34d2dd8ab8a611011dc17dd_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:d72734b90db1ce7201a96c524ac571c87a49da09ff4d318f68ae6852c6d16b76_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:dbdb2e380a47e55c12c4c4fea9fc4b69f9073ef00138dd82923dc095250d4db6_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:fdb7dba204200801073ff293ad3842c6ae48b6decafae292729ad7d571e90f19_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:30d63e8254a436279fc5e11c5bf7b62d85502acc221d4207fd70a15e54a7ee16_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:7c537c7cf6a0432646b7ab05ee73e0977f5f3b7b0fd3d6be37c02f9396a1d737_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:cb5b95895261589a9845628f6ba2f0d8bea6bde9908ed8d49c3e4ae24d447f50_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:d238690e3827286b7aba7f7d259ec0aaae1ae3fe923c56b00c742ec8737a7c8c_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:0512fba38410f128d3137fa397281b5ca95b76943dd51fcf78a7feacbb16d96b_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:49d66633f974c5ce83a09bca0a69538271b4991f1e7df4b35e2d7fb2540188f7_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:8dc71e6ebd38cb2e54de2cc2c13717e170944598b206e332d799acb5bd411a40_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:c3c850aa2526b48853e27a808b3565dcfd133770229be259b60fb9286f8f5d2e_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:455f5ae73a9f061ee99f914544abbfef7a5b902179fdaf956802edcee20d767a_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:bd801415cb506c52d03a390323c098c7fa8f99af1895301708d1a0a56f72b215_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:e7f8db64e7c7a2ae31caf2f54c60debc803acacc7f0df18e49c246f3f878557e_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:f32c097916c50ab0718ec75c1bf6ea12abc99b1b29e4cb3ece122fa4112e6a42_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-operator-bundle@sha256:773592dfb9964970f444871a8812e8b74db3f205faaa0bf148defa1a2b87b649_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:57388b8ed2c018728f7efed7d355fa1ac066d19c224a27a7517a2fba01c5d3f6_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:8181401cb43af84059707ab096fa7f0599a251aadc4f7d53bb38098b5e7dd752_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:97603cb305c6ff71a01aef4c494ca4e4b013bb1f55e4a98c99734d57fb03f4f8_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:a3c3733bb827d469b5f51b9804a1515a13f58dd21e9f436bbdd0df280bb49f93_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:8989ea6a8e7cb8a7ef64635fcf28c9b800c9287411071444f8fb358df832fe38_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e7e7dba53756f1053ca385b6c279889c9c87bf05adc604b77619fec12c582f99_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e8b3e42c2ca79b6665920f9a739461f94937e511c2e7ccf60da338460084de0f_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:fa82571fbf077de163d8d56d9d587971f5179740e9455e9e7bd6bc62b0330ba3_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:2e641073b54b27f405def00c4b8731cbf9cdffe2ed8f89c9c29782c18fb55b67_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:78c9599b4298cb6dcb59c871c52bd4b0e135fc03c723fa1d02ce584193ac14c7_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:aa624fcfd4bd94f512dcb1c3e626049f5ab2c7b6babde284c9b800420e315697_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:cec57b21fa14774d14295464b3344c0517f24b72cef6e4360f55fdb350366557_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:0db60917a32763220ae442c97b1e199b1dd0a713db0ae0a8fe11dfe392e9bd63_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:589a8d9e59219c7cceafb4c0abc3d0e8e90857a625d9dc6a11c7b3ed92fa509e_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:87c02c7ae9f6be6e8159bb23d18d9c6e4625d28a8309e43fa60b51a168266051_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:e8ab6cd8d0bb3464eb21b54580af300e43bf8b7d5ff66d99eb30abd586c0f198_s390x",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:9e0f1ba8a30ad561367651c67f641fd0053f45d17bb175f9f6889f8461bae790_arm64",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:b7c3bb5d3cbde94a34aa0244bb0362e7069a3de221dec6b8b820c0d235bd76fe_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:23a8aac6d2e009bbba4b0bd7beec63306f0c1509f34d2dd8ab8a611011dc17dd_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:d72734b90db1ce7201a96c524ac571c87a49da09ff4d318f68ae6852c6d16b76_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:dbdb2e380a47e55c12c4c4fea9fc4b69f9073ef00138dd82923dc095250d4db6_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:fdb7dba204200801073ff293ad3842c6ae48b6decafae292729ad7d571e90f19_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:30d63e8254a436279fc5e11c5bf7b62d85502acc221d4207fd70a15e54a7ee16_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:7c537c7cf6a0432646b7ab05ee73e0977f5f3b7b0fd3d6be37c02f9396a1d737_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:cb5b95895261589a9845628f6ba2f0d8bea6bde9908ed8d49c3e4ae24d447f50_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:d238690e3827286b7aba7f7d259ec0aaae1ae3fe923c56b00c742ec8737a7c8c_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:0512fba38410f128d3137fa397281b5ca95b76943dd51fcf78a7feacbb16d96b_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:49d66633f974c5ce83a09bca0a69538271b4991f1e7df4b35e2d7fb2540188f7_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:8dc71e6ebd38cb2e54de2cc2c13717e170944598b206e332d799acb5bd411a40_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:c3c850aa2526b48853e27a808b3565dcfd133770229be259b60fb9286f8f5d2e_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:455f5ae73a9f061ee99f914544abbfef7a5b902179fdaf956802edcee20d767a_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:bd801415cb506c52d03a390323c098c7fa8f99af1895301708d1a0a56f72b215_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:e7f8db64e7c7a2ae31caf2f54c60debc803acacc7f0df18e49c246f3f878557e_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:f32c097916c50ab0718ec75c1bf6ea12abc99b1b29e4cb3ece122fa4112e6a42_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-operator-bundle@sha256:773592dfb9964970f444871a8812e8b74db3f205faaa0bf148defa1a2b87b649_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:57388b8ed2c018728f7efed7d355fa1ac066d19c224a27a7517a2fba01c5d3f6_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:8181401cb43af84059707ab096fa7f0599a251aadc4f7d53bb38098b5e7dd752_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:97603cb305c6ff71a01aef4c494ca4e4b013bb1f55e4a98c99734d57fb03f4f8_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:a3c3733bb827d469b5f51b9804a1515a13f58dd21e9f436bbdd0df280bb49f93_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:8989ea6a8e7cb8a7ef64635fcf28c9b800c9287411071444f8fb358df832fe38_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e7e7dba53756f1053ca385b6c279889c9c87bf05adc604b77619fec12c582f99_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e8b3e42c2ca79b6665920f9a739461f94937e511c2e7ccf60da338460084de0f_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:fa82571fbf077de163d8d56d9d587971f5179740e9455e9e7bd6bc62b0330ba3_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:2e641073b54b27f405def00c4b8731cbf9cdffe2ed8f89c9c29782c18fb55b67_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:78c9599b4298cb6dcb59c871c52bd4b0e135fc03c723fa1d02ce584193ac14c7_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:aa624fcfd4bd94f512dcb1c3e626049f5ab2c7b6babde284c9b800420e315697_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:cec57b21fa14774d14295464b3344c0517f24b72cef6e4360f55fdb350366557_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:0db60917a32763220ae442c97b1e199b1dd0a713db0ae0a8fe11dfe392e9bd63_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:589a8d9e59219c7cceafb4c0abc3d0e8e90857a625d9dc6a11c7b3ed92fa509e_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:87c02c7ae9f6be6e8159bb23d18d9c6e4625d28a8309e43fa60b51a168266051_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:e8ab6cd8d0bb3464eb21b54580af300e43bf8b7d5ff66d99eb30abd586c0f198_s390x",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:9e0f1ba8a30ad561367651c67f641fd0053f45d17bb175f9f6889f8461bae790_arm64",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:b7c3bb5d3cbde94a34aa0244bb0362e7069a3de221dec6b8b820c0d235bd76fe_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
},
{
"cve": "CVE-2025-30204",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-03-21T22:00:43.818367+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2354195"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang-jwt implementation of JSON Web Tokens (JWT). In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an application crash, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:23a8aac6d2e009bbba4b0bd7beec63306f0c1509f34d2dd8ab8a611011dc17dd_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:d72734b90db1ce7201a96c524ac571c87a49da09ff4d318f68ae6852c6d16b76_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:dbdb2e380a47e55c12c4c4fea9fc4b69f9073ef00138dd82923dc095250d4db6_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:fdb7dba204200801073ff293ad3842c6ae48b6decafae292729ad7d571e90f19_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:30d63e8254a436279fc5e11c5bf7b62d85502acc221d4207fd70a15e54a7ee16_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:7c537c7cf6a0432646b7ab05ee73e0977f5f3b7b0fd3d6be37c02f9396a1d737_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:cb5b95895261589a9845628f6ba2f0d8bea6bde9908ed8d49c3e4ae24d447f50_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:d238690e3827286b7aba7f7d259ec0aaae1ae3fe923c56b00c742ec8737a7c8c_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:0512fba38410f128d3137fa397281b5ca95b76943dd51fcf78a7feacbb16d96b_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:49d66633f974c5ce83a09bca0a69538271b4991f1e7df4b35e2d7fb2540188f7_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:8dc71e6ebd38cb2e54de2cc2c13717e170944598b206e332d799acb5bd411a40_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:c3c850aa2526b48853e27a808b3565dcfd133770229be259b60fb9286f8f5d2e_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:455f5ae73a9f061ee99f914544abbfef7a5b902179fdaf956802edcee20d767a_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:bd801415cb506c52d03a390323c098c7fa8f99af1895301708d1a0a56f72b215_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:e7f8db64e7c7a2ae31caf2f54c60debc803acacc7f0df18e49c246f3f878557e_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:f32c097916c50ab0718ec75c1bf6ea12abc99b1b29e4cb3ece122fa4112e6a42_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-operator-bundle@sha256:773592dfb9964970f444871a8812e8b74db3f205faaa0bf148defa1a2b87b649_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:57388b8ed2c018728f7efed7d355fa1ac066d19c224a27a7517a2fba01c5d3f6_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:8181401cb43af84059707ab096fa7f0599a251aadc4f7d53bb38098b5e7dd752_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:97603cb305c6ff71a01aef4c494ca4e4b013bb1f55e4a98c99734d57fb03f4f8_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:a3c3733bb827d469b5f51b9804a1515a13f58dd21e9f436bbdd0df280bb49f93_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:8989ea6a8e7cb8a7ef64635fcf28c9b800c9287411071444f8fb358df832fe38_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e7e7dba53756f1053ca385b6c279889c9c87bf05adc604b77619fec12c582f99_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e8b3e42c2ca79b6665920f9a739461f94937e511c2e7ccf60da338460084de0f_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:fa82571fbf077de163d8d56d9d587971f5179740e9455e9e7bd6bc62b0330ba3_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:2e641073b54b27f405def00c4b8731cbf9cdffe2ed8f89c9c29782c18fb55b67_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:78c9599b4298cb6dcb59c871c52bd4b0e135fc03c723fa1d02ce584193ac14c7_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:aa624fcfd4bd94f512dcb1c3e626049f5ab2c7b6babde284c9b800420e315697_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:cec57b21fa14774d14295464b3344c0517f24b72cef6e4360f55fdb350366557_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:0db60917a32763220ae442c97b1e199b1dd0a713db0ae0a8fe11dfe392e9bd63_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:589a8d9e59219c7cceafb4c0abc3d0e8e90857a625d9dc6a11c7b3ed92fa509e_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:87c02c7ae9f6be6e8159bb23d18d9c6e4625d28a8309e43fa60b51a168266051_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:e8ab6cd8d0bb3464eb21b54580af300e43bf8b7d5ff66d99eb30abd586c0f198_s390x",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:9e0f1ba8a30ad561367651c67f641fd0053f45d17bb175f9f6889f8461bae790_arm64",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:b7c3bb5d3cbde94a34aa0244bb0362e7069a3de221dec6b8b820c0d235bd76fe_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "RHBZ#2354195",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354195"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-30204",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30204"
},
{
"category": "external",
"summary": "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3",
"url": "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3"
},
{
"category": "external",
"summary": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp",
"url": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3553",
"url": "https://pkg.go.dev/vuln/GO-2025-3553"
}
],
"release_date": "2025-03-21T21:42:01.382000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-28T20:39:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:23a8aac6d2e009bbba4b0bd7beec63306f0c1509f34d2dd8ab8a611011dc17dd_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:d72734b90db1ce7201a96c524ac571c87a49da09ff4d318f68ae6852c6d16b76_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:dbdb2e380a47e55c12c4c4fea9fc4b69f9073ef00138dd82923dc095250d4db6_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:fdb7dba204200801073ff293ad3842c6ae48b6decafae292729ad7d571e90f19_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:30d63e8254a436279fc5e11c5bf7b62d85502acc221d4207fd70a15e54a7ee16_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:7c537c7cf6a0432646b7ab05ee73e0977f5f3b7b0fd3d6be37c02f9396a1d737_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:cb5b95895261589a9845628f6ba2f0d8bea6bde9908ed8d49c3e4ae24d447f50_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:d238690e3827286b7aba7f7d259ec0aaae1ae3fe923c56b00c742ec8737a7c8c_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:0512fba38410f128d3137fa397281b5ca95b76943dd51fcf78a7feacbb16d96b_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:49d66633f974c5ce83a09bca0a69538271b4991f1e7df4b35e2d7fb2540188f7_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:8dc71e6ebd38cb2e54de2cc2c13717e170944598b206e332d799acb5bd411a40_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:c3c850aa2526b48853e27a808b3565dcfd133770229be259b60fb9286f8f5d2e_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:455f5ae73a9f061ee99f914544abbfef7a5b902179fdaf956802edcee20d767a_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:bd801415cb506c52d03a390323c098c7fa8f99af1895301708d1a0a56f72b215_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:e7f8db64e7c7a2ae31caf2f54c60debc803acacc7f0df18e49c246f3f878557e_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:f32c097916c50ab0718ec75c1bf6ea12abc99b1b29e4cb3ece122fa4112e6a42_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-operator-bundle@sha256:773592dfb9964970f444871a8812e8b74db3f205faaa0bf148defa1a2b87b649_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:57388b8ed2c018728f7efed7d355fa1ac066d19c224a27a7517a2fba01c5d3f6_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:8181401cb43af84059707ab096fa7f0599a251aadc4f7d53bb38098b5e7dd752_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:97603cb305c6ff71a01aef4c494ca4e4b013bb1f55e4a98c99734d57fb03f4f8_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:a3c3733bb827d469b5f51b9804a1515a13f58dd21e9f436bbdd0df280bb49f93_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:8989ea6a8e7cb8a7ef64635fcf28c9b800c9287411071444f8fb358df832fe38_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e7e7dba53756f1053ca385b6c279889c9c87bf05adc604b77619fec12c582f99_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e8b3e42c2ca79b6665920f9a739461f94937e511c2e7ccf60da338460084de0f_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:fa82571fbf077de163d8d56d9d587971f5179740e9455e9e7bd6bc62b0330ba3_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:2e641073b54b27f405def00c4b8731cbf9cdffe2ed8f89c9c29782c18fb55b67_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:78c9599b4298cb6dcb59c871c52bd4b0e135fc03c723fa1d02ce584193ac14c7_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:aa624fcfd4bd94f512dcb1c3e626049f5ab2c7b6babde284c9b800420e315697_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:cec57b21fa14774d14295464b3344c0517f24b72cef6e4360f55fdb350366557_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:0db60917a32763220ae442c97b1e199b1dd0a713db0ae0a8fe11dfe392e9bd63_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:589a8d9e59219c7cceafb4c0abc3d0e8e90857a625d9dc6a11c7b3ed92fa509e_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:87c02c7ae9f6be6e8159bb23d18d9c6e4625d28a8309e43fa60b51a168266051_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:e8ab6cd8d0bb3464eb21b54580af300e43bf8b7d5ff66d99eb30abd586c0f198_s390x",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:9e0f1ba8a30ad561367651c67f641fd0053f45d17bb175f9f6889f8461bae790_arm64",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:b7c3bb5d3cbde94a34aa0244bb0362e7069a3de221dec6b8b820c0d235bd76fe_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8274"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:23a8aac6d2e009bbba4b0bd7beec63306f0c1509f34d2dd8ab8a611011dc17dd_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:d72734b90db1ce7201a96c524ac571c87a49da09ff4d318f68ae6852c6d16b76_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:dbdb2e380a47e55c12c4c4fea9fc4b69f9073ef00138dd82923dc095250d4db6_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:fdb7dba204200801073ff293ad3842c6ae48b6decafae292729ad7d571e90f19_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:30d63e8254a436279fc5e11c5bf7b62d85502acc221d4207fd70a15e54a7ee16_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:7c537c7cf6a0432646b7ab05ee73e0977f5f3b7b0fd3d6be37c02f9396a1d737_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:cb5b95895261589a9845628f6ba2f0d8bea6bde9908ed8d49c3e4ae24d447f50_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:d238690e3827286b7aba7f7d259ec0aaae1ae3fe923c56b00c742ec8737a7c8c_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:0512fba38410f128d3137fa397281b5ca95b76943dd51fcf78a7feacbb16d96b_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:49d66633f974c5ce83a09bca0a69538271b4991f1e7df4b35e2d7fb2540188f7_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:8dc71e6ebd38cb2e54de2cc2c13717e170944598b206e332d799acb5bd411a40_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:c3c850aa2526b48853e27a808b3565dcfd133770229be259b60fb9286f8f5d2e_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:455f5ae73a9f061ee99f914544abbfef7a5b902179fdaf956802edcee20d767a_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:bd801415cb506c52d03a390323c098c7fa8f99af1895301708d1a0a56f72b215_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:e7f8db64e7c7a2ae31caf2f54c60debc803acacc7f0df18e49c246f3f878557e_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:f32c097916c50ab0718ec75c1bf6ea12abc99b1b29e4cb3ece122fa4112e6a42_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-operator-bundle@sha256:773592dfb9964970f444871a8812e8b74db3f205faaa0bf148defa1a2b87b649_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:57388b8ed2c018728f7efed7d355fa1ac066d19c224a27a7517a2fba01c5d3f6_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:8181401cb43af84059707ab096fa7f0599a251aadc4f7d53bb38098b5e7dd752_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:97603cb305c6ff71a01aef4c494ca4e4b013bb1f55e4a98c99734d57fb03f4f8_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:a3c3733bb827d469b5f51b9804a1515a13f58dd21e9f436bbdd0df280bb49f93_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:8989ea6a8e7cb8a7ef64635fcf28c9b800c9287411071444f8fb358df832fe38_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e7e7dba53756f1053ca385b6c279889c9c87bf05adc604b77619fec12c582f99_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e8b3e42c2ca79b6665920f9a739461f94937e511c2e7ccf60da338460084de0f_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:fa82571fbf077de163d8d56d9d587971f5179740e9455e9e7bd6bc62b0330ba3_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:2e641073b54b27f405def00c4b8731cbf9cdffe2ed8f89c9c29782c18fb55b67_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:78c9599b4298cb6dcb59c871c52bd4b0e135fc03c723fa1d02ce584193ac14c7_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:aa624fcfd4bd94f512dcb1c3e626049f5ab2c7b6babde284c9b800420e315697_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:cec57b21fa14774d14295464b3344c0517f24b72cef6e4360f55fdb350366557_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:0db60917a32763220ae442c97b1e199b1dd0a713db0ae0a8fe11dfe392e9bd63_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:589a8d9e59219c7cceafb4c0abc3d0e8e90857a625d9dc6a11c7b3ed92fa509e_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:87c02c7ae9f6be6e8159bb23d18d9c6e4625d28a8309e43fa60b51a168266051_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:e8ab6cd8d0bb3464eb21b54580af300e43bf8b7d5ff66d99eb30abd586c0f198_s390x",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:9e0f1ba8a30ad561367651c67f641fd0053f45d17bb175f9f6889f8461bae790_arm64",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:b7c3bb5d3cbde94a34aa0244bb0362e7069a3de221dec6b8b820c0d235bd76fe_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:23a8aac6d2e009bbba4b0bd7beec63306f0c1509f34d2dd8ab8a611011dc17dd_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:d72734b90db1ce7201a96c524ac571c87a49da09ff4d318f68ae6852c6d16b76_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:dbdb2e380a47e55c12c4c4fea9fc4b69f9073ef00138dd82923dc095250d4db6_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:fdb7dba204200801073ff293ad3842c6ae48b6decafae292729ad7d571e90f19_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:30d63e8254a436279fc5e11c5bf7b62d85502acc221d4207fd70a15e54a7ee16_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:7c537c7cf6a0432646b7ab05ee73e0977f5f3b7b0fd3d6be37c02f9396a1d737_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:cb5b95895261589a9845628f6ba2f0d8bea6bde9908ed8d49c3e4ae24d447f50_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:d238690e3827286b7aba7f7d259ec0aaae1ae3fe923c56b00c742ec8737a7c8c_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:0512fba38410f128d3137fa397281b5ca95b76943dd51fcf78a7feacbb16d96b_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:49d66633f974c5ce83a09bca0a69538271b4991f1e7df4b35e2d7fb2540188f7_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:8dc71e6ebd38cb2e54de2cc2c13717e170944598b206e332d799acb5bd411a40_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:c3c850aa2526b48853e27a808b3565dcfd133770229be259b60fb9286f8f5d2e_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:455f5ae73a9f061ee99f914544abbfef7a5b902179fdaf956802edcee20d767a_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:bd801415cb506c52d03a390323c098c7fa8f99af1895301708d1a0a56f72b215_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:e7f8db64e7c7a2ae31caf2f54c60debc803acacc7f0df18e49c246f3f878557e_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:f32c097916c50ab0718ec75c1bf6ea12abc99b1b29e4cb3ece122fa4112e6a42_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-operator-bundle@sha256:773592dfb9964970f444871a8812e8b74db3f205faaa0bf148defa1a2b87b649_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:57388b8ed2c018728f7efed7d355fa1ac066d19c224a27a7517a2fba01c5d3f6_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:8181401cb43af84059707ab096fa7f0599a251aadc4f7d53bb38098b5e7dd752_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:97603cb305c6ff71a01aef4c494ca4e4b013bb1f55e4a98c99734d57fb03f4f8_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:a3c3733bb827d469b5f51b9804a1515a13f58dd21e9f436bbdd0df280bb49f93_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:8989ea6a8e7cb8a7ef64635fcf28c9b800c9287411071444f8fb358df832fe38_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e7e7dba53756f1053ca385b6c279889c9c87bf05adc604b77619fec12c582f99_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e8b3e42c2ca79b6665920f9a739461f94937e511c2e7ccf60da338460084de0f_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:fa82571fbf077de163d8d56d9d587971f5179740e9455e9e7bd6bc62b0330ba3_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:2e641073b54b27f405def00c4b8731cbf9cdffe2ed8f89c9c29782c18fb55b67_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:78c9599b4298cb6dcb59c871c52bd4b0e135fc03c723fa1d02ce584193ac14c7_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:aa624fcfd4bd94f512dcb1c3e626049f5ab2c7b6babde284c9b800420e315697_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:cec57b21fa14774d14295464b3344c0517f24b72cef6e4360f55fdb350366557_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:0db60917a32763220ae442c97b1e199b1dd0a713db0ae0a8fe11dfe392e9bd63_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:589a8d9e59219c7cceafb4c0abc3d0e8e90857a625d9dc6a11c7b3ed92fa509e_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:87c02c7ae9f6be6e8159bb23d18d9c6e4625d28a8309e43fa60b51a168266051_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:e8ab6cd8d0bb3464eb21b54580af300e43bf8b7d5ff66d99eb30abd586c0f198_s390x",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:9e0f1ba8a30ad561367651c67f641fd0053f45d17bb175f9f6889f8461bae790_arm64",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:b7c3bb5d3cbde94a34aa0244bb0362e7069a3de221dec6b8b820c0d235bd76fe_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing"
},
{
"cve": "CVE-2025-47933",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2025-05-21T07:20:49.941000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367740"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Argo CD, where improper filtering of repository URLs in the UI allows JavaScript injection. A crafted javascript: link can lead to cross-site scripting when viewed by another user. This can result in unauthorized API actions via the victim\u0027s session.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "argocd: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:23a8aac6d2e009bbba4b0bd7beec63306f0c1509f34d2dd8ab8a611011dc17dd_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:d72734b90db1ce7201a96c524ac571c87a49da09ff4d318f68ae6852c6d16b76_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:dbdb2e380a47e55c12c4c4fea9fc4b69f9073ef00138dd82923dc095250d4db6_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:fdb7dba204200801073ff293ad3842c6ae48b6decafae292729ad7d571e90f19_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:30d63e8254a436279fc5e11c5bf7b62d85502acc221d4207fd70a15e54a7ee16_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:7c537c7cf6a0432646b7ab05ee73e0977f5f3b7b0fd3d6be37c02f9396a1d737_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:cb5b95895261589a9845628f6ba2f0d8bea6bde9908ed8d49c3e4ae24d447f50_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:d238690e3827286b7aba7f7d259ec0aaae1ae3fe923c56b00c742ec8737a7c8c_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:0512fba38410f128d3137fa397281b5ca95b76943dd51fcf78a7feacbb16d96b_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:49d66633f974c5ce83a09bca0a69538271b4991f1e7df4b35e2d7fb2540188f7_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:8dc71e6ebd38cb2e54de2cc2c13717e170944598b206e332d799acb5bd411a40_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:c3c850aa2526b48853e27a808b3565dcfd133770229be259b60fb9286f8f5d2e_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:455f5ae73a9f061ee99f914544abbfef7a5b902179fdaf956802edcee20d767a_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:bd801415cb506c52d03a390323c098c7fa8f99af1895301708d1a0a56f72b215_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:e7f8db64e7c7a2ae31caf2f54c60debc803acacc7f0df18e49c246f3f878557e_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:f32c097916c50ab0718ec75c1bf6ea12abc99b1b29e4cb3ece122fa4112e6a42_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-operator-bundle@sha256:773592dfb9964970f444871a8812e8b74db3f205faaa0bf148defa1a2b87b649_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:57388b8ed2c018728f7efed7d355fa1ac066d19c224a27a7517a2fba01c5d3f6_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:8181401cb43af84059707ab096fa7f0599a251aadc4f7d53bb38098b5e7dd752_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:97603cb305c6ff71a01aef4c494ca4e4b013bb1f55e4a98c99734d57fb03f4f8_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:a3c3733bb827d469b5f51b9804a1515a13f58dd21e9f436bbdd0df280bb49f93_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:8989ea6a8e7cb8a7ef64635fcf28c9b800c9287411071444f8fb358df832fe38_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e7e7dba53756f1053ca385b6c279889c9c87bf05adc604b77619fec12c582f99_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e8b3e42c2ca79b6665920f9a739461f94937e511c2e7ccf60da338460084de0f_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:fa82571fbf077de163d8d56d9d587971f5179740e9455e9e7bd6bc62b0330ba3_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:2e641073b54b27f405def00c4b8731cbf9cdffe2ed8f89c9c29782c18fb55b67_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:78c9599b4298cb6dcb59c871c52bd4b0e135fc03c723fa1d02ce584193ac14c7_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:aa624fcfd4bd94f512dcb1c3e626049f5ab2c7b6babde284c9b800420e315697_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:cec57b21fa14774d14295464b3344c0517f24b72cef6e4360f55fdb350366557_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:0db60917a32763220ae442c97b1e199b1dd0a713db0ae0a8fe11dfe392e9bd63_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:589a8d9e59219c7cceafb4c0abc3d0e8e90857a625d9dc6a11c7b3ed92fa509e_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:87c02c7ae9f6be6e8159bb23d18d9c6e4625d28a8309e43fa60b51a168266051_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:e8ab6cd8d0bb3464eb21b54580af300e43bf8b7d5ff66d99eb30abd586c0f198_s390x",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:9e0f1ba8a30ad561367651c67f641fd0053f45d17bb175f9f6889f8461bae790_arm64",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:b7c3bb5d3cbde94a34aa0244bb0362e7069a3de221dec6b8b820c0d235bd76fe_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47933"
},
{
"category": "external",
"summary": "RHBZ#2367740",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367740"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47933",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47933"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47933",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47933"
}
],
"release_date": "2025-05-28T14:30:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-28T20:39:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:23a8aac6d2e009bbba4b0bd7beec63306f0c1509f34d2dd8ab8a611011dc17dd_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:d72734b90db1ce7201a96c524ac571c87a49da09ff4d318f68ae6852c6d16b76_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:dbdb2e380a47e55c12c4c4fea9fc4b69f9073ef00138dd82923dc095250d4db6_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:fdb7dba204200801073ff293ad3842c6ae48b6decafae292729ad7d571e90f19_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:30d63e8254a436279fc5e11c5bf7b62d85502acc221d4207fd70a15e54a7ee16_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:7c537c7cf6a0432646b7ab05ee73e0977f5f3b7b0fd3d6be37c02f9396a1d737_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:cb5b95895261589a9845628f6ba2f0d8bea6bde9908ed8d49c3e4ae24d447f50_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:d238690e3827286b7aba7f7d259ec0aaae1ae3fe923c56b00c742ec8737a7c8c_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:0512fba38410f128d3137fa397281b5ca95b76943dd51fcf78a7feacbb16d96b_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:49d66633f974c5ce83a09bca0a69538271b4991f1e7df4b35e2d7fb2540188f7_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:8dc71e6ebd38cb2e54de2cc2c13717e170944598b206e332d799acb5bd411a40_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:c3c850aa2526b48853e27a808b3565dcfd133770229be259b60fb9286f8f5d2e_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:455f5ae73a9f061ee99f914544abbfef7a5b902179fdaf956802edcee20d767a_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:bd801415cb506c52d03a390323c098c7fa8f99af1895301708d1a0a56f72b215_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:e7f8db64e7c7a2ae31caf2f54c60debc803acacc7f0df18e49c246f3f878557e_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:f32c097916c50ab0718ec75c1bf6ea12abc99b1b29e4cb3ece122fa4112e6a42_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-operator-bundle@sha256:773592dfb9964970f444871a8812e8b74db3f205faaa0bf148defa1a2b87b649_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:57388b8ed2c018728f7efed7d355fa1ac066d19c224a27a7517a2fba01c5d3f6_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:8181401cb43af84059707ab096fa7f0599a251aadc4f7d53bb38098b5e7dd752_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:97603cb305c6ff71a01aef4c494ca4e4b013bb1f55e4a98c99734d57fb03f4f8_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:a3c3733bb827d469b5f51b9804a1515a13f58dd21e9f436bbdd0df280bb49f93_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:8989ea6a8e7cb8a7ef64635fcf28c9b800c9287411071444f8fb358df832fe38_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e7e7dba53756f1053ca385b6c279889c9c87bf05adc604b77619fec12c582f99_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e8b3e42c2ca79b6665920f9a739461f94937e511c2e7ccf60da338460084de0f_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:fa82571fbf077de163d8d56d9d587971f5179740e9455e9e7bd6bc62b0330ba3_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:2e641073b54b27f405def00c4b8731cbf9cdffe2ed8f89c9c29782c18fb55b67_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:78c9599b4298cb6dcb59c871c52bd4b0e135fc03c723fa1d02ce584193ac14c7_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:aa624fcfd4bd94f512dcb1c3e626049f5ab2c7b6babde284c9b800420e315697_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:cec57b21fa14774d14295464b3344c0517f24b72cef6e4360f55fdb350366557_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:0db60917a32763220ae442c97b1e199b1dd0a713db0ae0a8fe11dfe392e9bd63_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:589a8d9e59219c7cceafb4c0abc3d0e8e90857a625d9dc6a11c7b3ed92fa509e_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:87c02c7ae9f6be6e8159bb23d18d9c6e4625d28a8309e43fa60b51a168266051_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:e8ab6cd8d0bb3464eb21b54580af300e43bf8b7d5ff66d99eb30abd586c0f198_s390x",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:9e0f1ba8a30ad561367651c67f641fd0053f45d17bb175f9f6889f8461bae790_arm64",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:b7c3bb5d3cbde94a34aa0244bb0362e7069a3de221dec6b8b820c0d235bd76fe_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8274"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:23a8aac6d2e009bbba4b0bd7beec63306f0c1509f34d2dd8ab8a611011dc17dd_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:d72734b90db1ce7201a96c524ac571c87a49da09ff4d318f68ae6852c6d16b76_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:dbdb2e380a47e55c12c4c4fea9fc4b69f9073ef00138dd82923dc095250d4db6_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argo-rollouts-rhel8@sha256:fdb7dba204200801073ff293ad3842c6ae48b6decafae292729ad7d571e90f19_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:30d63e8254a436279fc5e11c5bf7b62d85502acc221d4207fd70a15e54a7ee16_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:7c537c7cf6a0432646b7ab05ee73e0977f5f3b7b0fd3d6be37c02f9396a1d737_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:cb5b95895261589a9845628f6ba2f0d8bea6bde9908ed8d49c3e4ae24d447f50_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/argocd-rhel8@sha256:d238690e3827286b7aba7f7d259ec0aaae1ae3fe923c56b00c742ec8737a7c8c_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:0512fba38410f128d3137fa397281b5ca95b76943dd51fcf78a7feacbb16d96b_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:49d66633f974c5ce83a09bca0a69538271b4991f1e7df4b35e2d7fb2540188f7_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:8dc71e6ebd38cb2e54de2cc2c13717e170944598b206e332d799acb5bd411a40_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/console-plugin-rhel8@sha256:c3c850aa2526b48853e27a808b3565dcfd133770229be259b60fb9286f8f5d2e_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:455f5ae73a9f061ee99f914544abbfef7a5b902179fdaf956802edcee20d767a_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:bd801415cb506c52d03a390323c098c7fa8f99af1895301708d1a0a56f72b215_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:e7f8db64e7c7a2ae31caf2f54c60debc803acacc7f0df18e49c246f3f878557e_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/dex-rhel8@sha256:f32c097916c50ab0718ec75c1bf6ea12abc99b1b29e4cb3ece122fa4112e6a42_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-operator-bundle@sha256:773592dfb9964970f444871a8812e8b74db3f205faaa0bf148defa1a2b87b649_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:57388b8ed2c018728f7efed7d355fa1ac066d19c224a27a7517a2fba01c5d3f6_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:8181401cb43af84059707ab096fa7f0599a251aadc4f7d53bb38098b5e7dd752_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:97603cb305c6ff71a01aef4c494ca4e4b013bb1f55e4a98c99734d57fb03f4f8_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8-operator@sha256:a3c3733bb827d469b5f51b9804a1515a13f58dd21e9f436bbdd0df280bb49f93_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:8989ea6a8e7cb8a7ef64635fcf28c9b800c9287411071444f8fb358df832fe38_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e7e7dba53756f1053ca385b6c279889c9c87bf05adc604b77619fec12c582f99_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:e8b3e42c2ca79b6665920f9a739461f94937e511c2e7ccf60da338460084de0f_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/gitops-rhel8@sha256:fa82571fbf077de163d8d56d9d587971f5179740e9455e9e7bd6bc62b0330ba3_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:2e641073b54b27f405def00c4b8731cbf9cdffe2ed8f89c9c29782c18fb55b67_s390x",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:78c9599b4298cb6dcb59c871c52bd4b0e135fc03c723fa1d02ce584193ac14c7_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:aa624fcfd4bd94f512dcb1c3e626049f5ab2c7b6babde284c9b800420e315697_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/kam-delivery-rhel8@sha256:cec57b21fa14774d14295464b3344c0517f24b72cef6e4360f55fdb350366557_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:0db60917a32763220ae442c97b1e199b1dd0a713db0ae0a8fe11dfe392e9bd63_ppc64le",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:589a8d9e59219c7cceafb4c0abc3d0e8e90857a625d9dc6a11c7b3ed92fa509e_arm64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:87c02c7ae9f6be6e8159bb23d18d9c6e4625d28a8309e43fa60b51a168266051_amd64",
"8Base-GitOps-1.14:openshift-gitops-1/must-gather-rhel8@sha256:e8ab6cd8d0bb3464eb21b54580af300e43bf8b7d5ff66d99eb30abd586c0f198_s390x",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:9e0f1ba8a30ad561367651c67f641fd0053f45d17bb175f9f6889f8461bae790_arm64",
"9Base-GitOps-1.14:openshift-gitops-1/argocd-rhel9@sha256:b7c3bb5d3cbde94a34aa0244bb0362e7069a3de221dec6b8b820c0d235bd76fe_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "argocd: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS)"
}
]
}
RHSA-2025:8277
Vulnerability from csaf_redhat - Published: 2025-05-28 20:51 - Updated: 2026-02-27 16:40Summary
Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.15.3 security update
Severity
Important
Notes
Topic: Errata Advisory for Red Hat OpenShift GitOps v1.15.3 security update.
Details: Errata Advisory for Red Hat OpenShift GitOps 1.15.3 security release.
Security Fix(es):
* openshift-gitops-argocd-container: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS) [gitops-1.15](CVE-2025-47933)
* openshift-gitops-1/argocd-rhel9: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS) [gitops-1.15](CVE-2025-47933)
* openshift-gitops-1/gitops-operator-bundle: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS) [gitops-1.15](CVE-2025-47933)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Argo CD, where improper filtering of repository URLs in the UI allows JavaScript injection. A crafted javascript: link can lead to cross-site scripting when viewed by another user. This can result in unauthorized API actions via the victim's session.
8.2 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:8277
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Errata Advisory for Red Hat OpenShift GitOps v1.15.3 security update.",
"title": "Topic"
},
{
"category": "general",
"text": "Errata Advisory for Red Hat OpenShift GitOps 1.15.3 security release.\n\nSecurity Fix(es):\n\n* openshift-gitops-argocd-container: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS) [gitops-1.15](CVE-2025-47933)\n* openshift-gitops-1/argocd-rhel9: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS) [gitops-1.15](CVE-2025-47933)\n* openshift-gitops-1/gitops-operator-bundle: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS) [gitops-1.15](CVE-2025-47933)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:8277",
"url": "https://access.redhat.com/errata/RHSA-2025:8277"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "GITOPS-5977",
"url": "https://issues.redhat.com/browse/GITOPS-5977"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_8277.json"
}
],
"title": "Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.15.3 security update",
"tracking": {
"current_release_date": "2026-02-27T16:40:56+00:00",
"generator": {
"date": "2026-02-27T16:40:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.2"
}
},
"id": "RHSA-2025:8277",
"initial_release_date": "2025-05-28T20:51:24+00:00",
"revision_history": [
{
"date": "2025-05-28T20:51:24+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-05-28T20:51:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-27T16:40:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.15",
"product": {
"name": "Red Hat OpenShift GitOps 1.15",
"product_id": "8Base-GitOps-1.15",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_gitops:1.15::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.15",
"product": {
"name": "Red Hat OpenShift GitOps 1.15",
"product_id": "9Base-GitOps-1.15",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_gitops:1.15::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift GitOps"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:e731d545ad5cb98eb6136de57fce77231ea43a138e8d73f1ad093e59dae2a35d_s390x",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:e731d545ad5cb98eb6136de57fce77231ea43a138e8d73f1ad093e59dae2a35d_s390x",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:e731d545ad5cb98eb6136de57fce77231ea43a138e8d73f1ad093e59dae2a35d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:e731d545ad5cb98eb6136de57fce77231ea43a138e8d73f1ad093e59dae2a35d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.15.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-extensions-rhel8@sha256:b0e9c6058aee36561f551f38244de4877a0aa2a4943364a5c7242e6639200ace_s390x",
"product": {
"name": "openshift-gitops-1/argocd-extensions-rhel8@sha256:b0e9c6058aee36561f551f38244de4877a0aa2a4943364a5c7242e6639200ace_s390x",
"product_id": "openshift-gitops-1/argocd-extensions-rhel8@sha256:b0e9c6058aee36561f551f38244de4877a0aa2a4943364a5c7242e6639200ace_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-extensions-rhel8@sha256:b0e9c6058aee36561f551f38244de4877a0aa2a4943364a5c7242e6639200ace?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8\u0026tag=v1.15.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:b44e58a3c530141ad57f4bf35772825768545e9cf5a8158972fcdb21431ea193_s390x",
"product": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:b44e58a3c530141ad57f4bf35772825768545e9cf5a8158972fcdb21431ea193_s390x",
"product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:b44e58a3c530141ad57f4bf35772825768545e9cf5a8158972fcdb21431ea193_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256:b44e58a3c530141ad57f4bf35772825768545e9cf5a8158972fcdb21431ea193?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.15.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:0173916d9d77cfd8f06b1dd08fec157973279b26adc56ab4fc0627bd4484ab2f_s390x",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:0173916d9d77cfd8f06b1dd08fec157973279b26adc56ab4fc0627bd4484ab2f_s390x",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:0173916d9d77cfd8f06b1dd08fec157973279b26adc56ab4fc0627bd4484ab2f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:0173916d9d77cfd8f06b1dd08fec157973279b26adc56ab4fc0627bd4484ab2f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.15.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:f1b7977f1a32fc101fabb479a44dfedd288c4e9803ec1d6bed3d625251a5f7dc_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:f1b7977f1a32fc101fabb479a44dfedd288c4e9803ec1d6bed3d625251a5f7dc_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:f1b7977f1a32fc101fabb479a44dfedd288c4e9803ec1d6bed3d625251a5f7dc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:f1b7977f1a32fc101fabb479a44dfedd288c4e9803ec1d6bed3d625251a5f7dc?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.15.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:e3ac5bbd4d63c914facfcdf302d32b2be0cda4aa617ced830003ddf21923dd1c_s390x",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:e3ac5bbd4d63c914facfcdf302d32b2be0cda4aa617ced830003ddf21923dd1c_s390x",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:e3ac5bbd4d63c914facfcdf302d32b2be0cda4aa617ced830003ddf21923dd1c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:e3ac5bbd4d63c914facfcdf302d32b2be0cda4aa617ced830003ddf21923dd1c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.15.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/must-gather-rhel8@sha256:cca78c77f32ada9a0ad63261253f1dd07bca33fd4843c23c7a629f2402a4b38d_s390x",
"product": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:cca78c77f32ada9a0ad63261253f1dd07bca33fd4843c23c7a629f2402a4b38d_s390x",
"product_id": "openshift-gitops-1/must-gather-rhel8@sha256:cca78c77f32ada9a0ad63261253f1dd07bca33fd4843c23c7a629f2402a4b38d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256:cca78c77f32ada9a0ad63261253f1dd07bca33fd4843c23c7a629f2402a4b38d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.15.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:8383e1225608de37e5e58157287d28db6f3931489002c934fabd2283f3d6dff2_s390x",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:8383e1225608de37e5e58157287d28db6f3931489002c934fabd2283f3d6dff2_s390x",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:8383e1225608de37e5e58157287d28db6f3931489002c934fabd2283f3d6dff2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:8383e1225608de37e5e58157287d28db6f3931489002c934fabd2283f3d6dff2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.15.3-3"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:4266cdf5fdffd689d2454839e4dce7c1074f3e4f1d2d69795fc241117c88da77_ppc64le",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:4266cdf5fdffd689d2454839e4dce7c1074f3e4f1d2d69795fc241117c88da77_ppc64le",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:4266cdf5fdffd689d2454839e4dce7c1074f3e4f1d2d69795fc241117c88da77_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:4266cdf5fdffd689d2454839e4dce7c1074f3e4f1d2d69795fc241117c88da77?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.15.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-extensions-rhel8@sha256:3ca4f65624276812aeca087d94a7f2647f1f86518df6d91aa2e4ab61d7ddbb78_ppc64le",
"product": {
"name": "openshift-gitops-1/argocd-extensions-rhel8@sha256:3ca4f65624276812aeca087d94a7f2647f1f86518df6d91aa2e4ab61d7ddbb78_ppc64le",
"product_id": "openshift-gitops-1/argocd-extensions-rhel8@sha256:3ca4f65624276812aeca087d94a7f2647f1f86518df6d91aa2e4ab61d7ddbb78_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-extensions-rhel8@sha256:3ca4f65624276812aeca087d94a7f2647f1f86518df6d91aa2e4ab61d7ddbb78?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8\u0026tag=v1.15.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:9bcbb795fe718845891db412d5e0a296a74f08ed063e66f6ddca1b128f0e5e8c_ppc64le",
"product": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:9bcbb795fe718845891db412d5e0a296a74f08ed063e66f6ddca1b128f0e5e8c_ppc64le",
"product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:9bcbb795fe718845891db412d5e0a296a74f08ed063e66f6ddca1b128f0e5e8c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256:9bcbb795fe718845891db412d5e0a296a74f08ed063e66f6ddca1b128f0e5e8c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.15.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:e68c36a3a4d218c3a16ae99ce57fcbf837560a3a9cf2a00e237185be47857fbe_ppc64le",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:e68c36a3a4d218c3a16ae99ce57fcbf837560a3a9cf2a00e237185be47857fbe_ppc64le",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:e68c36a3a4d218c3a16ae99ce57fcbf837560a3a9cf2a00e237185be47857fbe_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:e68c36a3a4d218c3a16ae99ce57fcbf837560a3a9cf2a00e237185be47857fbe?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.15.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:c1a3eb6d9d1c25212eaad76c11fd854ab83caa91d6b314123b10137396dff139_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:c1a3eb6d9d1c25212eaad76c11fd854ab83caa91d6b314123b10137396dff139_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:c1a3eb6d9d1c25212eaad76c11fd854ab83caa91d6b314123b10137396dff139_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:c1a3eb6d9d1c25212eaad76c11fd854ab83caa91d6b314123b10137396dff139?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.15.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:3b3b0c93bbcef63d45169b247a9c3fb2ee6ad88b1dbac4efe0eae19a72aedac1_ppc64le",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:3b3b0c93bbcef63d45169b247a9c3fb2ee6ad88b1dbac4efe0eae19a72aedac1_ppc64le",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:3b3b0c93bbcef63d45169b247a9c3fb2ee6ad88b1dbac4efe0eae19a72aedac1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:3b3b0c93bbcef63d45169b247a9c3fb2ee6ad88b1dbac4efe0eae19a72aedac1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.15.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/must-gather-rhel8@sha256:5e0a86e3d2c8e11f1accb54c094d40549d03e3e59d2604aa18a17e4fcf37e1cc_ppc64le",
"product": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:5e0a86e3d2c8e11f1accb54c094d40549d03e3e59d2604aa18a17e4fcf37e1cc_ppc64le",
"product_id": "openshift-gitops-1/must-gather-rhel8@sha256:5e0a86e3d2c8e11f1accb54c094d40549d03e3e59d2604aa18a17e4fcf37e1cc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256:5e0a86e3d2c8e11f1accb54c094d40549d03e3e59d2604aa18a17e4fcf37e1cc?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.15.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:3449a1f2321ddda4df7b40cfcd81069b3984fe89cc02b0998537ef819116a604_ppc64le",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:3449a1f2321ddda4df7b40cfcd81069b3984fe89cc02b0998537ef819116a604_ppc64le",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:3449a1f2321ddda4df7b40cfcd81069b3984fe89cc02b0998537ef819116a604_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:3449a1f2321ddda4df7b40cfcd81069b3984fe89cc02b0998537ef819116a604?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.15.3-3"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:043fcda29f079dc74d31260a987b761cc892aa916369f2a13a77592358cc2371_amd64",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:043fcda29f079dc74d31260a987b761cc892aa916369f2a13a77592358cc2371_amd64",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:043fcda29f079dc74d31260a987b761cc892aa916369f2a13a77592358cc2371_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:043fcda29f079dc74d31260a987b761cc892aa916369f2a13a77592358cc2371?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.15.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-extensions-rhel8@sha256:f61b8485a0eb8ba0040b8786a5011ca262e23b0c3d2b2392f38ae0cb71b0c565_amd64",
"product": {
"name": "openshift-gitops-1/argocd-extensions-rhel8@sha256:f61b8485a0eb8ba0040b8786a5011ca262e23b0c3d2b2392f38ae0cb71b0c565_amd64",
"product_id": "openshift-gitops-1/argocd-extensions-rhel8@sha256:f61b8485a0eb8ba0040b8786a5011ca262e23b0c3d2b2392f38ae0cb71b0c565_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-extensions-rhel8@sha256:f61b8485a0eb8ba0040b8786a5011ca262e23b0c3d2b2392f38ae0cb71b0c565?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8\u0026tag=v1.15.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel9@sha256:910d1bdb99d53373ffa79bec24f238715ddda9964d700ee4bf53986d33396cb4_amd64",
"product": {
"name": "openshift-gitops-1/argocd-rhel9@sha256:910d1bdb99d53373ffa79bec24f238715ddda9964d700ee4bf53986d33396cb4_amd64",
"product_id": "openshift-gitops-1/argocd-rhel9@sha256:910d1bdb99d53373ffa79bec24f238715ddda9964d700ee4bf53986d33396cb4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel9@sha256:910d1bdb99d53373ffa79bec24f238715ddda9964d700ee4bf53986d33396cb4?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel9\u0026tag=v1.15.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:50ab9013e309d5ea61017d2ced6893fa234a5e251f91054e5b6a320cb3110aea_amd64",
"product": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:50ab9013e309d5ea61017d2ced6893fa234a5e251f91054e5b6a320cb3110aea_amd64",
"product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:50ab9013e309d5ea61017d2ced6893fa234a5e251f91054e5b6a320cb3110aea_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256:50ab9013e309d5ea61017d2ced6893fa234a5e251f91054e5b6a320cb3110aea?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.15.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:6a90dacdb5b2837db151f27b7ed14d7f8f1dde33de769191f26b915fc73cdf31_amd64",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:6a90dacdb5b2837db151f27b7ed14d7f8f1dde33de769191f26b915fc73cdf31_amd64",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:6a90dacdb5b2837db151f27b7ed14d7f8f1dde33de769191f26b915fc73cdf31_amd64",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:6a90dacdb5b2837db151f27b7ed14d7f8f1dde33de769191f26b915fc73cdf31?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.15.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:d99d8c676cce422a58a2db0ebe73ea62d0053f0158fc2ba45cac541823156f96_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:d99d8c676cce422a58a2db0ebe73ea62d0053f0158fc2ba45cac541823156f96_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:d99d8c676cce422a58a2db0ebe73ea62d0053f0158fc2ba45cac541823156f96_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:d99d8c676cce422a58a2db0ebe73ea62d0053f0158fc2ba45cac541823156f96?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.15.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:0d4cd66b25f856b5891924fd4aafcfd732b671d5e48c11c172c7f87c2fbf1281_amd64",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:0d4cd66b25f856b5891924fd4aafcfd732b671d5e48c11c172c7f87c2fbf1281_amd64",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:0d4cd66b25f856b5891924fd4aafcfd732b671d5e48c11c172c7f87c2fbf1281_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:0d4cd66b25f856b5891924fd4aafcfd732b671d5e48c11c172c7f87c2fbf1281?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.15.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/must-gather-rhel8@sha256:f06fe020be910cd9f71fa2a2df80c1ef33bf12c92c7077bdebe05e20680ab622_amd64",
"product": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:f06fe020be910cd9f71fa2a2df80c1ef33bf12c92c7077bdebe05e20680ab622_amd64",
"product_id": "openshift-gitops-1/must-gather-rhel8@sha256:f06fe020be910cd9f71fa2a2df80c1ef33bf12c92c7077bdebe05e20680ab622_amd64",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256:f06fe020be910cd9f71fa2a2df80c1ef33bf12c92c7077bdebe05e20680ab622?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.15.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:13b1f4f62fc296180523178948e3cff2c341041d4612785dfc80f5e0c228f8e3_amd64",
"product": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:13b1f4f62fc296180523178948e3cff2c341041d4612785dfc80f5e0c228f8e3_amd64",
"product_id": "openshift-gitops-1/gitops-operator-bundle@sha256:13b1f4f62fc296180523178948e3cff2c341041d4612785dfc80f5e0c228f8e3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-operator-bundle@sha256:13b1f4f62fc296180523178948e3cff2c341041d4612785dfc80f5e0c228f8e3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-operator-bundle\u0026tag=v1.15.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:d3ed6273e7fc258bc1d7a11ae1f3a0c01da4f0f8061fac089c14964edc8e8a9d_amd64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:d3ed6273e7fc258bc1d7a11ae1f3a0c01da4f0f8061fac089c14964edc8e8a9d_amd64",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:d3ed6273e7fc258bc1d7a11ae1f3a0c01da4f0f8061fac089c14964edc8e8a9d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:d3ed6273e7fc258bc1d7a11ae1f3a0c01da4f0f8061fac089c14964edc8e8a9d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.15.3-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel8@sha256:2ae9f86a78aab91d4cc4b90fd1445fe1dccc5832b250c3a3746f5017626d8194_arm64",
"product": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:2ae9f86a78aab91d4cc4b90fd1445fe1dccc5832b250c3a3746f5017626d8194_arm64",
"product_id": "openshift-gitops-1/argocd-rhel8@sha256:2ae9f86a78aab91d4cc4b90fd1445fe1dccc5832b250c3a3746f5017626d8194_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256:2ae9f86a78aab91d4cc4b90fd1445fe1dccc5832b250c3a3746f5017626d8194?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.15.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-extensions-rhel8@sha256:2a44a47b2e5bb34247b8087f4eef53571a8568ab8ab077ca5347f15d6d0918b8_arm64",
"product": {
"name": "openshift-gitops-1/argocd-extensions-rhel8@sha256:2a44a47b2e5bb34247b8087f4eef53571a8568ab8ab077ca5347f15d6d0918b8_arm64",
"product_id": "openshift-gitops-1/argocd-extensions-rhel8@sha256:2a44a47b2e5bb34247b8087f4eef53571a8568ab8ab077ca5347f15d6d0918b8_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-extensions-rhel8@sha256:2a44a47b2e5bb34247b8087f4eef53571a8568ab8ab077ca5347f15d6d0918b8?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8\u0026tag=v1.15.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argocd-rhel9@sha256:217e0384e2bf4547e8ba9e3c41a48a36a56d0c124b9395873df22986baec74b8_arm64",
"product": {
"name": "openshift-gitops-1/argocd-rhel9@sha256:217e0384e2bf4547e8ba9e3c41a48a36a56d0c124b9395873df22986baec74b8_arm64",
"product_id": "openshift-gitops-1/argocd-rhel9@sha256:217e0384e2bf4547e8ba9e3c41a48a36a56d0c124b9395873df22986baec74b8_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel9@sha256:217e0384e2bf4547e8ba9e3c41a48a36a56d0c124b9395873df22986baec74b8?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel9\u0026tag=v1.15.3-1"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:4c344603d539db58413b0a524b6dc19e4d16a2397127a2c0eee1f844a03fa986_arm64",
"product": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:4c344603d539db58413b0a524b6dc19e4d16a2397127a2c0eee1f844a03fa986_arm64",
"product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:4c344603d539db58413b0a524b6dc19e4d16a2397127a2c0eee1f844a03fa986_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256:4c344603d539db58413b0a524b6dc19e4d16a2397127a2c0eee1f844a03fa986?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.15.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:be8efc14c6a3ca2465f955e029625aa1faa076848780225e06fb8c752726d788_arm64",
"product": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:be8efc14c6a3ca2465f955e029625aa1faa076848780225e06fb8c752726d788_arm64",
"product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:be8efc14c6a3ca2465f955e029625aa1faa076848780225e06fb8c752726d788_arm64",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256:be8efc14c6a3ca2465f955e029625aa1faa076848780225e06fb8c752726d788?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.15.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8@sha256:52b2b85cced911f5b7dd5d34b6f41b19133d90e2fa9a427875f2291d29e4843a_arm64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:52b2b85cced911f5b7dd5d34b6f41b19133d90e2fa9a427875f2291d29e4843a_arm64",
"product_id": "openshift-gitops-1/gitops-rhel8@sha256:52b2b85cced911f5b7dd5d34b6f41b19133d90e2fa9a427875f2291d29e4843a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256:52b2b85cced911f5b7dd5d34b6f41b19133d90e2fa9a427875f2291d29e4843a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.15.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/dex-rhel8@sha256:4a9647a20d639efcfbaf8ed7699d2c1344fc12c99d6947ef3eca8173d97981f8_arm64",
"product": {
"name": "openshift-gitops-1/dex-rhel8@sha256:4a9647a20d639efcfbaf8ed7699d2c1344fc12c99d6947ef3eca8173d97981f8_arm64",
"product_id": "openshift-gitops-1/dex-rhel8@sha256:4a9647a20d639efcfbaf8ed7699d2c1344fc12c99d6947ef3eca8173d97981f8_arm64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256:4a9647a20d639efcfbaf8ed7699d2c1344fc12c99d6947ef3eca8173d97981f8?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.15.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/must-gather-rhel8@sha256:29fae808ed83c7540939f023494b9182f2ee3a9e41826d02bb11c32f38e31922_arm64",
"product": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:29fae808ed83c7540939f023494b9182f2ee3a9e41826d02bb11c32f38e31922_arm64",
"product_id": "openshift-gitops-1/must-gather-rhel8@sha256:29fae808ed83c7540939f023494b9182f2ee3a9e41826d02bb11c32f38e31922_arm64",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256:29fae808ed83c7540939f023494b9182f2ee3a9e41826d02bb11c32f38e31922?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.15.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:adb65cb44f6a9bb46f6bd038dd1b6cf282c4fa18cdb9aa3b3967b530fdb80de9_arm64",
"product": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:adb65cb44f6a9bb46f6bd038dd1b6cf282c4fa18cdb9aa3b3967b530fdb80de9_arm64",
"product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:adb65cb44f6a9bb46f6bd038dd1b6cf282c4fa18cdb9aa3b3967b530fdb80de9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256:adb65cb44f6a9bb46f6bd038dd1b6cf282c4fa18cdb9aa3b3967b530fdb80de9?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.15.3-3"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:4c344603d539db58413b0a524b6dc19e4d16a2397127a2c0eee1f844a03fa986_arm64 as a component of Red Hat OpenShift GitOps 1.15",
"product_id": "8Base-GitOps-1.15:openshift-gitops-1/argo-rollouts-rhel8@sha256:4c344603d539db58413b0a524b6dc19e4d16a2397127a2c0eee1f844a03fa986_arm64"
},
"product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:4c344603d539db58413b0a524b6dc19e4d16a2397127a2c0eee1f844a03fa986_arm64",
"relates_to_product_reference": "8Base-GitOps-1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:50ab9013e309d5ea61017d2ced6893fa234a5e251f91054e5b6a320cb3110aea_amd64 as a component of Red Hat OpenShift GitOps 1.15",
"product_id": "8Base-GitOps-1.15:openshift-gitops-1/argo-rollouts-rhel8@sha256:50ab9013e309d5ea61017d2ced6893fa234a5e251f91054e5b6a320cb3110aea_amd64"
},
"product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:50ab9013e309d5ea61017d2ced6893fa234a5e251f91054e5b6a320cb3110aea_amd64",
"relates_to_product_reference": "8Base-GitOps-1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:9bcbb795fe718845891db412d5e0a296a74f08ed063e66f6ddca1b128f0e5e8c_ppc64le as a component of Red Hat OpenShift GitOps 1.15",
"product_id": "8Base-GitOps-1.15:openshift-gitops-1/argo-rollouts-rhel8@sha256:9bcbb795fe718845891db412d5e0a296a74f08ed063e66f6ddca1b128f0e5e8c_ppc64le"
},
"product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:9bcbb795fe718845891db412d5e0a296a74f08ed063e66f6ddca1b128f0e5e8c_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:b44e58a3c530141ad57f4bf35772825768545e9cf5a8158972fcdb21431ea193_s390x as a component of Red Hat OpenShift GitOps 1.15",
"product_id": "8Base-GitOps-1.15:openshift-gitops-1/argo-rollouts-rhel8@sha256:b44e58a3c530141ad57f4bf35772825768545e9cf5a8158972fcdb21431ea193_s390x"
},
"product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:b44e58a3c530141ad57f4bf35772825768545e9cf5a8158972fcdb21431ea193_s390x",
"relates_to_product_reference": "8Base-GitOps-1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-extensions-rhel8@sha256:2a44a47b2e5bb34247b8087f4eef53571a8568ab8ab077ca5347f15d6d0918b8_arm64 as a component of Red Hat OpenShift GitOps 1.15",
"product_id": "8Base-GitOps-1.15:openshift-gitops-1/argocd-extensions-rhel8@sha256:2a44a47b2e5bb34247b8087f4eef53571a8568ab8ab077ca5347f15d6d0918b8_arm64"
},
"product_reference": "openshift-gitops-1/argocd-extensions-rhel8@sha256:2a44a47b2e5bb34247b8087f4eef53571a8568ab8ab077ca5347f15d6d0918b8_arm64",
"relates_to_product_reference": "8Base-GitOps-1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-extensions-rhel8@sha256:3ca4f65624276812aeca087d94a7f2647f1f86518df6d91aa2e4ab61d7ddbb78_ppc64le as a component of Red Hat OpenShift GitOps 1.15",
"product_id": "8Base-GitOps-1.15:openshift-gitops-1/argocd-extensions-rhel8@sha256:3ca4f65624276812aeca087d94a7f2647f1f86518df6d91aa2e4ab61d7ddbb78_ppc64le"
},
"product_reference": "openshift-gitops-1/argocd-extensions-rhel8@sha256:3ca4f65624276812aeca087d94a7f2647f1f86518df6d91aa2e4ab61d7ddbb78_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-extensions-rhel8@sha256:b0e9c6058aee36561f551f38244de4877a0aa2a4943364a5c7242e6639200ace_s390x as a component of Red Hat OpenShift GitOps 1.15",
"product_id": "8Base-GitOps-1.15:openshift-gitops-1/argocd-extensions-rhel8@sha256:b0e9c6058aee36561f551f38244de4877a0aa2a4943364a5c7242e6639200ace_s390x"
},
"product_reference": "openshift-gitops-1/argocd-extensions-rhel8@sha256:b0e9c6058aee36561f551f38244de4877a0aa2a4943364a5c7242e6639200ace_s390x",
"relates_to_product_reference": "8Base-GitOps-1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-extensions-rhel8@sha256:f61b8485a0eb8ba0040b8786a5011ca262e23b0c3d2b2392f38ae0cb71b0c565_amd64 as a component of Red Hat OpenShift GitOps 1.15",
"product_id": "8Base-GitOps-1.15:openshift-gitops-1/argocd-extensions-rhel8@sha256:f61b8485a0eb8ba0040b8786a5011ca262e23b0c3d2b2392f38ae0cb71b0c565_amd64"
},
"product_reference": "openshift-gitops-1/argocd-extensions-rhel8@sha256:f61b8485a0eb8ba0040b8786a5011ca262e23b0c3d2b2392f38ae0cb71b0c565_amd64",
"relates_to_product_reference": "8Base-GitOps-1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:043fcda29f079dc74d31260a987b761cc892aa916369f2a13a77592358cc2371_amd64 as a component of Red Hat OpenShift GitOps 1.15",
"product_id": "8Base-GitOps-1.15:openshift-gitops-1/argocd-rhel8@sha256:043fcda29f079dc74d31260a987b761cc892aa916369f2a13a77592358cc2371_amd64"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:043fcda29f079dc74d31260a987b761cc892aa916369f2a13a77592358cc2371_amd64",
"relates_to_product_reference": "8Base-GitOps-1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:2ae9f86a78aab91d4cc4b90fd1445fe1dccc5832b250c3a3746f5017626d8194_arm64 as a component of Red Hat OpenShift GitOps 1.15",
"product_id": "8Base-GitOps-1.15:openshift-gitops-1/argocd-rhel8@sha256:2ae9f86a78aab91d4cc4b90fd1445fe1dccc5832b250c3a3746f5017626d8194_arm64"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:2ae9f86a78aab91d4cc4b90fd1445fe1dccc5832b250c3a3746f5017626d8194_arm64",
"relates_to_product_reference": "8Base-GitOps-1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:4266cdf5fdffd689d2454839e4dce7c1074f3e4f1d2d69795fc241117c88da77_ppc64le as a component of Red Hat OpenShift GitOps 1.15",
"product_id": "8Base-GitOps-1.15:openshift-gitops-1/argocd-rhel8@sha256:4266cdf5fdffd689d2454839e4dce7c1074f3e4f1d2d69795fc241117c88da77_ppc64le"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:4266cdf5fdffd689d2454839e4dce7c1074f3e4f1d2d69795fc241117c88da77_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel8@sha256:e731d545ad5cb98eb6136de57fce77231ea43a138e8d73f1ad093e59dae2a35d_s390x as a component of Red Hat OpenShift GitOps 1.15",
"product_id": "8Base-GitOps-1.15:openshift-gitops-1/argocd-rhel8@sha256:e731d545ad5cb98eb6136de57fce77231ea43a138e8d73f1ad093e59dae2a35d_s390x"
},
"product_reference": "openshift-gitops-1/argocd-rhel8@sha256:e731d545ad5cb98eb6136de57fce77231ea43a138e8d73f1ad093e59dae2a35d_s390x",
"relates_to_product_reference": "8Base-GitOps-1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:0173916d9d77cfd8f06b1dd08fec157973279b26adc56ab4fc0627bd4484ab2f_s390x as a component of Red Hat OpenShift GitOps 1.15",
"product_id": "8Base-GitOps-1.15:openshift-gitops-1/console-plugin-rhel8@sha256:0173916d9d77cfd8f06b1dd08fec157973279b26adc56ab4fc0627bd4484ab2f_s390x"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:0173916d9d77cfd8f06b1dd08fec157973279b26adc56ab4fc0627bd4484ab2f_s390x",
"relates_to_product_reference": "8Base-GitOps-1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:6a90dacdb5b2837db151f27b7ed14d7f8f1dde33de769191f26b915fc73cdf31_amd64 as a component of Red Hat OpenShift GitOps 1.15",
"product_id": "8Base-GitOps-1.15:openshift-gitops-1/console-plugin-rhel8@sha256:6a90dacdb5b2837db151f27b7ed14d7f8f1dde33de769191f26b915fc73cdf31_amd64"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:6a90dacdb5b2837db151f27b7ed14d7f8f1dde33de769191f26b915fc73cdf31_amd64",
"relates_to_product_reference": "8Base-GitOps-1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:be8efc14c6a3ca2465f955e029625aa1faa076848780225e06fb8c752726d788_arm64 as a component of Red Hat OpenShift GitOps 1.15",
"product_id": "8Base-GitOps-1.15:openshift-gitops-1/console-plugin-rhel8@sha256:be8efc14c6a3ca2465f955e029625aa1faa076848780225e06fb8c752726d788_arm64"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:be8efc14c6a3ca2465f955e029625aa1faa076848780225e06fb8c752726d788_arm64",
"relates_to_product_reference": "8Base-GitOps-1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/console-plugin-rhel8@sha256:e68c36a3a4d218c3a16ae99ce57fcbf837560a3a9cf2a00e237185be47857fbe_ppc64le as a component of Red Hat OpenShift GitOps 1.15",
"product_id": "8Base-GitOps-1.15:openshift-gitops-1/console-plugin-rhel8@sha256:e68c36a3a4d218c3a16ae99ce57fcbf837560a3a9cf2a00e237185be47857fbe_ppc64le"
},
"product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:e68c36a3a4d218c3a16ae99ce57fcbf837560a3a9cf2a00e237185be47857fbe_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:0d4cd66b25f856b5891924fd4aafcfd732b671d5e48c11c172c7f87c2fbf1281_amd64 as a component of Red Hat OpenShift GitOps 1.15",
"product_id": "8Base-GitOps-1.15:openshift-gitops-1/dex-rhel8@sha256:0d4cd66b25f856b5891924fd4aafcfd732b671d5e48c11c172c7f87c2fbf1281_amd64"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:0d4cd66b25f856b5891924fd4aafcfd732b671d5e48c11c172c7f87c2fbf1281_amd64",
"relates_to_product_reference": "8Base-GitOps-1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:3b3b0c93bbcef63d45169b247a9c3fb2ee6ad88b1dbac4efe0eae19a72aedac1_ppc64le as a component of Red Hat OpenShift GitOps 1.15",
"product_id": "8Base-GitOps-1.15:openshift-gitops-1/dex-rhel8@sha256:3b3b0c93bbcef63d45169b247a9c3fb2ee6ad88b1dbac4efe0eae19a72aedac1_ppc64le"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:3b3b0c93bbcef63d45169b247a9c3fb2ee6ad88b1dbac4efe0eae19a72aedac1_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:4a9647a20d639efcfbaf8ed7699d2c1344fc12c99d6947ef3eca8173d97981f8_arm64 as a component of Red Hat OpenShift GitOps 1.15",
"product_id": "8Base-GitOps-1.15:openshift-gitops-1/dex-rhel8@sha256:4a9647a20d639efcfbaf8ed7699d2c1344fc12c99d6947ef3eca8173d97981f8_arm64"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:4a9647a20d639efcfbaf8ed7699d2c1344fc12c99d6947ef3eca8173d97981f8_arm64",
"relates_to_product_reference": "8Base-GitOps-1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/dex-rhel8@sha256:e3ac5bbd4d63c914facfcdf302d32b2be0cda4aa617ced830003ddf21923dd1c_s390x as a component of Red Hat OpenShift GitOps 1.15",
"product_id": "8Base-GitOps-1.15:openshift-gitops-1/dex-rhel8@sha256:e3ac5bbd4d63c914facfcdf302d32b2be0cda4aa617ced830003ddf21923dd1c_s390x"
},
"product_reference": "openshift-gitops-1/dex-rhel8@sha256:e3ac5bbd4d63c914facfcdf302d32b2be0cda4aa617ced830003ddf21923dd1c_s390x",
"relates_to_product_reference": "8Base-GitOps-1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-operator-bundle@sha256:13b1f4f62fc296180523178948e3cff2c341041d4612785dfc80f5e0c228f8e3_amd64 as a component of Red Hat OpenShift GitOps 1.15",
"product_id": "8Base-GitOps-1.15:openshift-gitops-1/gitops-operator-bundle@sha256:13b1f4f62fc296180523178948e3cff2c341041d4612785dfc80f5e0c228f8e3_amd64"
},
"product_reference": "openshift-gitops-1/gitops-operator-bundle@sha256:13b1f4f62fc296180523178948e3cff2c341041d4612785dfc80f5e0c228f8e3_amd64",
"relates_to_product_reference": "8Base-GitOps-1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:3449a1f2321ddda4df7b40cfcd81069b3984fe89cc02b0998537ef819116a604_ppc64le as a component of Red Hat OpenShift GitOps 1.15",
"product_id": "8Base-GitOps-1.15:openshift-gitops-1/gitops-rhel8-operator@sha256:3449a1f2321ddda4df7b40cfcd81069b3984fe89cc02b0998537ef819116a604_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:3449a1f2321ddda4df7b40cfcd81069b3984fe89cc02b0998537ef819116a604_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:8383e1225608de37e5e58157287d28db6f3931489002c934fabd2283f3d6dff2_s390x as a component of Red Hat OpenShift GitOps 1.15",
"product_id": "8Base-GitOps-1.15:openshift-gitops-1/gitops-rhel8-operator@sha256:8383e1225608de37e5e58157287d28db6f3931489002c934fabd2283f3d6dff2_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:8383e1225608de37e5e58157287d28db6f3931489002c934fabd2283f3d6dff2_s390x",
"relates_to_product_reference": "8Base-GitOps-1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:adb65cb44f6a9bb46f6bd038dd1b6cf282c4fa18cdb9aa3b3967b530fdb80de9_arm64 as a component of Red Hat OpenShift GitOps 1.15",
"product_id": "8Base-GitOps-1.15:openshift-gitops-1/gitops-rhel8-operator@sha256:adb65cb44f6a9bb46f6bd038dd1b6cf282c4fa18cdb9aa3b3967b530fdb80de9_arm64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:adb65cb44f6a9bb46f6bd038dd1b6cf282c4fa18cdb9aa3b3967b530fdb80de9_arm64",
"relates_to_product_reference": "8Base-GitOps-1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8-operator@sha256:d3ed6273e7fc258bc1d7a11ae1f3a0c01da4f0f8061fac089c14964edc8e8a9d_amd64 as a component of Red Hat OpenShift GitOps 1.15",
"product_id": "8Base-GitOps-1.15:openshift-gitops-1/gitops-rhel8-operator@sha256:d3ed6273e7fc258bc1d7a11ae1f3a0c01da4f0f8061fac089c14964edc8e8a9d_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:d3ed6273e7fc258bc1d7a11ae1f3a0c01da4f0f8061fac089c14964edc8e8a9d_amd64",
"relates_to_product_reference": "8Base-GitOps-1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:52b2b85cced911f5b7dd5d34b6f41b19133d90e2fa9a427875f2291d29e4843a_arm64 as a component of Red Hat OpenShift GitOps 1.15",
"product_id": "8Base-GitOps-1.15:openshift-gitops-1/gitops-rhel8@sha256:52b2b85cced911f5b7dd5d34b6f41b19133d90e2fa9a427875f2291d29e4843a_arm64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:52b2b85cced911f5b7dd5d34b6f41b19133d90e2fa9a427875f2291d29e4843a_arm64",
"relates_to_product_reference": "8Base-GitOps-1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:c1a3eb6d9d1c25212eaad76c11fd854ab83caa91d6b314123b10137396dff139_ppc64le as a component of Red Hat OpenShift GitOps 1.15",
"product_id": "8Base-GitOps-1.15:openshift-gitops-1/gitops-rhel8@sha256:c1a3eb6d9d1c25212eaad76c11fd854ab83caa91d6b314123b10137396dff139_ppc64le"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:c1a3eb6d9d1c25212eaad76c11fd854ab83caa91d6b314123b10137396dff139_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:d99d8c676cce422a58a2db0ebe73ea62d0053f0158fc2ba45cac541823156f96_amd64 as a component of Red Hat OpenShift GitOps 1.15",
"product_id": "8Base-GitOps-1.15:openshift-gitops-1/gitops-rhel8@sha256:d99d8c676cce422a58a2db0ebe73ea62d0053f0158fc2ba45cac541823156f96_amd64"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:d99d8c676cce422a58a2db0ebe73ea62d0053f0158fc2ba45cac541823156f96_amd64",
"relates_to_product_reference": "8Base-GitOps-1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/gitops-rhel8@sha256:f1b7977f1a32fc101fabb479a44dfedd288c4e9803ec1d6bed3d625251a5f7dc_s390x as a component of Red Hat OpenShift GitOps 1.15",
"product_id": "8Base-GitOps-1.15:openshift-gitops-1/gitops-rhel8@sha256:f1b7977f1a32fc101fabb479a44dfedd288c4e9803ec1d6bed3d625251a5f7dc_s390x"
},
"product_reference": "openshift-gitops-1/gitops-rhel8@sha256:f1b7977f1a32fc101fabb479a44dfedd288c4e9803ec1d6bed3d625251a5f7dc_s390x",
"relates_to_product_reference": "8Base-GitOps-1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:29fae808ed83c7540939f023494b9182f2ee3a9e41826d02bb11c32f38e31922_arm64 as a component of Red Hat OpenShift GitOps 1.15",
"product_id": "8Base-GitOps-1.15:openshift-gitops-1/must-gather-rhel8@sha256:29fae808ed83c7540939f023494b9182f2ee3a9e41826d02bb11c32f38e31922_arm64"
},
"product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:29fae808ed83c7540939f023494b9182f2ee3a9e41826d02bb11c32f38e31922_arm64",
"relates_to_product_reference": "8Base-GitOps-1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:5e0a86e3d2c8e11f1accb54c094d40549d03e3e59d2604aa18a17e4fcf37e1cc_ppc64le as a component of Red Hat OpenShift GitOps 1.15",
"product_id": "8Base-GitOps-1.15:openshift-gitops-1/must-gather-rhel8@sha256:5e0a86e3d2c8e11f1accb54c094d40549d03e3e59d2604aa18a17e4fcf37e1cc_ppc64le"
},
"product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:5e0a86e3d2c8e11f1accb54c094d40549d03e3e59d2604aa18a17e4fcf37e1cc_ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:cca78c77f32ada9a0ad63261253f1dd07bca33fd4843c23c7a629f2402a4b38d_s390x as a component of Red Hat OpenShift GitOps 1.15",
"product_id": "8Base-GitOps-1.15:openshift-gitops-1/must-gather-rhel8@sha256:cca78c77f32ada9a0ad63261253f1dd07bca33fd4843c23c7a629f2402a4b38d_s390x"
},
"product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:cca78c77f32ada9a0ad63261253f1dd07bca33fd4843c23c7a629f2402a4b38d_s390x",
"relates_to_product_reference": "8Base-GitOps-1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/must-gather-rhel8@sha256:f06fe020be910cd9f71fa2a2df80c1ef33bf12c92c7077bdebe05e20680ab622_amd64 as a component of Red Hat OpenShift GitOps 1.15",
"product_id": "8Base-GitOps-1.15:openshift-gitops-1/must-gather-rhel8@sha256:f06fe020be910cd9f71fa2a2df80c1ef33bf12c92c7077bdebe05e20680ab622_amd64"
},
"product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:f06fe020be910cd9f71fa2a2df80c1ef33bf12c92c7077bdebe05e20680ab622_amd64",
"relates_to_product_reference": "8Base-GitOps-1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel9@sha256:217e0384e2bf4547e8ba9e3c41a48a36a56d0c124b9395873df22986baec74b8_arm64 as a component of Red Hat OpenShift GitOps 1.15",
"product_id": "9Base-GitOps-1.15:openshift-gitops-1/argocd-rhel9@sha256:217e0384e2bf4547e8ba9e3c41a48a36a56d0c124b9395873df22986baec74b8_arm64"
},
"product_reference": "openshift-gitops-1/argocd-rhel9@sha256:217e0384e2bf4547e8ba9e3c41a48a36a56d0c124b9395873df22986baec74b8_arm64",
"relates_to_product_reference": "9Base-GitOps-1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-1/argocd-rhel9@sha256:910d1bdb99d53373ffa79bec24f238715ddda9964d700ee4bf53986d33396cb4_amd64 as a component of Red Hat OpenShift GitOps 1.15",
"product_id": "9Base-GitOps-1.15:openshift-gitops-1/argocd-rhel9@sha256:910d1bdb99d53373ffa79bec24f238715ddda9964d700ee4bf53986d33396cb4_amd64"
},
"product_reference": "openshift-gitops-1/argocd-rhel9@sha256:910d1bdb99d53373ffa79bec24f238715ddda9964d700ee4bf53986d33396cb4_amd64",
"relates_to_product_reference": "9Base-GitOps-1.15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47933",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2025-05-21T07:20:49.941000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367740"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Argo CD, where improper filtering of repository URLs in the UI allows JavaScript injection. A crafted javascript: link can lead to cross-site scripting when viewed by another user. This can result in unauthorized API actions via the victim\u0027s session.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "argocd: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-GitOps-1.15:openshift-gitops-1/argo-rollouts-rhel8@sha256:4c344603d539db58413b0a524b6dc19e4d16a2397127a2c0eee1f844a03fa986_arm64",
"8Base-GitOps-1.15:openshift-gitops-1/argo-rollouts-rhel8@sha256:50ab9013e309d5ea61017d2ced6893fa234a5e251f91054e5b6a320cb3110aea_amd64",
"8Base-GitOps-1.15:openshift-gitops-1/argo-rollouts-rhel8@sha256:9bcbb795fe718845891db412d5e0a296a74f08ed063e66f6ddca1b128f0e5e8c_ppc64le",
"8Base-GitOps-1.15:openshift-gitops-1/argo-rollouts-rhel8@sha256:b44e58a3c530141ad57f4bf35772825768545e9cf5a8158972fcdb21431ea193_s390x",
"8Base-GitOps-1.15:openshift-gitops-1/argocd-extensions-rhel8@sha256:2a44a47b2e5bb34247b8087f4eef53571a8568ab8ab077ca5347f15d6d0918b8_arm64",
"8Base-GitOps-1.15:openshift-gitops-1/argocd-extensions-rhel8@sha256:3ca4f65624276812aeca087d94a7f2647f1f86518df6d91aa2e4ab61d7ddbb78_ppc64le",
"8Base-GitOps-1.15:openshift-gitops-1/argocd-extensions-rhel8@sha256:b0e9c6058aee36561f551f38244de4877a0aa2a4943364a5c7242e6639200ace_s390x",
"8Base-GitOps-1.15:openshift-gitops-1/argocd-extensions-rhel8@sha256:f61b8485a0eb8ba0040b8786a5011ca262e23b0c3d2b2392f38ae0cb71b0c565_amd64",
"8Base-GitOps-1.15:openshift-gitops-1/argocd-rhel8@sha256:043fcda29f079dc74d31260a987b761cc892aa916369f2a13a77592358cc2371_amd64",
"8Base-GitOps-1.15:openshift-gitops-1/argocd-rhel8@sha256:2ae9f86a78aab91d4cc4b90fd1445fe1dccc5832b250c3a3746f5017626d8194_arm64",
"8Base-GitOps-1.15:openshift-gitops-1/argocd-rhel8@sha256:4266cdf5fdffd689d2454839e4dce7c1074f3e4f1d2d69795fc241117c88da77_ppc64le",
"8Base-GitOps-1.15:openshift-gitops-1/argocd-rhel8@sha256:e731d545ad5cb98eb6136de57fce77231ea43a138e8d73f1ad093e59dae2a35d_s390x",
"8Base-GitOps-1.15:openshift-gitops-1/console-plugin-rhel8@sha256:0173916d9d77cfd8f06b1dd08fec157973279b26adc56ab4fc0627bd4484ab2f_s390x",
"8Base-GitOps-1.15:openshift-gitops-1/console-plugin-rhel8@sha256:6a90dacdb5b2837db151f27b7ed14d7f8f1dde33de769191f26b915fc73cdf31_amd64",
"8Base-GitOps-1.15:openshift-gitops-1/console-plugin-rhel8@sha256:be8efc14c6a3ca2465f955e029625aa1faa076848780225e06fb8c752726d788_arm64",
"8Base-GitOps-1.15:openshift-gitops-1/console-plugin-rhel8@sha256:e68c36a3a4d218c3a16ae99ce57fcbf837560a3a9cf2a00e237185be47857fbe_ppc64le",
"8Base-GitOps-1.15:openshift-gitops-1/dex-rhel8@sha256:0d4cd66b25f856b5891924fd4aafcfd732b671d5e48c11c172c7f87c2fbf1281_amd64",
"8Base-GitOps-1.15:openshift-gitops-1/dex-rhel8@sha256:3b3b0c93bbcef63d45169b247a9c3fb2ee6ad88b1dbac4efe0eae19a72aedac1_ppc64le",
"8Base-GitOps-1.15:openshift-gitops-1/dex-rhel8@sha256:4a9647a20d639efcfbaf8ed7699d2c1344fc12c99d6947ef3eca8173d97981f8_arm64",
"8Base-GitOps-1.15:openshift-gitops-1/dex-rhel8@sha256:e3ac5bbd4d63c914facfcdf302d32b2be0cda4aa617ced830003ddf21923dd1c_s390x",
"8Base-GitOps-1.15:openshift-gitops-1/gitops-operator-bundle@sha256:13b1f4f62fc296180523178948e3cff2c341041d4612785dfc80f5e0c228f8e3_amd64",
"8Base-GitOps-1.15:openshift-gitops-1/gitops-rhel8-operator@sha256:3449a1f2321ddda4df7b40cfcd81069b3984fe89cc02b0998537ef819116a604_ppc64le",
"8Base-GitOps-1.15:openshift-gitops-1/gitops-rhel8-operator@sha256:8383e1225608de37e5e58157287d28db6f3931489002c934fabd2283f3d6dff2_s390x",
"8Base-GitOps-1.15:openshift-gitops-1/gitops-rhel8-operator@sha256:adb65cb44f6a9bb46f6bd038dd1b6cf282c4fa18cdb9aa3b3967b530fdb80de9_arm64",
"8Base-GitOps-1.15:openshift-gitops-1/gitops-rhel8-operator@sha256:d3ed6273e7fc258bc1d7a11ae1f3a0c01da4f0f8061fac089c14964edc8e8a9d_amd64",
"8Base-GitOps-1.15:openshift-gitops-1/gitops-rhel8@sha256:52b2b85cced911f5b7dd5d34b6f41b19133d90e2fa9a427875f2291d29e4843a_arm64",
"8Base-GitOps-1.15:openshift-gitops-1/gitops-rhel8@sha256:c1a3eb6d9d1c25212eaad76c11fd854ab83caa91d6b314123b10137396dff139_ppc64le",
"8Base-GitOps-1.15:openshift-gitops-1/gitops-rhel8@sha256:d99d8c676cce422a58a2db0ebe73ea62d0053f0158fc2ba45cac541823156f96_amd64",
"8Base-GitOps-1.15:openshift-gitops-1/gitops-rhel8@sha256:f1b7977f1a32fc101fabb479a44dfedd288c4e9803ec1d6bed3d625251a5f7dc_s390x",
"8Base-GitOps-1.15:openshift-gitops-1/must-gather-rhel8@sha256:29fae808ed83c7540939f023494b9182f2ee3a9e41826d02bb11c32f38e31922_arm64",
"8Base-GitOps-1.15:openshift-gitops-1/must-gather-rhel8@sha256:5e0a86e3d2c8e11f1accb54c094d40549d03e3e59d2604aa18a17e4fcf37e1cc_ppc64le",
"8Base-GitOps-1.15:openshift-gitops-1/must-gather-rhel8@sha256:cca78c77f32ada9a0ad63261253f1dd07bca33fd4843c23c7a629f2402a4b38d_s390x",
"8Base-GitOps-1.15:openshift-gitops-1/must-gather-rhel8@sha256:f06fe020be910cd9f71fa2a2df80c1ef33bf12c92c7077bdebe05e20680ab622_amd64",
"9Base-GitOps-1.15:openshift-gitops-1/argocd-rhel9@sha256:217e0384e2bf4547e8ba9e3c41a48a36a56d0c124b9395873df22986baec74b8_arm64",
"9Base-GitOps-1.15:openshift-gitops-1/argocd-rhel9@sha256:910d1bdb99d53373ffa79bec24f238715ddda9964d700ee4bf53986d33396cb4_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47933"
},
{
"category": "external",
"summary": "RHBZ#2367740",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367740"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47933",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47933"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47933",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47933"
}
],
"release_date": "2025-05-28T14:30:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-28T20:51:24+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-GitOps-1.15:openshift-gitops-1/argo-rollouts-rhel8@sha256:4c344603d539db58413b0a524b6dc19e4d16a2397127a2c0eee1f844a03fa986_arm64",
"8Base-GitOps-1.15:openshift-gitops-1/argo-rollouts-rhel8@sha256:50ab9013e309d5ea61017d2ced6893fa234a5e251f91054e5b6a320cb3110aea_amd64",
"8Base-GitOps-1.15:openshift-gitops-1/argo-rollouts-rhel8@sha256:9bcbb795fe718845891db412d5e0a296a74f08ed063e66f6ddca1b128f0e5e8c_ppc64le",
"8Base-GitOps-1.15:openshift-gitops-1/argo-rollouts-rhel8@sha256:b44e58a3c530141ad57f4bf35772825768545e9cf5a8158972fcdb21431ea193_s390x",
"8Base-GitOps-1.15:openshift-gitops-1/argocd-extensions-rhel8@sha256:2a44a47b2e5bb34247b8087f4eef53571a8568ab8ab077ca5347f15d6d0918b8_arm64",
"8Base-GitOps-1.15:openshift-gitops-1/argocd-extensions-rhel8@sha256:3ca4f65624276812aeca087d94a7f2647f1f86518df6d91aa2e4ab61d7ddbb78_ppc64le",
"8Base-GitOps-1.15:openshift-gitops-1/argocd-extensions-rhel8@sha256:b0e9c6058aee36561f551f38244de4877a0aa2a4943364a5c7242e6639200ace_s390x",
"8Base-GitOps-1.15:openshift-gitops-1/argocd-extensions-rhel8@sha256:f61b8485a0eb8ba0040b8786a5011ca262e23b0c3d2b2392f38ae0cb71b0c565_amd64",
"8Base-GitOps-1.15:openshift-gitops-1/argocd-rhel8@sha256:043fcda29f079dc74d31260a987b761cc892aa916369f2a13a77592358cc2371_amd64",
"8Base-GitOps-1.15:openshift-gitops-1/argocd-rhel8@sha256:2ae9f86a78aab91d4cc4b90fd1445fe1dccc5832b250c3a3746f5017626d8194_arm64",
"8Base-GitOps-1.15:openshift-gitops-1/argocd-rhel8@sha256:4266cdf5fdffd689d2454839e4dce7c1074f3e4f1d2d69795fc241117c88da77_ppc64le",
"8Base-GitOps-1.15:openshift-gitops-1/argocd-rhel8@sha256:e731d545ad5cb98eb6136de57fce77231ea43a138e8d73f1ad093e59dae2a35d_s390x",
"8Base-GitOps-1.15:openshift-gitops-1/console-plugin-rhel8@sha256:0173916d9d77cfd8f06b1dd08fec157973279b26adc56ab4fc0627bd4484ab2f_s390x",
"8Base-GitOps-1.15:openshift-gitops-1/console-plugin-rhel8@sha256:6a90dacdb5b2837db151f27b7ed14d7f8f1dde33de769191f26b915fc73cdf31_amd64",
"8Base-GitOps-1.15:openshift-gitops-1/console-plugin-rhel8@sha256:be8efc14c6a3ca2465f955e029625aa1faa076848780225e06fb8c752726d788_arm64",
"8Base-GitOps-1.15:openshift-gitops-1/console-plugin-rhel8@sha256:e68c36a3a4d218c3a16ae99ce57fcbf837560a3a9cf2a00e237185be47857fbe_ppc64le",
"8Base-GitOps-1.15:openshift-gitops-1/dex-rhel8@sha256:0d4cd66b25f856b5891924fd4aafcfd732b671d5e48c11c172c7f87c2fbf1281_amd64",
"8Base-GitOps-1.15:openshift-gitops-1/dex-rhel8@sha256:3b3b0c93bbcef63d45169b247a9c3fb2ee6ad88b1dbac4efe0eae19a72aedac1_ppc64le",
"8Base-GitOps-1.15:openshift-gitops-1/dex-rhel8@sha256:4a9647a20d639efcfbaf8ed7699d2c1344fc12c99d6947ef3eca8173d97981f8_arm64",
"8Base-GitOps-1.15:openshift-gitops-1/dex-rhel8@sha256:e3ac5bbd4d63c914facfcdf302d32b2be0cda4aa617ced830003ddf21923dd1c_s390x",
"8Base-GitOps-1.15:openshift-gitops-1/gitops-operator-bundle@sha256:13b1f4f62fc296180523178948e3cff2c341041d4612785dfc80f5e0c228f8e3_amd64",
"8Base-GitOps-1.15:openshift-gitops-1/gitops-rhel8-operator@sha256:3449a1f2321ddda4df7b40cfcd81069b3984fe89cc02b0998537ef819116a604_ppc64le",
"8Base-GitOps-1.15:openshift-gitops-1/gitops-rhel8-operator@sha256:8383e1225608de37e5e58157287d28db6f3931489002c934fabd2283f3d6dff2_s390x",
"8Base-GitOps-1.15:openshift-gitops-1/gitops-rhel8-operator@sha256:adb65cb44f6a9bb46f6bd038dd1b6cf282c4fa18cdb9aa3b3967b530fdb80de9_arm64",
"8Base-GitOps-1.15:openshift-gitops-1/gitops-rhel8-operator@sha256:d3ed6273e7fc258bc1d7a11ae1f3a0c01da4f0f8061fac089c14964edc8e8a9d_amd64",
"8Base-GitOps-1.15:openshift-gitops-1/gitops-rhel8@sha256:52b2b85cced911f5b7dd5d34b6f41b19133d90e2fa9a427875f2291d29e4843a_arm64",
"8Base-GitOps-1.15:openshift-gitops-1/gitops-rhel8@sha256:c1a3eb6d9d1c25212eaad76c11fd854ab83caa91d6b314123b10137396dff139_ppc64le",
"8Base-GitOps-1.15:openshift-gitops-1/gitops-rhel8@sha256:d99d8c676cce422a58a2db0ebe73ea62d0053f0158fc2ba45cac541823156f96_amd64",
"8Base-GitOps-1.15:openshift-gitops-1/gitops-rhel8@sha256:f1b7977f1a32fc101fabb479a44dfedd288c4e9803ec1d6bed3d625251a5f7dc_s390x",
"8Base-GitOps-1.15:openshift-gitops-1/must-gather-rhel8@sha256:29fae808ed83c7540939f023494b9182f2ee3a9e41826d02bb11c32f38e31922_arm64",
"8Base-GitOps-1.15:openshift-gitops-1/must-gather-rhel8@sha256:5e0a86e3d2c8e11f1accb54c094d40549d03e3e59d2604aa18a17e4fcf37e1cc_ppc64le",
"8Base-GitOps-1.15:openshift-gitops-1/must-gather-rhel8@sha256:cca78c77f32ada9a0ad63261253f1dd07bca33fd4843c23c7a629f2402a4b38d_s390x",
"8Base-GitOps-1.15:openshift-gitops-1/must-gather-rhel8@sha256:f06fe020be910cd9f71fa2a2df80c1ef33bf12c92c7077bdebe05e20680ab622_amd64",
"9Base-GitOps-1.15:openshift-gitops-1/argocd-rhel9@sha256:217e0384e2bf4547e8ba9e3c41a48a36a56d0c124b9395873df22986baec74b8_arm64",
"9Base-GitOps-1.15:openshift-gitops-1/argocd-rhel9@sha256:910d1bdb99d53373ffa79bec24f238715ddda9964d700ee4bf53986d33396cb4_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8277"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-GitOps-1.15:openshift-gitops-1/argo-rollouts-rhel8@sha256:4c344603d539db58413b0a524b6dc19e4d16a2397127a2c0eee1f844a03fa986_arm64",
"8Base-GitOps-1.15:openshift-gitops-1/argo-rollouts-rhel8@sha256:50ab9013e309d5ea61017d2ced6893fa234a5e251f91054e5b6a320cb3110aea_amd64",
"8Base-GitOps-1.15:openshift-gitops-1/argo-rollouts-rhel8@sha256:9bcbb795fe718845891db412d5e0a296a74f08ed063e66f6ddca1b128f0e5e8c_ppc64le",
"8Base-GitOps-1.15:openshift-gitops-1/argo-rollouts-rhel8@sha256:b44e58a3c530141ad57f4bf35772825768545e9cf5a8158972fcdb21431ea193_s390x",
"8Base-GitOps-1.15:openshift-gitops-1/argocd-extensions-rhel8@sha256:2a44a47b2e5bb34247b8087f4eef53571a8568ab8ab077ca5347f15d6d0918b8_arm64",
"8Base-GitOps-1.15:openshift-gitops-1/argocd-extensions-rhel8@sha256:3ca4f65624276812aeca087d94a7f2647f1f86518df6d91aa2e4ab61d7ddbb78_ppc64le",
"8Base-GitOps-1.15:openshift-gitops-1/argocd-extensions-rhel8@sha256:b0e9c6058aee36561f551f38244de4877a0aa2a4943364a5c7242e6639200ace_s390x",
"8Base-GitOps-1.15:openshift-gitops-1/argocd-extensions-rhel8@sha256:f61b8485a0eb8ba0040b8786a5011ca262e23b0c3d2b2392f38ae0cb71b0c565_amd64",
"8Base-GitOps-1.15:openshift-gitops-1/argocd-rhel8@sha256:043fcda29f079dc74d31260a987b761cc892aa916369f2a13a77592358cc2371_amd64",
"8Base-GitOps-1.15:openshift-gitops-1/argocd-rhel8@sha256:2ae9f86a78aab91d4cc4b90fd1445fe1dccc5832b250c3a3746f5017626d8194_arm64",
"8Base-GitOps-1.15:openshift-gitops-1/argocd-rhel8@sha256:4266cdf5fdffd689d2454839e4dce7c1074f3e4f1d2d69795fc241117c88da77_ppc64le",
"8Base-GitOps-1.15:openshift-gitops-1/argocd-rhel8@sha256:e731d545ad5cb98eb6136de57fce77231ea43a138e8d73f1ad093e59dae2a35d_s390x",
"8Base-GitOps-1.15:openshift-gitops-1/console-plugin-rhel8@sha256:0173916d9d77cfd8f06b1dd08fec157973279b26adc56ab4fc0627bd4484ab2f_s390x",
"8Base-GitOps-1.15:openshift-gitops-1/console-plugin-rhel8@sha256:6a90dacdb5b2837db151f27b7ed14d7f8f1dde33de769191f26b915fc73cdf31_amd64",
"8Base-GitOps-1.15:openshift-gitops-1/console-plugin-rhel8@sha256:be8efc14c6a3ca2465f955e029625aa1faa076848780225e06fb8c752726d788_arm64",
"8Base-GitOps-1.15:openshift-gitops-1/console-plugin-rhel8@sha256:e68c36a3a4d218c3a16ae99ce57fcbf837560a3a9cf2a00e237185be47857fbe_ppc64le",
"8Base-GitOps-1.15:openshift-gitops-1/dex-rhel8@sha256:0d4cd66b25f856b5891924fd4aafcfd732b671d5e48c11c172c7f87c2fbf1281_amd64",
"8Base-GitOps-1.15:openshift-gitops-1/dex-rhel8@sha256:3b3b0c93bbcef63d45169b247a9c3fb2ee6ad88b1dbac4efe0eae19a72aedac1_ppc64le",
"8Base-GitOps-1.15:openshift-gitops-1/dex-rhel8@sha256:4a9647a20d639efcfbaf8ed7699d2c1344fc12c99d6947ef3eca8173d97981f8_arm64",
"8Base-GitOps-1.15:openshift-gitops-1/dex-rhel8@sha256:e3ac5bbd4d63c914facfcdf302d32b2be0cda4aa617ced830003ddf21923dd1c_s390x",
"8Base-GitOps-1.15:openshift-gitops-1/gitops-operator-bundle@sha256:13b1f4f62fc296180523178948e3cff2c341041d4612785dfc80f5e0c228f8e3_amd64",
"8Base-GitOps-1.15:openshift-gitops-1/gitops-rhel8-operator@sha256:3449a1f2321ddda4df7b40cfcd81069b3984fe89cc02b0998537ef819116a604_ppc64le",
"8Base-GitOps-1.15:openshift-gitops-1/gitops-rhel8-operator@sha256:8383e1225608de37e5e58157287d28db6f3931489002c934fabd2283f3d6dff2_s390x",
"8Base-GitOps-1.15:openshift-gitops-1/gitops-rhel8-operator@sha256:adb65cb44f6a9bb46f6bd038dd1b6cf282c4fa18cdb9aa3b3967b530fdb80de9_arm64",
"8Base-GitOps-1.15:openshift-gitops-1/gitops-rhel8-operator@sha256:d3ed6273e7fc258bc1d7a11ae1f3a0c01da4f0f8061fac089c14964edc8e8a9d_amd64",
"8Base-GitOps-1.15:openshift-gitops-1/gitops-rhel8@sha256:52b2b85cced911f5b7dd5d34b6f41b19133d90e2fa9a427875f2291d29e4843a_arm64",
"8Base-GitOps-1.15:openshift-gitops-1/gitops-rhel8@sha256:c1a3eb6d9d1c25212eaad76c11fd854ab83caa91d6b314123b10137396dff139_ppc64le",
"8Base-GitOps-1.15:openshift-gitops-1/gitops-rhel8@sha256:d99d8c676cce422a58a2db0ebe73ea62d0053f0158fc2ba45cac541823156f96_amd64",
"8Base-GitOps-1.15:openshift-gitops-1/gitops-rhel8@sha256:f1b7977f1a32fc101fabb479a44dfedd288c4e9803ec1d6bed3d625251a5f7dc_s390x",
"8Base-GitOps-1.15:openshift-gitops-1/must-gather-rhel8@sha256:29fae808ed83c7540939f023494b9182f2ee3a9e41826d02bb11c32f38e31922_arm64",
"8Base-GitOps-1.15:openshift-gitops-1/must-gather-rhel8@sha256:5e0a86e3d2c8e11f1accb54c094d40549d03e3e59d2604aa18a17e4fcf37e1cc_ppc64le",
"8Base-GitOps-1.15:openshift-gitops-1/must-gather-rhel8@sha256:cca78c77f32ada9a0ad63261253f1dd07bca33fd4843c23c7a629f2402a4b38d_s390x",
"8Base-GitOps-1.15:openshift-gitops-1/must-gather-rhel8@sha256:f06fe020be910cd9f71fa2a2df80c1ef33bf12c92c7077bdebe05e20680ab622_amd64",
"9Base-GitOps-1.15:openshift-gitops-1/argocd-rhel9@sha256:217e0384e2bf4547e8ba9e3c41a48a36a56d0c124b9395873df22986baec74b8_arm64",
"9Base-GitOps-1.15:openshift-gitops-1/argocd-rhel9@sha256:910d1bdb99d53373ffa79bec24f238715ddda9964d700ee4bf53986d33396cb4_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "argocd: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS)"
}
]
}
BDU:2025-06327
Vulnerability from fstec - Published: 28.05.2025
VLAI Severity ?
Title
Уязвимость декларативного инструмента непрерывной доставки GitOps для Kubernetes Argo CD, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю проводить межсайтовые сценарные атаки
Description
Уязвимость декларативного инструмента непрерывной доставки GitOps для Kubernetes Argo CD связана с непринятием мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, проводить межсайтовые сценарные атаки
Severity ?
Vendor
The Linux Foundation
Software Name
Argo CD
Software Version
до 2.13.8 (Argo CD), от 2.14 до 2.14.13 (Argo CD), от 3.0 до 3.0.4 (Argo CD)
Possible Mitigations
Использование рекомендаций:
https://github.com/argoproj/argo-cd/releases/tag/v2.13.8
https://github.com/argoproj/argo-cd/releases/tag/v2.14.13
https://github.com/argoproj/argo-cd/releases/tag/v3.0.4
https://github.com/argoproj/argo-cd/commit/a5b4041a79c54bc7b3d090805d070bcdb9a9e4d1
Reference
https://github.com/argoproj/argo-cd/commit/a5b4041a79c54bc7b3d090805d070bcdb9a9e4d1
https://github.com/argoproj/argo-cd/security/advisories/GHSA-2hj5-g64g-fp6p
CWE
CWE-79
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "The Linux Foundation",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 2.13.8 (Argo CD), \u043e\u0442 2.14 \u0434\u043e 2.14.13 (Argo CD), \u043e\u0442 3.0 \u0434\u043e 3.0.4 (Argo CD)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://github.com/argoproj/argo-cd/releases/tag/v2.13.8\nhttps://github.com/argoproj/argo-cd/releases/tag/v2.14.13\nhttps://github.com/argoproj/argo-cd/releases/tag/v3.0.4\nhttps://github.com/argoproj/argo-cd/commit/a5b4041a79c54bc7b3d090805d070bcdb9a9e4d1",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "28.05.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "03.06.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "03.06.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-06327",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-47933",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Argo CD",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0435\u043a\u043b\u0430\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 \u043d\u0435\u043f\u0440\u0435\u0440\u044b\u0432\u043d\u043e\u0439 \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0438 GitOps \u0434\u043b\u044f Kubernetes Argo CD, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b (\u0438\u043b\u0438 \\\u00ab\u041c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u0430\u044f \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u0430\u044f \u0430\u0442\u0430\u043a\u0430\\\u00bb) (CWE-79)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0435\u043a\u043b\u0430\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 \u043d\u0435\u043f\u0440\u0435\u0440\u044b\u0432\u043d\u043e\u0439 \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0438 GitOps \u0434\u043b\u044f Kubernetes Argo CD \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/argoproj/argo-cd/commit/a5b4041a79c54bc7b3d090805d070bcdb9a9e4d1\t\nhttps://github.com/argoproj/argo-cd/security/advisories/GHSA-2hj5-g64g-fp6p",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-79",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9)"
}
OPENSUSE-SU-2025:15188-1
Vulnerability from csaf_opensuse - Published: 2025-06-01 00:00 - Updated: 2025-06-01 00:00Summary
govulncheck-vulndb-0.0.20250529T205903-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: govulncheck-vulndb-0.0.20250529T205903-1.1 on GA media
Description of the patch: These are all security issues fixed in the govulncheck-vulndb-0.0.20250529T205903-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15188
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.2 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.1 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "govulncheck-vulndb-0.0.20250529T205903-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the govulncheck-vulndb-0.0.20250529T205903-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15188",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15188-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:15188-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5W5NDYFJCKVTB2UYZO6OSRFA7RGWGHY3/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:15188-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5W5NDYFJCKVTB2UYZO6OSRFA7RGWGHY3/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4057 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47933 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47933/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47952 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47952/"
}
],
"title": "govulncheck-vulndb-0.0.20250529T205903-1.1 on GA media",
"tracking": {
"current_release_date": "2025-06-01T00:00:00Z",
"generator": {
"date": "2025-06-01T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15188-1",
"initial_release_date": "2025-06-01T00:00:00Z",
"revision_history": [
{
"date": "2025-06-01T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64",
"product": {
"name": "govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64",
"product_id": "govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le",
"product": {
"name": "govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le",
"product_id": "govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250529T205903-1.1.s390x",
"product": {
"name": "govulncheck-vulndb-0.0.20250529T205903-1.1.s390x",
"product_id": "govulncheck-vulndb-0.0.20250529T205903-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64",
"product": {
"name": "govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64",
"product_id": "govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64"
},
"product_reference": "govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le"
},
"product_reference": "govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250529T205903-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.s390x"
},
"product_reference": "govulncheck-vulndb-0.0.20250529T205903-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64"
},
"product_reference": "govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4057"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4057",
"url": "https://www.suse.com/security/cve/CVE-2025-4057"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-01T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-4057"
},
{
"cve": "CVE-2025-47933",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47933"
}
],
"notes": [
{
"category": "general",
"text": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacker can perform arbitrary actions on behalf of the victim via the API. Due to the improper filtering of URL protocols in the repository page, an attacker can achieve cross-site scripting with permission to edit the repository. This issue has been patched in versions 2.13.8, 2.14.13, and 3.0.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47933",
"url": "https://www.suse.com/security/cve/CVE-2025-47933"
},
{
"category": "external",
"summary": "SUSE Bug 1243791 for CVE-2025-47933",
"url": "https://bugzilla.suse.com/1243791"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-01T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-47933"
},
{
"cve": "CVE-2025-47952",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47952"
}
],
"notes": [
{
"category": "general",
"text": "Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a URL encoded string in its path, it\u0027s possible to target a backend, exposed using another router, by-passing the middlewares chain. This issue has been patched in versions 2.11.25 and 3.4.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47952",
"url": "https://www.suse.com/security/cve/CVE-2025-47952"
},
{
"category": "external",
"summary": "SUSE Bug 1243818 for CVE-2025-47952",
"url": "https://bugzilla.suse.com/1243818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-01T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2025-47952"
}
]
}
FKIE_CVE-2025-47933
Vulnerability from fkie_nvd - Published: 2025-05-29 20:15 - Updated: 2025-08-27 02:28
Severity ?
9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacker can perform arbitrary actions on behalf of the victim via the API. Due to the improper filtering of URL protocols in the repository page, an attacker can achieve cross-site scripting with permission to edit the repository. This issue has been patched in versions 2.13.8, 2.14.13, and 3.0.4.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEB6AB4D-CAF5-43BF-9362-35FA59D22980",
"versionEndExcluding": "2.13.8",
"versionStartIncluding": "1.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8AA903B-D9F7-4678-B437-2210CE881CD0",
"versionEndExcluding": "2.14.13",
"versionStartIncluding": "2.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E53FAABC-D715-451D-ABAE-F04B19AA99CD",
"versionEndExcluding": "3.0.4",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argoproj:argo_cd:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BA998D51-81E0-475F-8ABE-1CB42F848B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argoproj:argo_cd:1.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "47306D25-C476-4E30-BEA7-0151CF31F5D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacker can perform arbitrary actions on behalf of the victim via the API. Due to the improper filtering of URL protocols in the repository page, an attacker can achieve cross-site scripting with permission to edit the repository. This issue has been patched in versions 2.13.8, 2.14.13, and 3.0.4."
},
{
"lang": "es",
"value": "Argo CD es una herramienta declarativa de entrega continua de GitOps para Kubernetes. En versiones anteriores a las 2.13.8, 2.14.13 y 3.0.4, un atacante pod\u00eda realizar acciones arbitrarias en nombre de la v\u00edctima a trav\u00e9s de la API. Debido al filtrado incorrecto de los protocolos de URL en la p\u00e1gina del repositorio, un atacante puede realizar ataques de cross-site scripting con permiso para editar el repositorio. Este problema se ha corregido en las versiones 2.13.8, 2.14.13 y 3.0.4."
}
],
"id": "CVE-2025-47933",
"lastModified": "2025-08-27T02:28:01.647",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-05-29T20:15:27.473",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/argoproj/argo-cd/commit/a5b4041a79c54bc7b3d090805d070bcdb9a9e4d1"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2hj5-g64g-fp6p"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…