Action not permitted
Modal body text goes here.
cve-2023-40025
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:24:54.647Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-c8xw-vjgf-94hr", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-c8xw-vjgf-94hr" }, { "name": "https://github.com/argoproj/argo-cd/commit/e047efa8f9518c54d00d2e4493b64bc4dba98478", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/argoproj/argo-cd/commit/e047efa8f9518c54d00d2e4493b64bc4dba98478" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-40025", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-01T15:07:03.559942Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-01T15:52:16.513Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "argo-cd", "vendor": "argoproj", "versions": [ { "status": "affected", "version": "\u003e= 2.6.0, \u003c 2.6.14" }, { "status": "affected", "version": "\u003e= 2.7.0, \u003c 2.7.12" }, { "status": "affected", "version": "= 2.8.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting from version 2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The most straightforward scenario is when a user opens the terminal view and leaves it open for an extended period. This allows the user to view sensitive information even when they should have been logged out already. A patch for this vulnerability has been released in the following Argo CD versions: 2.6.14, 2.7.12 and 2.8.1.\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-613", "description": "CWE-613: Insufficient Session Expiration", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-23T19:12:04.016Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-c8xw-vjgf-94hr", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-c8xw-vjgf-94hr" }, { "name": "https://github.com/argoproj/argo-cd/commit/e047efa8f9518c54d00d2e4493b64bc4dba98478", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/argoproj/argo-cd/commit/e047efa8f9518c54d00d2e4493b64bc4dba98478" } ], "source": { "advisory": "GHSA-c8xw-vjgf-94hr", "discovery": "UNKNOWN" }, "title": "Argo CD web terminal session doesn\u0027t expire" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-40025", "datePublished": "2023-08-23T19:12:04.016Z", "dateReserved": "2023-08-08T13:46:25.243Z", "dateUpdated": "2024-10-01T15:52:16.513Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-40025\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-08-23T20:15:08.840\",\"lastModified\":\"2024-11-21T08:18:32.910\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting from version 2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The most straightforward scenario is when a user opens the terminal view and leaves it open for an extended period. This allows the user to view sensitive information even when they should have been logged out already. A patch for this vulnerability has been released in the following Argo CD versions: 2.6.14, 2.7.12 and 2.8.1.\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":4.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.2,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":4.2}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-613\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.6.0\",\"versionEndIncluding\":\"2.6.13\",\"matchCriteriaId\":\"316930B4-4145-46DF-943A-43651156FDE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:argoproj:argo_cd:2.7.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9938B5C-EE20-4A62-9B8E-41383E910FE9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:argoproj:argo_cd:2.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68291857-5E5C-40AB-8A9F-9E675606B306\"}]}]}],\"references\":[{\"url\":\"https://github.com/argoproj/argo-cd/commit/e047efa8f9518c54d00d2e4493b64bc4dba98478\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/argoproj/argo-cd/security/advisories/GHSA-c8xw-vjgf-94hr\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/argoproj/argo-cd/commit/e047efa8f9518c54d00d2e4493b64bc4dba98478\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/argoproj/argo-cd/security/advisories/GHSA-c8xw-vjgf-94hr\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}" } }
ghsa-c8xw-vjgf-94hr
Vulnerability from github
Impact
All versions of Argo CD starting from v2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The most straightforward scenario is when a user opens the terminal view and leaves it open for an extended period. This allows the user to view sensitive information even when they should have been logged out already.
Patches
A patch for this vulnerability has been released in the following Argo CD version:
- v2.6.14
- v2.7.12
- v2.8.1
Workarounds
The only way to completely resolve the issue is to upgrade.
Mitigations
Disable web-based terminal or define RBAC rules to it https://argo-cd.readthedocs.io/en/latest/operator-manual/web_based_terminal/
For more information
If you have any questions or comments about this advisory: * Open an issue in the Argo CD issue tracker or discussions * Join us on Slack in channel #argo-cd
Credits
Thank you to bean.zhang (@zhlu32 ) of HIT-IDS ChunkL Team who discovered the issue and reported it confidentially according to our guidelines.
{ "affected": [ { "package": { "ecosystem": "Go", "name": "github.com/argoproj/argo-cd" }, "ranges": [ { "events": [ { "introduced": "2.6.0" }, { "fixed": "2.6.14" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Go", "name": "github.com/argoproj/argo-cd" }, "ranges": [ { "events": [ { "introduced": "2.7.0" }, { "fixed": "2.7.12" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Go", "name": "github.com/argoproj/argo-cd" }, "ranges": [ { "events": [ { "introduced": "2.8.0" }, { "fixed": "2.8.1" } ], "type": "ECOSYSTEM" } ], "versions": [ "2.8.0" ] } ], "aliases": [ "CVE-2023-40025" ], "database_specific": { "cwe_ids": [ "CWE-613" ], "github_reviewed": true, "github_reviewed_at": "2023-08-23T17:50:41Z", "nvd_published_at": "2023-08-23T20:15:08Z", "severity": "HIGH" }, "details": "### Impact\nAll versions of Argo CD starting from v2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The most straightforward scenario is when a user opens the terminal view and leaves it open for an extended period. This allows the user to view sensitive information even when they should have been logged out already.\n\n### Patches\nA patch for this vulnerability has been released in the following Argo CD version:\n\n* v2.6.14\n* v2.7.12\n* v2.8.1\n\n### Workarounds\nThe only way to completely resolve the issue is to upgrade.\n\n#### Mitigations\nDisable web-based terminal or define RBAC rules to it\n[https://argo-cd.readthedocs.io/en/latest/operator-manual/web_based_terminal/](https://argo-cd.readthedocs.io/en/latest/operator-manual/web_based_terminal/)\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [the Argo CD issue tracker](https://github.com/argoproj/argo-cd/issues) or [discussions](https://github.com/argoproj/argo-cd/discussions)\n* Join us on [Slack](https://argoproj.github.io/community/join-slack) in channel #argo-cd\n\n### Credits\n\nThank you to bean.zhang (@zhlu32 ) of HIT-IDS ChunkL Team who discovered the issue and reported it confidentially according to our [guidelines](https://github.com/argoproj/argo-cd/blob/master/SECURITY.md#reporting-a-vulnerability).", "id": "GHSA-c8xw-vjgf-94hr", "modified": "2023-08-31T00:03:04Z", "published": "2023-08-23T17:50:41Z", "references": [ { "type": "WEB", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-c8xw-vjgf-94hr" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40025" }, { "type": "WEB", "url": "https://github.com/argoproj/argo-cd/commit/e047efa8f9518c54d00d2e4493b64bc4dba98478" }, { "type": "PACKAGE", "url": "https://github.com/argoproj/argo-cd" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "type": "CVSS_V3" } ], "summary": "Argo CD web terminal session doesn\u0027t expire" }
wid-sec-w-2024-1718
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat OpenShift ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Sonstiges\n- UNIX", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-1718 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1718.json" }, { "category": "self", "summary": "WID-SEC-2024-1718 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1718" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2024-07-28", "url": "https://access.redhat.com/errata/RHSA-2024:4891" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:4972 vom 2024-08-01", "url": "https://access.redhat.com/errata/RHSA-2024:4972" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:4973 vom 2024-08-01", "url": "https://access.redhat.com/errata/RHSA-2024:4973" } ], "source_lang": "en-US", "title": "Red Hat OpenShift (GitOps): Schwachstelle erm\u00f6glicht Denial of Service", "tracking": { "current_release_date": "2024-08-01T22:00:00.000+00:00", "generator": { "date": "2024-08-15T18:11:46.557+00:00", "engine": { "name": "BSI-WID", "version": "1.3.5" } }, "id": "WID-SEC-W-2024-1718", "initial_release_date": "2024-07-28T22:00:00.000+00:00", "revision_history": [ { "date": "2024-07-28T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-07-29T22:00:00.000+00:00", "number": "2", "summary": "Produktversion angepasst" }, { "date": "2024-08-01T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } }, { "branches": [ { "category": "product_version_range", "name": "GitOps \u003c1.13.1", "product": { "name": "Red Hat OpenShift GitOps \u003c1.13.1", "product_id": "T036500" } } ], "category": "product_name", "name": "OpenShift" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-40025", "notes": [ { "category": "description", "text": "Es besteht eine Schwachstelle in Red Hat OpenShift GitOps. Diese Fehler betrifft die Argo-CD-Komponente aufgrund einer unsachgem\u00e4\u00dfen Behandlung gro\u00dfer JSON-Payloads am /api/webhook-Endpunkt, was zu einer \u00fcberm\u00e4\u00dfigen Zuweisung von Speicher f\u00fchrt. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-07-28T22:00:00.000+00:00", "title": "CVE-2023-40025" }, { "cve": "CVE-2024-40634", "notes": [ { "category": "description", "text": "Es besteht eine Schwachstelle in Red Hat OpenShift GitOps. Diese Fehler betrifft die Argo-CD-Komponente aufgrund einer unsachgem\u00e4\u00dfen Behandlung gro\u00dfer JSON-Payloads am /api/webhook-Endpunkt, was zu einer \u00fcberm\u00e4\u00dfigen Zuweisung von Speicher f\u00fchrt. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-07-28T22:00:00.000+00:00", "title": "CVE-2024-40634" } ] }
rhsa-2024_4972
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat OpenShift GitOps v1.11.7. Red Hat\nProduct Security has rated this update as having a security impact of Important.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Errata Advisory for Red Hat OpenShift GitOps v1.11.7.\n\nSecurity Fix(es):\n\n* openshift-gitops-argocd-container: Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in Argo CD [gitops-1.11](CVE-2024-40634)\n* openshift-gitops-container: Argo CD web terminal session doesn\u0027t expire [gitops-1.11](CVE-2023-40025)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:4972", "url": "https://access.redhat.com/errata/RHSA-2024:4972" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4972.json" } ], "title": "Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.11.7 security update", "tracking": { "current_release_date": "2024-11-24T17:19:33+00:00", "generator": { "date": "2024-11-24T17:19:33+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2024:4972", "initial_release_date": "2024-08-01T10:48:26+00:00", "revision_history": [ { "date": "2024-08-01T10:48:26+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-08-01T10:48:26+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-24T17:19:33+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift GitOps 1.11", "product": { "name": "Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_gitops:1.11::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift GitOps" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-1/argocd-rhel8@sha256:ea0181fdffaea17edf31b32830075f33e5bd7e5e951fb12c7734a3beb5fb6a12_amd64", "product": { "name": "openshift-gitops-1/argocd-rhel8@sha256:ea0181fdffaea17edf31b32830075f33e5bd7e5e951fb12c7734a3beb5fb6a12_amd64", "product_id": "openshift-gitops-1/argocd-rhel8@sha256:ea0181fdffaea17edf31b32830075f33e5bd7e5e951fb12c7734a3beb5fb6a12_amd64", "product_identification_helper": { "purl": "pkg:oci/argocd-rhel8@sha256:ea0181fdffaea17edf31b32830075f33e5bd7e5e951fb12c7734a3beb5fb6a12?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.11.7-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:9ae9beb8a3c1c4ace3f2c37d230416cf52426816105a3b9ea759bb5b7de5547a_amd64", "product": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:9ae9beb8a3c1c4ace3f2c37d230416cf52426816105a3b9ea759bb5b7de5547a_amd64", "product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:9ae9beb8a3c1c4ace3f2c37d230416cf52426816105a3b9ea759bb5b7de5547a_amd64", "product_identification_helper": { "purl": "pkg:oci/argo-rollouts-rhel8@sha256:9ae9beb8a3c1c4ace3f2c37d230416cf52426816105a3b9ea759bb5b7de5547a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.11.7-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/console-plugin-rhel8@sha256:3f6354df560a086dd2d3d066bb316fa29b2f90409664352da5b4d5379b1bd59a_amd64", "product": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:3f6354df560a086dd2d3d066bb316fa29b2f90409664352da5b4d5379b1bd59a_amd64", "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:3f6354df560a086dd2d3d066bb316fa29b2f90409664352da5b4d5379b1bd59a_amd64", "product_identification_helper": { "purl": "pkg:oci/console-plugin-rhel8@sha256:3f6354df560a086dd2d3d066bb316fa29b2f90409664352da5b4d5379b1bd59a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.11.7-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8@sha256:5de8d57c81bc70b3112cd331dfa701f1bc995eba8568a1cf71c4390538efaf06_amd64", "product": { "name": "openshift-gitops-1/gitops-rhel8@sha256:5de8d57c81bc70b3112cd331dfa701f1bc995eba8568a1cf71c4390538efaf06_amd64", "product_id": "openshift-gitops-1/gitops-rhel8@sha256:5de8d57c81bc70b3112cd331dfa701f1bc995eba8568a1cf71c4390538efaf06_amd64", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8@sha256:5de8d57c81bc70b3112cd331dfa701f1bc995eba8568a1cf71c4390538efaf06?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.11.7-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/dex-rhel8@sha256:07bd1d4c9625d632c25f9b26f5afab0a0b385a01ceda8262a20d63d9380363c0_amd64", "product": { "name": "openshift-gitops-1/dex-rhel8@sha256:07bd1d4c9625d632c25f9b26f5afab0a0b385a01ceda8262a20d63d9380363c0_amd64", "product_id": "openshift-gitops-1/dex-rhel8@sha256:07bd1d4c9625d632c25f9b26f5afab0a0b385a01ceda8262a20d63d9380363c0_amd64", "product_identification_helper": { "purl": "pkg:oci/dex-rhel8@sha256:07bd1d4c9625d632c25f9b26f5afab0a0b385a01ceda8262a20d63d9380363c0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.11.7-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:dfd515876281d0eeffa51ad725bda5c48da3a9225f5e577e41a0aec58614a582_amd64", "product": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:dfd515876281d0eeffa51ad725bda5c48da3a9225f5e577e41a0aec58614a582_amd64", "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:dfd515876281d0eeffa51ad725bda5c48da3a9225f5e577e41a0aec58614a582_amd64", "product_identification_helper": { "purl": "pkg:oci/kam-delivery-rhel8@sha256:dfd515876281d0eeffa51ad725bda5c48da3a9225f5e577e41a0aec58614a582?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.11.7-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/must-gather-rhel8@sha256:68edbdcbd72a6ccf7d07d04e148227673ad34c8add04d9ab4770f4bbf3937974_amd64", "product": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:68edbdcbd72a6ccf7d07d04e148227673ad34c8add04d9ab4770f4bbf3937974_amd64", "product_id": "openshift-gitops-1/must-gather-rhel8@sha256:68edbdcbd72a6ccf7d07d04e148227673ad34c8add04d9ab4770f4bbf3937974_amd64", "product_identification_helper": { "purl": "pkg:oci/must-gather-rhel8@sha256:68edbdcbd72a6ccf7d07d04e148227673ad34c8add04d9ab4770f4bbf3937974?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.11.7-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-operator-bundle@sha256:8d786bb519f9caa8c56b5a1de9bbfa92161f697644329114af3af5f324797787_amd64", "product": { "name": "openshift-gitops-1/gitops-operator-bundle@sha256:8d786bb519f9caa8c56b5a1de9bbfa92161f697644329114af3af5f324797787_amd64", "product_id": "openshift-gitops-1/gitops-operator-bundle@sha256:8d786bb519f9caa8c56b5a1de9bbfa92161f697644329114af3af5f324797787_amd64", "product_identification_helper": { "purl": "pkg:oci/gitops-operator-bundle@sha256:8d786bb519f9caa8c56b5a1de9bbfa92161f697644329114af3af5f324797787?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-operator-bundle\u0026tag=v1.11.7-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:2da7b90a1c514f1d86d90b6f546c26480377d6f752deca9ae6bc3d23ff3bb991_amd64", "product": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:2da7b90a1c514f1d86d90b6f546c26480377d6f752deca9ae6bc3d23ff3bb991_amd64", "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:2da7b90a1c514f1d86d90b6f546c26480377d6f752deca9ae6bc3d23ff3bb991_amd64", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8-operator@sha256:2da7b90a1c514f1d86d90b6f546c26480377d6f752deca9ae6bc3d23ff3bb991?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.11.7-2" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-1/argocd-rhel8@sha256:fb0f944ef8c85fdd51e9d4ffa785217436989bb9388935392b9743f6c0157fb4_arm64", "product": { "name": "openshift-gitops-1/argocd-rhel8@sha256:fb0f944ef8c85fdd51e9d4ffa785217436989bb9388935392b9743f6c0157fb4_arm64", "product_id": "openshift-gitops-1/argocd-rhel8@sha256:fb0f944ef8c85fdd51e9d4ffa785217436989bb9388935392b9743f6c0157fb4_arm64", "product_identification_helper": { "purl": "pkg:oci/argocd-rhel8@sha256:fb0f944ef8c85fdd51e9d4ffa785217436989bb9388935392b9743f6c0157fb4?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.11.7-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:5b5783216e793d74aad31abaa18e644f21ce645e736c6e4faaf061c51ffced18_arm64", "product": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:5b5783216e793d74aad31abaa18e644f21ce645e736c6e4faaf061c51ffced18_arm64", "product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:5b5783216e793d74aad31abaa18e644f21ce645e736c6e4faaf061c51ffced18_arm64", "product_identification_helper": { "purl": "pkg:oci/argo-rollouts-rhel8@sha256:5b5783216e793d74aad31abaa18e644f21ce645e736c6e4faaf061c51ffced18?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.11.7-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/console-plugin-rhel8@sha256:b059fed1e6cbdfa744ca40f63eebd7852918e60f6e63a56e6c4c8b47cfb7297a_arm64", "product": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:b059fed1e6cbdfa744ca40f63eebd7852918e60f6e63a56e6c4c8b47cfb7297a_arm64", "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:b059fed1e6cbdfa744ca40f63eebd7852918e60f6e63a56e6c4c8b47cfb7297a_arm64", "product_identification_helper": { "purl": "pkg:oci/console-plugin-rhel8@sha256:b059fed1e6cbdfa744ca40f63eebd7852918e60f6e63a56e6c4c8b47cfb7297a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.11.7-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8@sha256:f26223d724c39de4b86d1abf3db446b38fdcd7231323f8ffe34a11f2a4db033c_arm64", "product": { "name": "openshift-gitops-1/gitops-rhel8@sha256:f26223d724c39de4b86d1abf3db446b38fdcd7231323f8ffe34a11f2a4db033c_arm64", "product_id": "openshift-gitops-1/gitops-rhel8@sha256:f26223d724c39de4b86d1abf3db446b38fdcd7231323f8ffe34a11f2a4db033c_arm64", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8@sha256:f26223d724c39de4b86d1abf3db446b38fdcd7231323f8ffe34a11f2a4db033c?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.11.7-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/dex-rhel8@sha256:c6339f1ca0a031eedc1f77755f84c10bc096603c62e4d41266c1f57c723a5fe8_arm64", "product": { "name": "openshift-gitops-1/dex-rhel8@sha256:c6339f1ca0a031eedc1f77755f84c10bc096603c62e4d41266c1f57c723a5fe8_arm64", "product_id": "openshift-gitops-1/dex-rhel8@sha256:c6339f1ca0a031eedc1f77755f84c10bc096603c62e4d41266c1f57c723a5fe8_arm64", "product_identification_helper": { "purl": "pkg:oci/dex-rhel8@sha256:c6339f1ca0a031eedc1f77755f84c10bc096603c62e4d41266c1f57c723a5fe8?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.11.7-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:71532e658e81a9daeb5d84c29851a56b8fe1b20f7a38bd3783002d0f3f611272_arm64", "product": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:71532e658e81a9daeb5d84c29851a56b8fe1b20f7a38bd3783002d0f3f611272_arm64", "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:71532e658e81a9daeb5d84c29851a56b8fe1b20f7a38bd3783002d0f3f611272_arm64", "product_identification_helper": { "purl": "pkg:oci/kam-delivery-rhel8@sha256:71532e658e81a9daeb5d84c29851a56b8fe1b20f7a38bd3783002d0f3f611272?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.11.7-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/must-gather-rhel8@sha256:3b669408440a2e15c285e62c20656198c7f0caecc04d2f10b4abcc649fddf887_arm64", "product": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:3b669408440a2e15c285e62c20656198c7f0caecc04d2f10b4abcc649fddf887_arm64", "product_id": "openshift-gitops-1/must-gather-rhel8@sha256:3b669408440a2e15c285e62c20656198c7f0caecc04d2f10b4abcc649fddf887_arm64", "product_identification_helper": { "purl": "pkg:oci/must-gather-rhel8@sha256:3b669408440a2e15c285e62c20656198c7f0caecc04d2f10b4abcc649fddf887?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.11.7-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:7eed2ed5c7db8a702917e5f989a4742be3d0e63dc41a3ac6e2dd9d8a2ef586ec_arm64", "product": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:7eed2ed5c7db8a702917e5f989a4742be3d0e63dc41a3ac6e2dd9d8a2ef586ec_arm64", "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:7eed2ed5c7db8a702917e5f989a4742be3d0e63dc41a3ac6e2dd9d8a2ef586ec_arm64", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8-operator@sha256:7eed2ed5c7db8a702917e5f989a4742be3d0e63dc41a3ac6e2dd9d8a2ef586ec?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.11.7-2" } } } ], "category": "architecture", "name": "arm64" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-1/argocd-rhel8@sha256:f209de3c136c821251fb8e892250c79ab47c02bc7b4f773b280aeef9acacbe41_s390x", "product": { "name": "openshift-gitops-1/argocd-rhel8@sha256:f209de3c136c821251fb8e892250c79ab47c02bc7b4f773b280aeef9acacbe41_s390x", "product_id": "openshift-gitops-1/argocd-rhel8@sha256:f209de3c136c821251fb8e892250c79ab47c02bc7b4f773b280aeef9acacbe41_s390x", "product_identification_helper": { "purl": "pkg:oci/argocd-rhel8@sha256:f209de3c136c821251fb8e892250c79ab47c02bc7b4f773b280aeef9acacbe41?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.11.7-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:31fadc4e401db9f7af9d06100dba0999525940a1ccb256dd0befcfd80f427c90_s390x", "product": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:31fadc4e401db9f7af9d06100dba0999525940a1ccb256dd0befcfd80f427c90_s390x", "product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:31fadc4e401db9f7af9d06100dba0999525940a1ccb256dd0befcfd80f427c90_s390x", "product_identification_helper": { "purl": "pkg:oci/argo-rollouts-rhel8@sha256:31fadc4e401db9f7af9d06100dba0999525940a1ccb256dd0befcfd80f427c90?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.11.7-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/console-plugin-rhel8@sha256:bef56e9030b779020fd4d424af1c4da8bcdf46a89d1d5505cacda5aba17b3f5f_s390x", "product": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:bef56e9030b779020fd4d424af1c4da8bcdf46a89d1d5505cacda5aba17b3f5f_s390x", "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:bef56e9030b779020fd4d424af1c4da8bcdf46a89d1d5505cacda5aba17b3f5f_s390x", "product_identification_helper": { "purl": "pkg:oci/console-plugin-rhel8@sha256:bef56e9030b779020fd4d424af1c4da8bcdf46a89d1d5505cacda5aba17b3f5f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.11.7-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8@sha256:3adcc88984e8c288ecd8a0ae3b3a3dbf6e6d9260432bc934772060bd4d477d70_s390x", "product": { "name": "openshift-gitops-1/gitops-rhel8@sha256:3adcc88984e8c288ecd8a0ae3b3a3dbf6e6d9260432bc934772060bd4d477d70_s390x", "product_id": "openshift-gitops-1/gitops-rhel8@sha256:3adcc88984e8c288ecd8a0ae3b3a3dbf6e6d9260432bc934772060bd4d477d70_s390x", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8@sha256:3adcc88984e8c288ecd8a0ae3b3a3dbf6e6d9260432bc934772060bd4d477d70?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.11.7-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/dex-rhel8@sha256:d668d7dd535b8bd007d6d9c667a847aadd4184e60bff23c13710034d99b4cb78_s390x", "product": { "name": "openshift-gitops-1/dex-rhel8@sha256:d668d7dd535b8bd007d6d9c667a847aadd4184e60bff23c13710034d99b4cb78_s390x", "product_id": "openshift-gitops-1/dex-rhel8@sha256:d668d7dd535b8bd007d6d9c667a847aadd4184e60bff23c13710034d99b4cb78_s390x", "product_identification_helper": { "purl": "pkg:oci/dex-rhel8@sha256:d668d7dd535b8bd007d6d9c667a847aadd4184e60bff23c13710034d99b4cb78?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.11.7-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:f69026a41ac59c45855de3575b70fe94821f74686abf92125f9d0ef28918db9d_s390x", "product": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:f69026a41ac59c45855de3575b70fe94821f74686abf92125f9d0ef28918db9d_s390x", "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:f69026a41ac59c45855de3575b70fe94821f74686abf92125f9d0ef28918db9d_s390x", "product_identification_helper": { "purl": "pkg:oci/kam-delivery-rhel8@sha256:f69026a41ac59c45855de3575b70fe94821f74686abf92125f9d0ef28918db9d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.11.7-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/must-gather-rhel8@sha256:1f066935b3a9de1add896aa3c17da8918afd418669bb541a25b27708dd9752cd_s390x", "product": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:1f066935b3a9de1add896aa3c17da8918afd418669bb541a25b27708dd9752cd_s390x", "product_id": "openshift-gitops-1/must-gather-rhel8@sha256:1f066935b3a9de1add896aa3c17da8918afd418669bb541a25b27708dd9752cd_s390x", "product_identification_helper": { "purl": "pkg:oci/must-gather-rhel8@sha256:1f066935b3a9de1add896aa3c17da8918afd418669bb541a25b27708dd9752cd?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.11.7-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:16c13cf844a266006ca6242a13be9e5d3a1f57b561fbc0eb4fd22914a0297913_s390x", "product": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:16c13cf844a266006ca6242a13be9e5d3a1f57b561fbc0eb4fd22914a0297913_s390x", "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:16c13cf844a266006ca6242a13be9e5d3a1f57b561fbc0eb4fd22914a0297913_s390x", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8-operator@sha256:16c13cf844a266006ca6242a13be9e5d3a1f57b561fbc0eb4fd22914a0297913?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.11.7-2" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-1/argocd-rhel8@sha256:dbd4a26ceb74570bb3d3b4b9ef911f6d8c14c2affdd4627fcf666bdbf88b922b_ppc64le", "product": { "name": "openshift-gitops-1/argocd-rhel8@sha256:dbd4a26ceb74570bb3d3b4b9ef911f6d8c14c2affdd4627fcf666bdbf88b922b_ppc64le", "product_id": "openshift-gitops-1/argocd-rhel8@sha256:dbd4a26ceb74570bb3d3b4b9ef911f6d8c14c2affdd4627fcf666bdbf88b922b_ppc64le", "product_identification_helper": { "purl": "pkg:oci/argocd-rhel8@sha256:dbd4a26ceb74570bb3d3b4b9ef911f6d8c14c2affdd4627fcf666bdbf88b922b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.11.7-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:09a25a05e5d7e786beb2aeb2900cdf9d9b7318a87065539d818d48ca12097efb_ppc64le", "product": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:09a25a05e5d7e786beb2aeb2900cdf9d9b7318a87065539d818d48ca12097efb_ppc64le", "product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:09a25a05e5d7e786beb2aeb2900cdf9d9b7318a87065539d818d48ca12097efb_ppc64le", "product_identification_helper": { "purl": "pkg:oci/argo-rollouts-rhel8@sha256:09a25a05e5d7e786beb2aeb2900cdf9d9b7318a87065539d818d48ca12097efb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.11.7-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/console-plugin-rhel8@sha256:826924158016a472f215b2154a3b71b0bb45dcb5faee4009023a9ff91b80fbc7_ppc64le", "product": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:826924158016a472f215b2154a3b71b0bb45dcb5faee4009023a9ff91b80fbc7_ppc64le", "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:826924158016a472f215b2154a3b71b0bb45dcb5faee4009023a9ff91b80fbc7_ppc64le", "product_identification_helper": { "purl": "pkg:oci/console-plugin-rhel8@sha256:826924158016a472f215b2154a3b71b0bb45dcb5faee4009023a9ff91b80fbc7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.11.7-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8@sha256:b6ce0737682b89998c094db766d464eaac7717f4af6df87fb927d74892ac9056_ppc64le", "product": { "name": "openshift-gitops-1/gitops-rhel8@sha256:b6ce0737682b89998c094db766d464eaac7717f4af6df87fb927d74892ac9056_ppc64le", "product_id": "openshift-gitops-1/gitops-rhel8@sha256:b6ce0737682b89998c094db766d464eaac7717f4af6df87fb927d74892ac9056_ppc64le", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8@sha256:b6ce0737682b89998c094db766d464eaac7717f4af6df87fb927d74892ac9056?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.11.7-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/dex-rhel8@sha256:aa363327f2abce3c55dd7343c1024d0f46826e8d4da66126e63181702542352c_ppc64le", "product": { "name": "openshift-gitops-1/dex-rhel8@sha256:aa363327f2abce3c55dd7343c1024d0f46826e8d4da66126e63181702542352c_ppc64le", "product_id": "openshift-gitops-1/dex-rhel8@sha256:aa363327f2abce3c55dd7343c1024d0f46826e8d4da66126e63181702542352c_ppc64le", "product_identification_helper": { "purl": "pkg:oci/dex-rhel8@sha256:aa363327f2abce3c55dd7343c1024d0f46826e8d4da66126e63181702542352c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.11.7-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:523305513ec6ea969620607c0bf5bea96eb192b14dec0d5660cbc28dae9f9552_ppc64le", "product": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:523305513ec6ea969620607c0bf5bea96eb192b14dec0d5660cbc28dae9f9552_ppc64le", "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:523305513ec6ea969620607c0bf5bea96eb192b14dec0d5660cbc28dae9f9552_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kam-delivery-rhel8@sha256:523305513ec6ea969620607c0bf5bea96eb192b14dec0d5660cbc28dae9f9552?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.11.7-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/must-gather-rhel8@sha256:c3b22b39fccff18999ae7c11ea239f8ca2189b18e8c9ab770e81c35ba6a02632_ppc64le", "product": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:c3b22b39fccff18999ae7c11ea239f8ca2189b18e8c9ab770e81c35ba6a02632_ppc64le", "product_id": "openshift-gitops-1/must-gather-rhel8@sha256:c3b22b39fccff18999ae7c11ea239f8ca2189b18e8c9ab770e81c35ba6a02632_ppc64le", "product_identification_helper": { "purl": "pkg:oci/must-gather-rhel8@sha256:c3b22b39fccff18999ae7c11ea239f8ca2189b18e8c9ab770e81c35ba6a02632?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.11.7-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:f269a0edec8e132ca4a8bbc8c2fcec5bbe8b992c6f4fb731f4f457f0881e95eb_ppc64le", "product": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:f269a0edec8e132ca4a8bbc8c2fcec5bbe8b992c6f4fb731f4f457f0881e95eb_ppc64le", "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:f269a0edec8e132ca4a8bbc8c2fcec5bbe8b992c6f4fb731f4f457f0881e95eb_ppc64le", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8-operator@sha256:f269a0edec8e132ca4a8bbc8c2fcec5bbe8b992c6f4fb731f4f457f0881e95eb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.11.7-2" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:09a25a05e5d7e786beb2aeb2900cdf9d9b7318a87065539d818d48ca12097efb_ppc64le as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:09a25a05e5d7e786beb2aeb2900cdf9d9b7318a87065539d818d48ca12097efb_ppc64le" }, "product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:09a25a05e5d7e786beb2aeb2900cdf9d9b7318a87065539d818d48ca12097efb_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:31fadc4e401db9f7af9d06100dba0999525940a1ccb256dd0befcfd80f427c90_s390x as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:31fadc4e401db9f7af9d06100dba0999525940a1ccb256dd0befcfd80f427c90_s390x" }, "product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:31fadc4e401db9f7af9d06100dba0999525940a1ccb256dd0befcfd80f427c90_s390x", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:5b5783216e793d74aad31abaa18e644f21ce645e736c6e4faaf061c51ffced18_arm64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:5b5783216e793d74aad31abaa18e644f21ce645e736c6e4faaf061c51ffced18_arm64" }, "product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:5b5783216e793d74aad31abaa18e644f21ce645e736c6e4faaf061c51ffced18_arm64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:9ae9beb8a3c1c4ace3f2c37d230416cf52426816105a3b9ea759bb5b7de5547a_amd64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:9ae9beb8a3c1c4ace3f2c37d230416cf52426816105a3b9ea759bb5b7de5547a_amd64" }, "product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:9ae9beb8a3c1c4ace3f2c37d230416cf52426816105a3b9ea759bb5b7de5547a_amd64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argocd-rhel8@sha256:dbd4a26ceb74570bb3d3b4b9ef911f6d8c14c2affdd4627fcf666bdbf88b922b_ppc64le as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:dbd4a26ceb74570bb3d3b4b9ef911f6d8c14c2affdd4627fcf666bdbf88b922b_ppc64le" }, "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:dbd4a26ceb74570bb3d3b4b9ef911f6d8c14c2affdd4627fcf666bdbf88b922b_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argocd-rhel8@sha256:ea0181fdffaea17edf31b32830075f33e5bd7e5e951fb12c7734a3beb5fb6a12_amd64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:ea0181fdffaea17edf31b32830075f33e5bd7e5e951fb12c7734a3beb5fb6a12_amd64" }, "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:ea0181fdffaea17edf31b32830075f33e5bd7e5e951fb12c7734a3beb5fb6a12_amd64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argocd-rhel8@sha256:f209de3c136c821251fb8e892250c79ab47c02bc7b4f773b280aeef9acacbe41_s390x as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:f209de3c136c821251fb8e892250c79ab47c02bc7b4f773b280aeef9acacbe41_s390x" }, "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:f209de3c136c821251fb8e892250c79ab47c02bc7b4f773b280aeef9acacbe41_s390x", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argocd-rhel8@sha256:fb0f944ef8c85fdd51e9d4ffa785217436989bb9388935392b9743f6c0157fb4_arm64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fb0f944ef8c85fdd51e9d4ffa785217436989bb9388935392b9743f6c0157fb4_arm64" }, "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:fb0f944ef8c85fdd51e9d4ffa785217436989bb9388935392b9743f6c0157fb4_arm64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:3f6354df560a086dd2d3d066bb316fa29b2f90409664352da5b4d5379b1bd59a_amd64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:3f6354df560a086dd2d3d066bb316fa29b2f90409664352da5b4d5379b1bd59a_amd64" }, "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:3f6354df560a086dd2d3d066bb316fa29b2f90409664352da5b4d5379b1bd59a_amd64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:826924158016a472f215b2154a3b71b0bb45dcb5faee4009023a9ff91b80fbc7_ppc64le as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:826924158016a472f215b2154a3b71b0bb45dcb5faee4009023a9ff91b80fbc7_ppc64le" }, "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:826924158016a472f215b2154a3b71b0bb45dcb5faee4009023a9ff91b80fbc7_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:b059fed1e6cbdfa744ca40f63eebd7852918e60f6e63a56e6c4c8b47cfb7297a_arm64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:b059fed1e6cbdfa744ca40f63eebd7852918e60f6e63a56e6c4c8b47cfb7297a_arm64" }, "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:b059fed1e6cbdfa744ca40f63eebd7852918e60f6e63a56e6c4c8b47cfb7297a_arm64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:bef56e9030b779020fd4d424af1c4da8bcdf46a89d1d5505cacda5aba17b3f5f_s390x as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:bef56e9030b779020fd4d424af1c4da8bcdf46a89d1d5505cacda5aba17b3f5f_s390x" }, "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:bef56e9030b779020fd4d424af1c4da8bcdf46a89d1d5505cacda5aba17b3f5f_s390x", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/dex-rhel8@sha256:07bd1d4c9625d632c25f9b26f5afab0a0b385a01ceda8262a20d63d9380363c0_amd64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:07bd1d4c9625d632c25f9b26f5afab0a0b385a01ceda8262a20d63d9380363c0_amd64" }, "product_reference": "openshift-gitops-1/dex-rhel8@sha256:07bd1d4c9625d632c25f9b26f5afab0a0b385a01ceda8262a20d63d9380363c0_amd64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/dex-rhel8@sha256:aa363327f2abce3c55dd7343c1024d0f46826e8d4da66126e63181702542352c_ppc64le as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:aa363327f2abce3c55dd7343c1024d0f46826e8d4da66126e63181702542352c_ppc64le" }, "product_reference": "openshift-gitops-1/dex-rhel8@sha256:aa363327f2abce3c55dd7343c1024d0f46826e8d4da66126e63181702542352c_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/dex-rhel8@sha256:c6339f1ca0a031eedc1f77755f84c10bc096603c62e4d41266c1f57c723a5fe8_arm64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:c6339f1ca0a031eedc1f77755f84c10bc096603c62e4d41266c1f57c723a5fe8_arm64" }, "product_reference": "openshift-gitops-1/dex-rhel8@sha256:c6339f1ca0a031eedc1f77755f84c10bc096603c62e4d41266c1f57c723a5fe8_arm64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/dex-rhel8@sha256:d668d7dd535b8bd007d6d9c667a847aadd4184e60bff23c13710034d99b4cb78_s390x as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:d668d7dd535b8bd007d6d9c667a847aadd4184e60bff23c13710034d99b4cb78_s390x" }, "product_reference": "openshift-gitops-1/dex-rhel8@sha256:d668d7dd535b8bd007d6d9c667a847aadd4184e60bff23c13710034d99b4cb78_s390x", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-operator-bundle@sha256:8d786bb519f9caa8c56b5a1de9bbfa92161f697644329114af3af5f324797787_amd64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/gitops-operator-bundle@sha256:8d786bb519f9caa8c56b5a1de9bbfa92161f697644329114af3af5f324797787_amd64" }, "product_reference": "openshift-gitops-1/gitops-operator-bundle@sha256:8d786bb519f9caa8c56b5a1de9bbfa92161f697644329114af3af5f324797787_amd64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:16c13cf844a266006ca6242a13be9e5d3a1f57b561fbc0eb4fd22914a0297913_s390x as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:16c13cf844a266006ca6242a13be9e5d3a1f57b561fbc0eb4fd22914a0297913_s390x" }, "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:16c13cf844a266006ca6242a13be9e5d3a1f57b561fbc0eb4fd22914a0297913_s390x", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:2da7b90a1c514f1d86d90b6f546c26480377d6f752deca9ae6bc3d23ff3bb991_amd64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:2da7b90a1c514f1d86d90b6f546c26480377d6f752deca9ae6bc3d23ff3bb991_amd64" }, "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:2da7b90a1c514f1d86d90b6f546c26480377d6f752deca9ae6bc3d23ff3bb991_amd64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:7eed2ed5c7db8a702917e5f989a4742be3d0e63dc41a3ac6e2dd9d8a2ef586ec_arm64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:7eed2ed5c7db8a702917e5f989a4742be3d0e63dc41a3ac6e2dd9d8a2ef586ec_arm64" }, "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:7eed2ed5c7db8a702917e5f989a4742be3d0e63dc41a3ac6e2dd9d8a2ef586ec_arm64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:f269a0edec8e132ca4a8bbc8c2fcec5bbe8b992c6f4fb731f4f457f0881e95eb_ppc64le as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:f269a0edec8e132ca4a8bbc8c2fcec5bbe8b992c6f4fb731f4f457f0881e95eb_ppc64le" }, "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:f269a0edec8e132ca4a8bbc8c2fcec5bbe8b992c6f4fb731f4f457f0881e95eb_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8@sha256:3adcc88984e8c288ecd8a0ae3b3a3dbf6e6d9260432bc934772060bd4d477d70_s390x as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:3adcc88984e8c288ecd8a0ae3b3a3dbf6e6d9260432bc934772060bd4d477d70_s390x" }, "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:3adcc88984e8c288ecd8a0ae3b3a3dbf6e6d9260432bc934772060bd4d477d70_s390x", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8@sha256:5de8d57c81bc70b3112cd331dfa701f1bc995eba8568a1cf71c4390538efaf06_amd64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:5de8d57c81bc70b3112cd331dfa701f1bc995eba8568a1cf71c4390538efaf06_amd64" }, "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:5de8d57c81bc70b3112cd331dfa701f1bc995eba8568a1cf71c4390538efaf06_amd64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8@sha256:b6ce0737682b89998c094db766d464eaac7717f4af6df87fb927d74892ac9056_ppc64le as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:b6ce0737682b89998c094db766d464eaac7717f4af6df87fb927d74892ac9056_ppc64le" }, "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:b6ce0737682b89998c094db766d464eaac7717f4af6df87fb927d74892ac9056_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8@sha256:f26223d724c39de4b86d1abf3db446b38fdcd7231323f8ffe34a11f2a4db033c_arm64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f26223d724c39de4b86d1abf3db446b38fdcd7231323f8ffe34a11f2a4db033c_arm64" }, "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:f26223d724c39de4b86d1abf3db446b38fdcd7231323f8ffe34a11f2a4db033c_arm64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:523305513ec6ea969620607c0bf5bea96eb192b14dec0d5660cbc28dae9f9552_ppc64le as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:523305513ec6ea969620607c0bf5bea96eb192b14dec0d5660cbc28dae9f9552_ppc64le" }, "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:523305513ec6ea969620607c0bf5bea96eb192b14dec0d5660cbc28dae9f9552_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:71532e658e81a9daeb5d84c29851a56b8fe1b20f7a38bd3783002d0f3f611272_arm64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:71532e658e81a9daeb5d84c29851a56b8fe1b20f7a38bd3783002d0f3f611272_arm64" }, "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:71532e658e81a9daeb5d84c29851a56b8fe1b20f7a38bd3783002d0f3f611272_arm64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:dfd515876281d0eeffa51ad725bda5c48da3a9225f5e577e41a0aec58614a582_amd64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:dfd515876281d0eeffa51ad725bda5c48da3a9225f5e577e41a0aec58614a582_amd64" }, "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:dfd515876281d0eeffa51ad725bda5c48da3a9225f5e577e41a0aec58614a582_amd64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:f69026a41ac59c45855de3575b70fe94821f74686abf92125f9d0ef28918db9d_s390x as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:f69026a41ac59c45855de3575b70fe94821f74686abf92125f9d0ef28918db9d_s390x" }, "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:f69026a41ac59c45855de3575b70fe94821f74686abf92125f9d0ef28918db9d_s390x", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:1f066935b3a9de1add896aa3c17da8918afd418669bb541a25b27708dd9752cd_s390x as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:1f066935b3a9de1add896aa3c17da8918afd418669bb541a25b27708dd9752cd_s390x" }, "product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:1f066935b3a9de1add896aa3c17da8918afd418669bb541a25b27708dd9752cd_s390x", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:3b669408440a2e15c285e62c20656198c7f0caecc04d2f10b4abcc649fddf887_arm64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:3b669408440a2e15c285e62c20656198c7f0caecc04d2f10b4abcc649fddf887_arm64" }, "product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:3b669408440a2e15c285e62c20656198c7f0caecc04d2f10b4abcc649fddf887_arm64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:68edbdcbd72a6ccf7d07d04e148227673ad34c8add04d9ab4770f4bbf3937974_amd64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:68edbdcbd72a6ccf7d07d04e148227673ad34c8add04d9ab4770f4bbf3937974_amd64" }, "product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:68edbdcbd72a6ccf7d07d04e148227673ad34c8add04d9ab4770f4bbf3937974_amd64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:c3b22b39fccff18999ae7c11ea239f8ca2189b18e8c9ab770e81c35ba6a02632_ppc64le as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:c3b22b39fccff18999ae7c11ea239f8ca2189b18e8c9ab770e81c35ba6a02632_ppc64le" }, "product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:c3b22b39fccff18999ae7c11ea239f8ca2189b18e8c9ab770e81c35ba6a02632_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.11" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-40025", "cwe": { "id": "CWE-613", "name": "Insufficient Session Expiration" }, "discovery_date": "2024-07-30T04:26:12+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2301445" } ], "notes": [ { "category": "description", "text": "A flaw was found in Argo CD. Affected versions of Argo CD have a bug where open web terminal sessions do not expire. This bug allows users to send WebSocket messages even if the token has expired. The most straightforward scenario occurs when a user opens the terminal view and leaves it open for an extended period. This flaw allows users to view sensitive information even after logging out.", "title": "Vulnerability description" }, { "category": "summary", "text": "argo-cd: Argo CD web terminal session doesn\u0027t expire", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:09a25a05e5d7e786beb2aeb2900cdf9d9b7318a87065539d818d48ca12097efb_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:31fadc4e401db9f7af9d06100dba0999525940a1ccb256dd0befcfd80f427c90_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:5b5783216e793d74aad31abaa18e644f21ce645e736c6e4faaf061c51ffced18_arm64", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:9ae9beb8a3c1c4ace3f2c37d230416cf52426816105a3b9ea759bb5b7de5547a_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:dbd4a26ceb74570bb3d3b4b9ef911f6d8c14c2affdd4627fcf666bdbf88b922b_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:ea0181fdffaea17edf31b32830075f33e5bd7e5e951fb12c7734a3beb5fb6a12_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:f209de3c136c821251fb8e892250c79ab47c02bc7b4f773b280aeef9acacbe41_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fb0f944ef8c85fdd51e9d4ffa785217436989bb9388935392b9743f6c0157fb4_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:3f6354df560a086dd2d3d066bb316fa29b2f90409664352da5b4d5379b1bd59a_amd64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:826924158016a472f215b2154a3b71b0bb45dcb5faee4009023a9ff91b80fbc7_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:b059fed1e6cbdfa744ca40f63eebd7852918e60f6e63a56e6c4c8b47cfb7297a_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:bef56e9030b779020fd4d424af1c4da8bcdf46a89d1d5505cacda5aba17b3f5f_s390x", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:07bd1d4c9625d632c25f9b26f5afab0a0b385a01ceda8262a20d63d9380363c0_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:aa363327f2abce3c55dd7343c1024d0f46826e8d4da66126e63181702542352c_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:c6339f1ca0a031eedc1f77755f84c10bc096603c62e4d41266c1f57c723a5fe8_arm64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:d668d7dd535b8bd007d6d9c667a847aadd4184e60bff23c13710034d99b4cb78_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-operator-bundle@sha256:8d786bb519f9caa8c56b5a1de9bbfa92161f697644329114af3af5f324797787_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:16c13cf844a266006ca6242a13be9e5d3a1f57b561fbc0eb4fd22914a0297913_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:2da7b90a1c514f1d86d90b6f546c26480377d6f752deca9ae6bc3d23ff3bb991_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:7eed2ed5c7db8a702917e5f989a4742be3d0e63dc41a3ac6e2dd9d8a2ef586ec_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:f269a0edec8e132ca4a8bbc8c2fcec5bbe8b992c6f4fb731f4f457f0881e95eb_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:3adcc88984e8c288ecd8a0ae3b3a3dbf6e6d9260432bc934772060bd4d477d70_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:5de8d57c81bc70b3112cd331dfa701f1bc995eba8568a1cf71c4390538efaf06_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:b6ce0737682b89998c094db766d464eaac7717f4af6df87fb927d74892ac9056_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f26223d724c39de4b86d1abf3db446b38fdcd7231323f8ffe34a11f2a4db033c_arm64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:523305513ec6ea969620607c0bf5bea96eb192b14dec0d5660cbc28dae9f9552_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:71532e658e81a9daeb5d84c29851a56b8fe1b20f7a38bd3783002d0f3f611272_arm64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:dfd515876281d0eeffa51ad725bda5c48da3a9225f5e577e41a0aec58614a582_amd64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:f69026a41ac59c45855de3575b70fe94821f74686abf92125f9d0ef28918db9d_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:1f066935b3a9de1add896aa3c17da8918afd418669bb541a25b27708dd9752cd_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:3b669408440a2e15c285e62c20656198c7f0caecc04d2f10b4abcc649fddf887_arm64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:68edbdcbd72a6ccf7d07d04e148227673ad34c8add04d9ab4770f4bbf3937974_amd64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:c3b22b39fccff18999ae7c11ea239f8ca2189b18e8c9ab770e81c35ba6a02632_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-40025" }, { "category": "external", "summary": "RHBZ#2301445", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301445" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-40025", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40025" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40025", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40025" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-c8xw-vjgf-94hr", "url": "https://github.com/advisories/GHSA-c8xw-vjgf-94hr" } ], "release_date": "2023-08-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-08-01T10:48:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:09a25a05e5d7e786beb2aeb2900cdf9d9b7318a87065539d818d48ca12097efb_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:31fadc4e401db9f7af9d06100dba0999525940a1ccb256dd0befcfd80f427c90_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:5b5783216e793d74aad31abaa18e644f21ce645e736c6e4faaf061c51ffced18_arm64", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:9ae9beb8a3c1c4ace3f2c37d230416cf52426816105a3b9ea759bb5b7de5547a_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:dbd4a26ceb74570bb3d3b4b9ef911f6d8c14c2affdd4627fcf666bdbf88b922b_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:ea0181fdffaea17edf31b32830075f33e5bd7e5e951fb12c7734a3beb5fb6a12_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:f209de3c136c821251fb8e892250c79ab47c02bc7b4f773b280aeef9acacbe41_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fb0f944ef8c85fdd51e9d4ffa785217436989bb9388935392b9743f6c0157fb4_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:3f6354df560a086dd2d3d066bb316fa29b2f90409664352da5b4d5379b1bd59a_amd64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:826924158016a472f215b2154a3b71b0bb45dcb5faee4009023a9ff91b80fbc7_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:b059fed1e6cbdfa744ca40f63eebd7852918e60f6e63a56e6c4c8b47cfb7297a_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:bef56e9030b779020fd4d424af1c4da8bcdf46a89d1d5505cacda5aba17b3f5f_s390x", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:07bd1d4c9625d632c25f9b26f5afab0a0b385a01ceda8262a20d63d9380363c0_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:aa363327f2abce3c55dd7343c1024d0f46826e8d4da66126e63181702542352c_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:c6339f1ca0a031eedc1f77755f84c10bc096603c62e4d41266c1f57c723a5fe8_arm64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:d668d7dd535b8bd007d6d9c667a847aadd4184e60bff23c13710034d99b4cb78_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-operator-bundle@sha256:8d786bb519f9caa8c56b5a1de9bbfa92161f697644329114af3af5f324797787_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:16c13cf844a266006ca6242a13be9e5d3a1f57b561fbc0eb4fd22914a0297913_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:2da7b90a1c514f1d86d90b6f546c26480377d6f752deca9ae6bc3d23ff3bb991_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:7eed2ed5c7db8a702917e5f989a4742be3d0e63dc41a3ac6e2dd9d8a2ef586ec_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:f269a0edec8e132ca4a8bbc8c2fcec5bbe8b992c6f4fb731f4f457f0881e95eb_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:3adcc88984e8c288ecd8a0ae3b3a3dbf6e6d9260432bc934772060bd4d477d70_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:5de8d57c81bc70b3112cd331dfa701f1bc995eba8568a1cf71c4390538efaf06_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:b6ce0737682b89998c094db766d464eaac7717f4af6df87fb927d74892ac9056_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f26223d724c39de4b86d1abf3db446b38fdcd7231323f8ffe34a11f2a4db033c_arm64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:523305513ec6ea969620607c0bf5bea96eb192b14dec0d5660cbc28dae9f9552_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:71532e658e81a9daeb5d84c29851a56b8fe1b20f7a38bd3783002d0f3f611272_arm64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:dfd515876281d0eeffa51ad725bda5c48da3a9225f5e577e41a0aec58614a582_amd64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:f69026a41ac59c45855de3575b70fe94821f74686abf92125f9d0ef28918db9d_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:1f066935b3a9de1add896aa3c17da8918afd418669bb541a25b27708dd9752cd_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:3b669408440a2e15c285e62c20656198c7f0caecc04d2f10b4abcc649fddf887_arm64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:68edbdcbd72a6ccf7d07d04e148227673ad34c8add04d9ab4770f4bbf3937974_amd64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:c3b22b39fccff18999ae7c11ea239f8ca2189b18e8c9ab770e81c35ba6a02632_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4972" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" }, "products": [ "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:09a25a05e5d7e786beb2aeb2900cdf9d9b7318a87065539d818d48ca12097efb_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:31fadc4e401db9f7af9d06100dba0999525940a1ccb256dd0befcfd80f427c90_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:5b5783216e793d74aad31abaa18e644f21ce645e736c6e4faaf061c51ffced18_arm64", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:9ae9beb8a3c1c4ace3f2c37d230416cf52426816105a3b9ea759bb5b7de5547a_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:dbd4a26ceb74570bb3d3b4b9ef911f6d8c14c2affdd4627fcf666bdbf88b922b_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:ea0181fdffaea17edf31b32830075f33e5bd7e5e951fb12c7734a3beb5fb6a12_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:f209de3c136c821251fb8e892250c79ab47c02bc7b4f773b280aeef9acacbe41_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fb0f944ef8c85fdd51e9d4ffa785217436989bb9388935392b9743f6c0157fb4_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:3f6354df560a086dd2d3d066bb316fa29b2f90409664352da5b4d5379b1bd59a_amd64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:826924158016a472f215b2154a3b71b0bb45dcb5faee4009023a9ff91b80fbc7_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:b059fed1e6cbdfa744ca40f63eebd7852918e60f6e63a56e6c4c8b47cfb7297a_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:bef56e9030b779020fd4d424af1c4da8bcdf46a89d1d5505cacda5aba17b3f5f_s390x", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:07bd1d4c9625d632c25f9b26f5afab0a0b385a01ceda8262a20d63d9380363c0_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:aa363327f2abce3c55dd7343c1024d0f46826e8d4da66126e63181702542352c_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:c6339f1ca0a031eedc1f77755f84c10bc096603c62e4d41266c1f57c723a5fe8_arm64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:d668d7dd535b8bd007d6d9c667a847aadd4184e60bff23c13710034d99b4cb78_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-operator-bundle@sha256:8d786bb519f9caa8c56b5a1de9bbfa92161f697644329114af3af5f324797787_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:16c13cf844a266006ca6242a13be9e5d3a1f57b561fbc0eb4fd22914a0297913_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:2da7b90a1c514f1d86d90b6f546c26480377d6f752deca9ae6bc3d23ff3bb991_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:7eed2ed5c7db8a702917e5f989a4742be3d0e63dc41a3ac6e2dd9d8a2ef586ec_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:f269a0edec8e132ca4a8bbc8c2fcec5bbe8b992c6f4fb731f4f457f0881e95eb_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:3adcc88984e8c288ecd8a0ae3b3a3dbf6e6d9260432bc934772060bd4d477d70_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:5de8d57c81bc70b3112cd331dfa701f1bc995eba8568a1cf71c4390538efaf06_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:b6ce0737682b89998c094db766d464eaac7717f4af6df87fb927d74892ac9056_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f26223d724c39de4b86d1abf3db446b38fdcd7231323f8ffe34a11f2a4db033c_arm64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:523305513ec6ea969620607c0bf5bea96eb192b14dec0d5660cbc28dae9f9552_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:71532e658e81a9daeb5d84c29851a56b8fe1b20f7a38bd3783002d0f3f611272_arm64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:dfd515876281d0eeffa51ad725bda5c48da3a9225f5e577e41a0aec58614a582_amd64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:f69026a41ac59c45855de3575b70fe94821f74686abf92125f9d0ef28918db9d_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:1f066935b3a9de1add896aa3c17da8918afd418669bb541a25b27708dd9752cd_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:3b669408440a2e15c285e62c20656198c7f0caecc04d2f10b4abcc649fddf887_arm64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:68edbdcbd72a6ccf7d07d04e148227673ad34c8add04d9ab4770f4bbf3937974_amd64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:c3b22b39fccff18999ae7c11ea239f8ca2189b18e8c9ab770e81c35ba6a02632_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "argo-cd: Argo CD web terminal session doesn\u0027t expire" }, { "cve": "CVE-2024-40634", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-07-23T14:26:36+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2299473" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Argo CD. This flaw allows an unauthenticated attacker to send a specially crafted large JSON payload to the /api/webhook endpoint, causing excessive memory allocation leading to service disruption by triggering an out-of-memory (OOM) kill. The issue poses a high risk to the availability of Argo CD deployments.", "title": "Vulnerability description" }, { "category": "summary", "text": "argocd: Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in Argo CD", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:09a25a05e5d7e786beb2aeb2900cdf9d9b7318a87065539d818d48ca12097efb_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:31fadc4e401db9f7af9d06100dba0999525940a1ccb256dd0befcfd80f427c90_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:5b5783216e793d74aad31abaa18e644f21ce645e736c6e4faaf061c51ffced18_arm64", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:9ae9beb8a3c1c4ace3f2c37d230416cf52426816105a3b9ea759bb5b7de5547a_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:dbd4a26ceb74570bb3d3b4b9ef911f6d8c14c2affdd4627fcf666bdbf88b922b_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:ea0181fdffaea17edf31b32830075f33e5bd7e5e951fb12c7734a3beb5fb6a12_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:f209de3c136c821251fb8e892250c79ab47c02bc7b4f773b280aeef9acacbe41_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fb0f944ef8c85fdd51e9d4ffa785217436989bb9388935392b9743f6c0157fb4_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:3f6354df560a086dd2d3d066bb316fa29b2f90409664352da5b4d5379b1bd59a_amd64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:826924158016a472f215b2154a3b71b0bb45dcb5faee4009023a9ff91b80fbc7_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:b059fed1e6cbdfa744ca40f63eebd7852918e60f6e63a56e6c4c8b47cfb7297a_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:bef56e9030b779020fd4d424af1c4da8bcdf46a89d1d5505cacda5aba17b3f5f_s390x", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:07bd1d4c9625d632c25f9b26f5afab0a0b385a01ceda8262a20d63d9380363c0_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:aa363327f2abce3c55dd7343c1024d0f46826e8d4da66126e63181702542352c_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:c6339f1ca0a031eedc1f77755f84c10bc096603c62e4d41266c1f57c723a5fe8_arm64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:d668d7dd535b8bd007d6d9c667a847aadd4184e60bff23c13710034d99b4cb78_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-operator-bundle@sha256:8d786bb519f9caa8c56b5a1de9bbfa92161f697644329114af3af5f324797787_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:16c13cf844a266006ca6242a13be9e5d3a1f57b561fbc0eb4fd22914a0297913_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:2da7b90a1c514f1d86d90b6f546c26480377d6f752deca9ae6bc3d23ff3bb991_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:7eed2ed5c7db8a702917e5f989a4742be3d0e63dc41a3ac6e2dd9d8a2ef586ec_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:f269a0edec8e132ca4a8bbc8c2fcec5bbe8b992c6f4fb731f4f457f0881e95eb_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:3adcc88984e8c288ecd8a0ae3b3a3dbf6e6d9260432bc934772060bd4d477d70_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:5de8d57c81bc70b3112cd331dfa701f1bc995eba8568a1cf71c4390538efaf06_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:b6ce0737682b89998c094db766d464eaac7717f4af6df87fb927d74892ac9056_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f26223d724c39de4b86d1abf3db446b38fdcd7231323f8ffe34a11f2a4db033c_arm64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:523305513ec6ea969620607c0bf5bea96eb192b14dec0d5660cbc28dae9f9552_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:71532e658e81a9daeb5d84c29851a56b8fe1b20f7a38bd3783002d0f3f611272_arm64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:dfd515876281d0eeffa51ad725bda5c48da3a9225f5e577e41a0aec58614a582_amd64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:f69026a41ac59c45855de3575b70fe94821f74686abf92125f9d0ef28918db9d_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:1f066935b3a9de1add896aa3c17da8918afd418669bb541a25b27708dd9752cd_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:3b669408440a2e15c285e62c20656198c7f0caecc04d2f10b4abcc649fddf887_arm64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:68edbdcbd72a6ccf7d07d04e148227673ad34c8add04d9ab4770f4bbf3937974_amd64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:c3b22b39fccff18999ae7c11ea239f8ca2189b18e8c9ab770e81c35ba6a02632_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-40634" }, { "category": "external", "summary": "RHBZ#2299473", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299473" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-40634", "url": "https://www.cve.org/CVERecord?id=CVE-2024-40634" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40634", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40634" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-jmvp-698c-4x3w", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-jmvp-698c-4x3w" } ], "release_date": "2024-07-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-08-01T10:48:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:09a25a05e5d7e786beb2aeb2900cdf9d9b7318a87065539d818d48ca12097efb_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:31fadc4e401db9f7af9d06100dba0999525940a1ccb256dd0befcfd80f427c90_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:5b5783216e793d74aad31abaa18e644f21ce645e736c6e4faaf061c51ffced18_arm64", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:9ae9beb8a3c1c4ace3f2c37d230416cf52426816105a3b9ea759bb5b7de5547a_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:dbd4a26ceb74570bb3d3b4b9ef911f6d8c14c2affdd4627fcf666bdbf88b922b_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:ea0181fdffaea17edf31b32830075f33e5bd7e5e951fb12c7734a3beb5fb6a12_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:f209de3c136c821251fb8e892250c79ab47c02bc7b4f773b280aeef9acacbe41_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fb0f944ef8c85fdd51e9d4ffa785217436989bb9388935392b9743f6c0157fb4_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:3f6354df560a086dd2d3d066bb316fa29b2f90409664352da5b4d5379b1bd59a_amd64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:826924158016a472f215b2154a3b71b0bb45dcb5faee4009023a9ff91b80fbc7_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:b059fed1e6cbdfa744ca40f63eebd7852918e60f6e63a56e6c4c8b47cfb7297a_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:bef56e9030b779020fd4d424af1c4da8bcdf46a89d1d5505cacda5aba17b3f5f_s390x", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:07bd1d4c9625d632c25f9b26f5afab0a0b385a01ceda8262a20d63d9380363c0_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:aa363327f2abce3c55dd7343c1024d0f46826e8d4da66126e63181702542352c_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:c6339f1ca0a031eedc1f77755f84c10bc096603c62e4d41266c1f57c723a5fe8_arm64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:d668d7dd535b8bd007d6d9c667a847aadd4184e60bff23c13710034d99b4cb78_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-operator-bundle@sha256:8d786bb519f9caa8c56b5a1de9bbfa92161f697644329114af3af5f324797787_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:16c13cf844a266006ca6242a13be9e5d3a1f57b561fbc0eb4fd22914a0297913_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:2da7b90a1c514f1d86d90b6f546c26480377d6f752deca9ae6bc3d23ff3bb991_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:7eed2ed5c7db8a702917e5f989a4742be3d0e63dc41a3ac6e2dd9d8a2ef586ec_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:f269a0edec8e132ca4a8bbc8c2fcec5bbe8b992c6f4fb731f4f457f0881e95eb_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:3adcc88984e8c288ecd8a0ae3b3a3dbf6e6d9260432bc934772060bd4d477d70_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:5de8d57c81bc70b3112cd331dfa701f1bc995eba8568a1cf71c4390538efaf06_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:b6ce0737682b89998c094db766d464eaac7717f4af6df87fb927d74892ac9056_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f26223d724c39de4b86d1abf3db446b38fdcd7231323f8ffe34a11f2a4db033c_arm64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:523305513ec6ea969620607c0bf5bea96eb192b14dec0d5660cbc28dae9f9552_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:71532e658e81a9daeb5d84c29851a56b8fe1b20f7a38bd3783002d0f3f611272_arm64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:dfd515876281d0eeffa51ad725bda5c48da3a9225f5e577e41a0aec58614a582_amd64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:f69026a41ac59c45855de3575b70fe94821f74686abf92125f9d0ef28918db9d_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:1f066935b3a9de1add896aa3c17da8918afd418669bb541a25b27708dd9752cd_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:3b669408440a2e15c285e62c20656198c7f0caecc04d2f10b4abcc649fddf887_arm64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:68edbdcbd72a6ccf7d07d04e148227673ad34c8add04d9ab4770f4bbf3937974_amd64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:c3b22b39fccff18999ae7c11ea239f8ca2189b18e8c9ab770e81c35ba6a02632_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4972" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:09a25a05e5d7e786beb2aeb2900cdf9d9b7318a87065539d818d48ca12097efb_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:31fadc4e401db9f7af9d06100dba0999525940a1ccb256dd0befcfd80f427c90_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:5b5783216e793d74aad31abaa18e644f21ce645e736c6e4faaf061c51ffced18_arm64", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:9ae9beb8a3c1c4ace3f2c37d230416cf52426816105a3b9ea759bb5b7de5547a_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:dbd4a26ceb74570bb3d3b4b9ef911f6d8c14c2affdd4627fcf666bdbf88b922b_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:ea0181fdffaea17edf31b32830075f33e5bd7e5e951fb12c7734a3beb5fb6a12_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:f209de3c136c821251fb8e892250c79ab47c02bc7b4f773b280aeef9acacbe41_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:fb0f944ef8c85fdd51e9d4ffa785217436989bb9388935392b9743f6c0157fb4_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:3f6354df560a086dd2d3d066bb316fa29b2f90409664352da5b4d5379b1bd59a_amd64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:826924158016a472f215b2154a3b71b0bb45dcb5faee4009023a9ff91b80fbc7_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:b059fed1e6cbdfa744ca40f63eebd7852918e60f6e63a56e6c4c8b47cfb7297a_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:bef56e9030b779020fd4d424af1c4da8bcdf46a89d1d5505cacda5aba17b3f5f_s390x", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:07bd1d4c9625d632c25f9b26f5afab0a0b385a01ceda8262a20d63d9380363c0_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:aa363327f2abce3c55dd7343c1024d0f46826e8d4da66126e63181702542352c_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:c6339f1ca0a031eedc1f77755f84c10bc096603c62e4d41266c1f57c723a5fe8_arm64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:d668d7dd535b8bd007d6d9c667a847aadd4184e60bff23c13710034d99b4cb78_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-operator-bundle@sha256:8d786bb519f9caa8c56b5a1de9bbfa92161f697644329114af3af5f324797787_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:16c13cf844a266006ca6242a13be9e5d3a1f57b561fbc0eb4fd22914a0297913_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:2da7b90a1c514f1d86d90b6f546c26480377d6f752deca9ae6bc3d23ff3bb991_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:7eed2ed5c7db8a702917e5f989a4742be3d0e63dc41a3ac6e2dd9d8a2ef586ec_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:f269a0edec8e132ca4a8bbc8c2fcec5bbe8b992c6f4fb731f4f457f0881e95eb_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:3adcc88984e8c288ecd8a0ae3b3a3dbf6e6d9260432bc934772060bd4d477d70_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:5de8d57c81bc70b3112cd331dfa701f1bc995eba8568a1cf71c4390538efaf06_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:b6ce0737682b89998c094db766d464eaac7717f4af6df87fb927d74892ac9056_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:f26223d724c39de4b86d1abf3db446b38fdcd7231323f8ffe34a11f2a4db033c_arm64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:523305513ec6ea969620607c0bf5bea96eb192b14dec0d5660cbc28dae9f9552_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:71532e658e81a9daeb5d84c29851a56b8fe1b20f7a38bd3783002d0f3f611272_arm64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:dfd515876281d0eeffa51ad725bda5c48da3a9225f5e577e41a0aec58614a582_amd64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:f69026a41ac59c45855de3575b70fe94821f74686abf92125f9d0ef28918db9d_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:1f066935b3a9de1add896aa3c17da8918afd418669bb541a25b27708dd9752cd_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:3b669408440a2e15c285e62c20656198c7f0caecc04d2f10b4abcc649fddf887_arm64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:68edbdcbd72a6ccf7d07d04e148227673ad34c8add04d9ab4770f4bbf3937974_amd64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:c3b22b39fccff18999ae7c11ea239f8ca2189b18e8c9ab770e81c35ba6a02632_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "argocd: Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in Argo CD" } ] }
gsd-2023-40025
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2023-40025", "id": "GSD-2023-40025" }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2023-40025" ], "details": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting from version 2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The most straightforward scenario is when a user opens the terminal view and leaves it open for an extended period. This allows the user to view sensitive information even when they should have been logged out already. A patch for this vulnerability has been released in the following Argo CD versions: 2.6.14, 2.7.12 and 2.8.1.\n", "id": "GSD-2023-40025", "modified": "2023-12-13T01:20:43.649091Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2023-40025", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "argo-cd", "version": { "version_data": [ { "version_affected": "=", "version_value": "\u003e= 2.6.0, \u003c 2.6.14" }, { "version_affected": "=", "version_value": "\u003e= 2.7.0, \u003c 2.7.12" }, { "version_affected": "=", "version_value": "= 2.8.0" } ] } } ] }, "vendor_name": "argoproj" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting from version 2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The most straightforward scenario is when a user opens the terminal view and leaves it open for an extended period. This allows the user to view sensitive information even when they should have been logged out already. A patch for this vulnerability has been released in the following Argo CD versions: 2.6.14, 2.7.12 and 2.8.1.\n" } ] }, "impact": { "cvss": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-613", "lang": "eng", "value": "CWE-613: Insufficient Session Expiration" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-c8xw-vjgf-94hr", "refsource": "MISC", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-c8xw-vjgf-94hr" }, { "name": "https://github.com/argoproj/argo-cd/commit/e047efa8f9518c54d00d2e4493b64bc4dba98478", "refsource": "MISC", "url": "https://github.com/argoproj/argo-cd/commit/e047efa8f9518c54d00d2e4493b64bc4dba98478" } ] }, "source": { "advisory": "GHSA-c8xw-vjgf-94hr", "discovery": "UNKNOWN" } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:linuxfoundation:argo-cd:2.8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:linuxfoundation:argo-cd:2.7.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:linuxfoundation:argo-cd:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.6.13", "versionStartIncluding": "2.6.0", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2023-40025" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting from version 2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The most straightforward scenario is when a user opens the terminal view and leaves it open for an extended period. This allows the user to view sensitive information even when they should have been logged out already. A patch for this vulnerability has been released in the following Argo CD versions: 2.6.14, 2.7.12 and 2.8.1.\n" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-613" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-c8xw-vjgf-94hr", "refsource": "MISC", "tags": [ "Exploit", "Vendor Advisory" ], "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-c8xw-vjgf-94hr" }, { "name": "https://github.com/argoproj/argo-cd/commit/e047efa8f9518c54d00d2e4493b64bc4dba98478", "refsource": "MISC", "tags": [ "Patch" ], "url": "https://github.com/argoproj/argo-cd/commit/e047efa8f9518c54d00d2e4493b64bc4dba98478" } ] } }, "impact": { "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 4.2 } }, "lastModifiedDate": "2023-08-30T17:28Z", "publishedDate": "2023-08-23T20:15Z" } } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.