Action not permitted
Modal body text goes here.
cve-2024-28175
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:48:49.312Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-jwv5-8mqv-g387", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-jwv5-8mqv-g387" }, { "name": "https://github.com/argoproj/argo-cd/commit/479b5544b57dc9ef767d49f7003f39602c480b71", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/argoproj/argo-cd/commit/479b5544b57dc9ef767d49f7003f39602c480b71" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "argo_cd", "vendor": "argoproj", "versions": [ { "lessThan": "2.8.12", "status": "affected", "version": "1.0.0", "versionType": "custom" }, { "lessThan": "2.9.8", "status": "affected", "version": "2.9.0", "versionType": "custom" }, { "lessThan": "2.10.3", "status": "affected", "version": "2.10.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-28175", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-03-14T15:46:16.286706Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-21T23:20:32.107Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "argo-cd", "vendor": "argoproj", "versions": [ { "status": "affected", "version": "\u003e= 1.0.0, \u003c 2.8.12" }, { "status": "affected", "version": "\u003e= 2.9.0, \u003c 2.9.8" }, { "status": "affected", "version": "\u003e= 2.10.0, \u003c 2.10.3" } ] } ], "descriptions": [ { "lang": "en", "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Due to the improper URL protocols filtering of links specified in the `link.argocd.argoproj.io` annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions. All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim\u0027s permissions (up to and including admin). This vulnerability allows an attacker to perform arbitrary actions on behalf of the victim via the API, such as creating, modifying, and deleting Kubernetes resources. A patch for this vulnerability has been released in Argo CD versions v2.10.3 v2.9.8, and v2.8.12. There are no completely-safe workarounds besides upgrading. The safest alternative, if upgrading is not possible, would be to create a Kubernetes admission controller to reject any resources with an annotation starting with link.argocd.argoproj.io or reject the resource if the value use an improper URL protocol. This validation will need to be applied in all clusters managed by ArgoCD.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-13T20:48:05.363Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-jwv5-8mqv-g387", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-jwv5-8mqv-g387" }, { "name": "https://github.com/argoproj/argo-cd/commit/479b5544b57dc9ef767d49f7003f39602c480b71", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/argoproj/argo-cd/commit/479b5544b57dc9ef767d49f7003f39602c480b71" } ], "source": { "advisory": "GHSA-jwv5-8mqv-g387", "discovery": "UNKNOWN" }, "title": "Cross-site scripting on application summary component in argo-cd" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-28175", "datePublished": "2024-03-13T20:48:05.363Z", "dateReserved": "2024-03-06T17:35:00.856Z", "dateUpdated": "2024-08-21T23:20:32.107Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-28175\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-03-13T21:16:00.570\",\"lastModified\":\"2024-11-21T09:05:57.817\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Due to the improper URL protocols filtering of links specified in the `link.argocd.argoproj.io` annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions. All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim\u0027s permissions (up to and including admin). This vulnerability allows an attacker to perform arbitrary actions on behalf of the victim via the API, such as creating, modifying, and deleting Kubernetes resources. A patch for this vulnerability has been released in Argo CD versions v2.10.3 v2.9.8, and v2.8.12. There are no completely-safe workarounds besides upgrading. The safest alternative, if upgrading is not possible, would be to create a Kubernetes admission controller to reject any resources with an annotation starting with link.argocd.argoproj.io or reject the resource if the value use an improper URL protocol. This validation will need to be applied in all clusters managed by ArgoCD.\\n\\n\"},{\"lang\":\"es\",\"value\":\"Argo CD es una herramienta declarativa de entrega continua de GitOps para Kubernetes. Debido al filtrado inadecuado de los protocolos URL de los enlaces especificados en las anotaciones `link.argocd.argoproj.io` en el componente de resumen de la aplicaci\u00f3n, un atacante puede lograr Cross Site Scripting con permisos elevados. Todas las versiones sin parches de Argo CD que comienzan con v1.0.0 son vulnerables a un error de Cross Site Scripting (XSS) que permite a un usuario malintencionado inyectar un enlace javascript: en la interfaz de usuario. Cuando un usuario v\u00edctima hace clic en \u00e9l, el script se ejecutar\u00e1 con los permisos de la v\u00edctima (hasta administrador incluido). Esta vulnerabilidad permite a un atacante realizar acciones arbitrarias en nombre de la v\u00edctima a trav\u00e9s de la API, como crear, modificar y eliminar recursos de Kubernetes. Se lanz\u00f3 un parche para esta vulnerabilidad en las versiones de Argo CD v2.10.3 v2.9.8 y v2.8.12. No existen soluciones alternativas completamente seguras adem\u00e1s de actualizar. La alternativa m\u00e1s segura, si no es posible la actualizaci\u00f3n, ser\u00eda crear un controlador de admisi\u00f3n de Kubernetes para rechazar cualquier recurso con una anotaci\u00f3n que comience con link.argocd.argoproj.io o rechazar el recurso si el valor utiliza un protocolo URL inadecuado. Esta validaci\u00f3n deber\u00e1 aplicarse en todos los cl\u00fasteres gestionados por ArgoCD.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":9.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.3,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"references\":[{\"url\":\"https://github.com/argoproj/argo-cd/commit/479b5544b57dc9ef767d49f7003f39602c480b71\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/argoproj/argo-cd/security/advisories/GHSA-jwv5-8mqv-g387\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/argoproj/argo-cd/commit/479b5544b57dc9ef767d49f7003f39602c480b71\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/argoproj/argo-cd/security/advisories/GHSA-jwv5-8mqv-g387\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
ghsa-jwv5-8mqv-g387
Vulnerability from github
Summary
Due to the improper URL protocols filtering of links specified in the link.argocd.argoproj.io
annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions.
Impact
All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim's permissions (up to and including admin).
This vulnerability allows an attacker to perform arbitrary actions on behalf of the victim via the API, such as creating, modifying, and deleting Kubernetes resources.
Patches
A patch for this vulnerability has been released in the following Argo CD versions:
- v2.10.3
- v2.9.8
- v2.8.12
Workarounds
There are no completely-safe workarounds besides upgrading. The safest alternative, if upgrading is not possible, would be to create a Kubernetes admission controller to reject any resources with an annotation starting with link.argocd.argoproj.io
or reject the resource if the value use an improper URL protocol. This validation will need to be applied in all clusters managed by ArgoCD.
Mitigations
- Avoid clicking external links presented in the UI. The link's title is user-configurable. So even if you hover the link, and the tooltip looks safe, the link might be malicious. The only way to be certain that the link is safe is to inspect the page's source.
- Carefully limit who has permissions to edit Kubernetes resource manifests (this is configured in RBAC for ArgoCD). The external-links are set as annotations on Kubernetes resources. Any persona with write access to resources managed by ArgoCD could be an actor.
References
Documentation for the external links feature
Credits
Disclosed by RyotaK (@Ry0taK)
For more information
- Open an issue in the Argo CD issue tracker or discussions
- Join us on Slack in channel #argo-cd
{ "affected": [ { "package": { "ecosystem": "Go", "name": "github.com/argoproj/argo-cd" }, "ranges": [ { "events": [ { "introduced": "1.0.0" }, { "last_affected": "1.8.7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Go", "name": "github.com/argoproj/argo-cd/v2" }, "ranges": [ { "events": [ { "introduced": "2.9.0" }, { "fixed": "2.9.8" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Go", "name": "github.com/argoproj/argo-cd/v2" }, "ranges": [ { "events": [ { "introduced": "2.10.0" }, { "fixed": "2.10.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Go", "name": "github.com/argoproj/argo-cd/v2" }, "ranges": [ { "events": [ { "introduced": "2.0.0" }, { "fixed": "2.8.12" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2024-28175" ], "database_specific": { "cwe_ids": [ "CWE-79" ], "github_reviewed": true, "github_reviewed_at": "2024-03-15T19:46:21Z", "nvd_published_at": "2024-03-13T21:16:00Z", "severity": "CRITICAL" }, "details": "### Summary\n\nDue to the improper URL protocols filtering of links specified in the `link.argocd.argoproj.io` annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions.\n\n### Impact\n\nAll unpatched versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim\u0027s permissions (up to and including admin).\n\nThis vulnerability allows an attacker to perform arbitrary actions on behalf of the victim via the API, such as creating, modifying, and deleting Kubernetes resources.\n\n### Patches\nA patch for this vulnerability has been released in the following Argo CD versions:\n\n* v2.10.3\n* v2.9.8\n* v2.8.12\n\n### Workarounds\n\nThere are no completely-safe workarounds besides **upgrading**. The safest alternative, if upgrading is not possible, would be to create a [Kubernetes admission controller](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/) to reject any resources with an annotation starting with `link.argocd.argoproj.io` or reject the resource if the value use an improper URL protocol. This validation will need to be applied in all clusters managed by ArgoCD.\n\n#### Mitigations\n\n1. Avoid clicking external links presented in the UI.\nThe link\u0027s title is user-configurable. So even if you hover the link, and the tooltip looks safe, the link might be malicious. The only way to be certain that the link is safe is to inspect the page\u0027s source.\n2. Carefully limit who has permissions to edit Kubernetes resource manifests (this is configured in [RBAC](https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/) for ArgoCD). \nThe external-links are set as annotations on Kubernetes resources. Any persona with write access to resources managed by ArgoCD could be an actor.\n\n### References\n[Documentation for the external links feature](https://argo-cd.readthedocs.io/en/stable/user-guide/external-url/)\n\n### Credits\n\nDisclosed by [RyotaK](https://ryotak.net) (@Ry0taK)\n\n### For more information\n\n- Open an issue in [the Argo CD issue tracker](https://github.com/argoproj/argo-cd/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc) or [discussions](https://github.com/argoproj/argo-cd/discussions)\n- Join us on [Slack](https://argoproj.github.io/community/join-slack) in channel #argo-cd", "id": "GHSA-jwv5-8mqv-g387", "modified": "2024-05-20T22:06:33Z", "published": "2024-03-15T19:46:21Z", "references": [ { "type": "WEB", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-jwv5-8mqv-g387" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28175" }, { "type": "WEB", "url": "https://github.com/argoproj/argo-cd/commit/479b5544b57dc9ef767d49f7003f39602c480b71" }, { "type": "PACKAGE", "url": "https://github.com/argoproj/argo-cd" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "type": "CVSS_V3" } ], "summary": "Cross-site scripting on application summary component" }
gsd-2024-28175
Vulnerability from gsd
{ "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2024-28175" ], "details": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Due to the improper URL protocols filtering of links specified in the `link.argocd.argoproj.io` annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions. All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim\u0027s permissions (up to and including admin). This vulnerability allows an attacker to perform arbitrary actions on behalf of the victim via the API, such as creating, modifying, and deleting Kubernetes resources. A patch for this vulnerability has been released in Argo CD versions v2.10.3 v2.9.8, and v2.8.12. There are no completely-safe workarounds besides upgrading. The safest alternative, if upgrading is not possible, would be to create a Kubernetes admission controller to reject any resources with an annotation starting with link.argocd.argoproj.io or reject the resource if the value use an improper URL protocol. This validation will need to be applied in all clusters managed by ArgoCD.\n\n", "id": "GSD-2024-28175", "modified": "2024-03-08T06:02:46.543867Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2024-28175", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "argo-cd", "version": { "version_data": [ { "version_affected": "=", "version_value": "\u003e= 1.0.0, \u003c 2.8.12" }, { "version_affected": "=", "version_value": "\u003e= 2.9.0, \u003c 2.9.8" }, { "version_affected": "=", "version_value": "\u003e= 2.10.0, \u003c 2.10.3" } ] } } ] }, "vendor_name": "argoproj" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Due to the improper URL protocols filtering of links specified in the `link.argocd.argoproj.io` annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions. All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim\u0027s permissions (up to and including admin). This vulnerability allows an attacker to perform arbitrary actions on behalf of the victim via the API, such as creating, modifying, and deleting Kubernetes resources. A patch for this vulnerability has been released in Argo CD versions v2.10.3 v2.9.8, and v2.8.12. There are no completely-safe workarounds besides upgrading. The safest alternative, if upgrading is not possible, would be to create a Kubernetes admission controller to reject any resources with an annotation starting with link.argocd.argoproj.io or reject the resource if the value use an improper URL protocol. This validation will need to be applied in all clusters managed by ArgoCD.\n\n" } ] }, "impact": { "cvss": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-79", "lang": "eng", "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-jwv5-8mqv-g387", "refsource": "MISC", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-jwv5-8mqv-g387" }, { "name": "https://github.com/argoproj/argo-cd/commit/479b5544b57dc9ef767d49f7003f39602c480b71", "refsource": "MISC", "url": "https://github.com/argoproj/argo-cd/commit/479b5544b57dc9ef767d49f7003f39602c480b71" } ] }, "source": { "advisory": "GHSA-jwv5-8mqv-g387", "discovery": "UNKNOWN" } }, "nvd.nist.gov": { "cve": { "descriptions": [ { "lang": "en", "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Due to the improper URL protocols filtering of links specified in the `link.argocd.argoproj.io` annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions. All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim\u0027s permissions (up to and including admin). This vulnerability allows an attacker to perform arbitrary actions on behalf of the victim via the API, such as creating, modifying, and deleting Kubernetes resources. A patch for this vulnerability has been released in Argo CD versions v2.10.3 v2.9.8, and v2.8.12. There are no completely-safe workarounds besides upgrading. The safest alternative, if upgrading is not possible, would be to create a Kubernetes admission controller to reject any resources with an annotation starting with link.argocd.argoproj.io or reject the resource if the value use an improper URL protocol. This validation will need to be applied in all clusters managed by ArgoCD.\n\n" }, { "lang": "es", "value": "Argo CD es una herramienta declarativa de entrega continua de GitOps para Kubernetes. Debido al filtrado inadecuado de los protocolos URL de los enlaces especificados en las anotaciones `link.argocd.argoproj.io` en el componente de resumen de la aplicaci\u00f3n, un atacante puede lograr Cross Site Scripting con permisos elevados. Todas las versiones sin parches de Argo CD que comienzan con v1.0.0 son vulnerables a un error de Cross Site Scripting (XSS) que permite a un usuario malintencionado inyectar un enlace javascript: en la interfaz de usuario. Cuando un usuario v\u00edctima hace clic en \u00e9l, el script se ejecutar\u00e1 con los permisos de la v\u00edctima (hasta administrador incluido). Esta vulnerabilidad permite a un atacante realizar acciones arbitrarias en nombre de la v\u00edctima a trav\u00e9s de la API, como crear, modificar y eliminar recursos de Kubernetes. Se lanz\u00f3 un parche para esta vulnerabilidad en las versiones de Argo CD v2.10.3 v2.9.8 y v2.8.12. No existen soluciones alternativas completamente seguras adem\u00e1s de actualizar. La alternativa m\u00e1s segura, si no es posible la actualizaci\u00f3n, ser\u00eda crear un controlador de admisi\u00f3n de Kubernetes para rechazar cualquier recurso con una anotaci\u00f3n que comience con link.argocd.argoproj.io o rechazar el recurso si el valor utiliza un protocolo URL inadecuado. Esta validaci\u00f3n deber\u00e1 aplicarse en todos los cl\u00fasteres gestionados por ArgoCD." } ], "id": "CVE-2024-28175", "lastModified": "2024-03-14T12:52:16.723", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary" } ] }, "published": "2024-03-13T21:16:00.570", "references": [ { "source": "security-advisories@github.com", "url": "https://github.com/argoproj/argo-cd/commit/479b5544b57dc9ef767d49f7003f39602c480b71" }, { "source": "security-advisories@github.com", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-jwv5-8mqv-g387" } ], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "security-advisories@github.com", "type": "Secondary" } ] } } } }
rhsa-2024_1346
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat OpenShift GitOps 1.11.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.\n\nSecurity Fix(es):\n\n* Before this update, due to the improper filtering of URL protocols in the Argo CD application summary component, an attacker could achieve cross-site scripting with permission to edit the application. This update fixes the issue by upgrading the Argo CD version to v2.9.8 which has the fix applied and is therefore not vulnerable (CVE-2024-28175).", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:1346", "url": "https://access.redhat.com/errata/RHSA-2024:1346" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://docs.openshift.com/gitops/1.11/understanding_openshift_gitops/about-redhat-openshift-gitops.html", "url": "https://docs.openshift.com/gitops/1.11/understanding_openshift_gitops/about-redhat-openshift-gitops.html" }, { "category": "external", "summary": "2268518", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268518" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1346.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift GitOps security update", "tracking": { "current_release_date": "2024-11-24T12:46:32+00:00", "generator": { "date": "2024-11-24T12:46:32+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2024:1346", "initial_release_date": "2024-03-16T00:33:34+00:00", "revision_history": [ { "date": "2024-03-16T00:33:34+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-03-16T00:33:34+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-24T12:46:32+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift GitOps 1.11", "product": { "name": "Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_gitops:1.11::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift GitOps" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-1/argocd-rhel8@sha256:e82216628e8fe91dffaa78b0653b148e55035b459ca4c283a33f4439ce1edb3f_ppc64le", "product": { "name": "openshift-gitops-1/argocd-rhel8@sha256:e82216628e8fe91dffaa78b0653b148e55035b459ca4c283a33f4439ce1edb3f_ppc64le", "product_id": "openshift-gitops-1/argocd-rhel8@sha256:e82216628e8fe91dffaa78b0653b148e55035b459ca4c283a33f4439ce1edb3f_ppc64le", "product_identification_helper": { "purl": "pkg:oci/argocd-rhel8@sha256:e82216628e8fe91dffaa78b0653b148e55035b459ca4c283a33f4439ce1edb3f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.11.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:963b67a8e1ec1b9f08a869a4233dc017ec57b50e083fe3434bf143789c58c5a6_ppc64le", "product": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:963b67a8e1ec1b9f08a869a4233dc017ec57b50e083fe3434bf143789c58c5a6_ppc64le", "product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:963b67a8e1ec1b9f08a869a4233dc017ec57b50e083fe3434bf143789c58c5a6_ppc64le", "product_identification_helper": { "purl": "pkg:oci/argo-rollouts-rhel8@sha256:963b67a8e1ec1b9f08a869a4233dc017ec57b50e083fe3434bf143789c58c5a6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.11.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/console-plugin-rhel8@sha256:8a400a97552170760891915c4855c9ae302c62588ad59a35c8aa2443f5482b0d_ppc64le", "product": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:8a400a97552170760891915c4855c9ae302c62588ad59a35c8aa2443f5482b0d_ppc64le", "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:8a400a97552170760891915c4855c9ae302c62588ad59a35c8aa2443f5482b0d_ppc64le", "product_identification_helper": { "purl": "pkg:oci/console-plugin-rhel8@sha256:8a400a97552170760891915c4855c9ae302c62588ad59a35c8aa2443f5482b0d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.11.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8@sha256:b7d7a1090c008b96f4837062e5d44f1666a6181a96933d9de7d010a470e764af_ppc64le", "product": { "name": "openshift-gitops-1/gitops-rhel8@sha256:b7d7a1090c008b96f4837062e5d44f1666a6181a96933d9de7d010a470e764af_ppc64le", "product_id": "openshift-gitops-1/gitops-rhel8@sha256:b7d7a1090c008b96f4837062e5d44f1666a6181a96933d9de7d010a470e764af_ppc64le", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8@sha256:b7d7a1090c008b96f4837062e5d44f1666a6181a96933d9de7d010a470e764af?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.11.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/dex-rhel8@sha256:5eccc3f29285dcbf796181cf9d29725d1be68d6f7ecc7e1152fe943708066505_ppc64le", "product": { "name": "openshift-gitops-1/dex-rhel8@sha256:5eccc3f29285dcbf796181cf9d29725d1be68d6f7ecc7e1152fe943708066505_ppc64le", "product_id": "openshift-gitops-1/dex-rhel8@sha256:5eccc3f29285dcbf796181cf9d29725d1be68d6f7ecc7e1152fe943708066505_ppc64le", "product_identification_helper": { "purl": "pkg:oci/dex-rhel8@sha256:5eccc3f29285dcbf796181cf9d29725d1be68d6f7ecc7e1152fe943708066505?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.11.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:f51fd302417f7171ba723e0ea5df0305253a652e247b8737b60b465e3573a6e2_ppc64le", "product": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:f51fd302417f7171ba723e0ea5df0305253a652e247b8737b60b465e3573a6e2_ppc64le", "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:f51fd302417f7171ba723e0ea5df0305253a652e247b8737b60b465e3573a6e2_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kam-delivery-rhel8@sha256:f51fd302417f7171ba723e0ea5df0305253a652e247b8737b60b465e3573a6e2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.11.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/must-gather-rhel8@sha256:96969f9e59b59364e239498d71b53d6faae74dabe9ea2ef5180d28833fbb6956_ppc64le", "product": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:96969f9e59b59364e239498d71b53d6faae74dabe9ea2ef5180d28833fbb6956_ppc64le", "product_id": "openshift-gitops-1/must-gather-rhel8@sha256:96969f9e59b59364e239498d71b53d6faae74dabe9ea2ef5180d28833fbb6956_ppc64le", "product_identification_helper": { "purl": "pkg:oci/must-gather-rhel8@sha256:96969f9e59b59364e239498d71b53d6faae74dabe9ea2ef5180d28833fbb6956?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.11.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:3e3bd3ff2f09371d3fdbad3468daadadb8f426a3210dcfbd4d5e17e071f68e06_ppc64le", "product": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:3e3bd3ff2f09371d3fdbad3468daadadb8f426a3210dcfbd4d5e17e071f68e06_ppc64le", "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:3e3bd3ff2f09371d3fdbad3468daadadb8f426a3210dcfbd4d5e17e071f68e06_ppc64le", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8-operator@sha256:3e3bd3ff2f09371d3fdbad3468daadadb8f426a3210dcfbd4d5e17e071f68e06?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.11.2-2" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-1/argocd-rhel8@sha256:5661b095173b6ac4e5933708a99ad74d671200e2790eccdc403cbc33ac0309ef_amd64", "product": { "name": "openshift-gitops-1/argocd-rhel8@sha256:5661b095173b6ac4e5933708a99ad74d671200e2790eccdc403cbc33ac0309ef_amd64", "product_id": "openshift-gitops-1/argocd-rhel8@sha256:5661b095173b6ac4e5933708a99ad74d671200e2790eccdc403cbc33ac0309ef_amd64", "product_identification_helper": { "purl": "pkg:oci/argocd-rhel8@sha256:5661b095173b6ac4e5933708a99ad74d671200e2790eccdc403cbc33ac0309ef?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.11.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:7ade7c64aedd610fa822b8366522ac480e973bc84c73a2a03a68a78fbcd4f614_amd64", "product": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:7ade7c64aedd610fa822b8366522ac480e973bc84c73a2a03a68a78fbcd4f614_amd64", "product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:7ade7c64aedd610fa822b8366522ac480e973bc84c73a2a03a68a78fbcd4f614_amd64", "product_identification_helper": { "purl": "pkg:oci/argo-rollouts-rhel8@sha256:7ade7c64aedd610fa822b8366522ac480e973bc84c73a2a03a68a78fbcd4f614?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.11.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/console-plugin-rhel8@sha256:fc0966ae2216547e28efc61461f37ec1320b06ff0c29f4f93150b0e2cd091e1d_amd64", "product": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:fc0966ae2216547e28efc61461f37ec1320b06ff0c29f4f93150b0e2cd091e1d_amd64", "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:fc0966ae2216547e28efc61461f37ec1320b06ff0c29f4f93150b0e2cd091e1d_amd64", "product_identification_helper": { "purl": "pkg:oci/console-plugin-rhel8@sha256:fc0966ae2216547e28efc61461f37ec1320b06ff0c29f4f93150b0e2cd091e1d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.11.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8@sha256:ba4bd092cd6712005677949f9369b53f089d68a7c1e8a28a4d0584d120eca039_amd64", "product": { "name": "openshift-gitops-1/gitops-rhel8@sha256:ba4bd092cd6712005677949f9369b53f089d68a7c1e8a28a4d0584d120eca039_amd64", "product_id": "openshift-gitops-1/gitops-rhel8@sha256:ba4bd092cd6712005677949f9369b53f089d68a7c1e8a28a4d0584d120eca039_amd64", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8@sha256:ba4bd092cd6712005677949f9369b53f089d68a7c1e8a28a4d0584d120eca039?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.11.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/dex-rhel8@sha256:57d8fa22347e327bb163fb0d7e3710f83f1b2dd248acd0be5f3d8562b55197bb_amd64", "product": { "name": "openshift-gitops-1/dex-rhel8@sha256:57d8fa22347e327bb163fb0d7e3710f83f1b2dd248acd0be5f3d8562b55197bb_amd64", "product_id": "openshift-gitops-1/dex-rhel8@sha256:57d8fa22347e327bb163fb0d7e3710f83f1b2dd248acd0be5f3d8562b55197bb_amd64", "product_identification_helper": { "purl": "pkg:oci/dex-rhel8@sha256:57d8fa22347e327bb163fb0d7e3710f83f1b2dd248acd0be5f3d8562b55197bb?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.11.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:8bd3a68563363904ea589b23b71fb49bbf6264a632cfab20e792fdc119ff8981_amd64", "product": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:8bd3a68563363904ea589b23b71fb49bbf6264a632cfab20e792fdc119ff8981_amd64", "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:8bd3a68563363904ea589b23b71fb49bbf6264a632cfab20e792fdc119ff8981_amd64", "product_identification_helper": { "purl": "pkg:oci/kam-delivery-rhel8@sha256:8bd3a68563363904ea589b23b71fb49bbf6264a632cfab20e792fdc119ff8981?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.11.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/must-gather-rhel8@sha256:308dde69749187080fecd3d82aa4a08ed3ac1c9f4e98ef502b6f7afd9023e1ba_amd64", "product": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:308dde69749187080fecd3d82aa4a08ed3ac1c9f4e98ef502b6f7afd9023e1ba_amd64", "product_id": "openshift-gitops-1/must-gather-rhel8@sha256:308dde69749187080fecd3d82aa4a08ed3ac1c9f4e98ef502b6f7afd9023e1ba_amd64", "product_identification_helper": { "purl": "pkg:oci/must-gather-rhel8@sha256:308dde69749187080fecd3d82aa4a08ed3ac1c9f4e98ef502b6f7afd9023e1ba?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.11.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-operator-bundle@sha256:32efac25ae3acebe9de6252c9ed46c3e8f3011bed3353b8ec6a88457a026d80a_amd64", "product": { "name": "openshift-gitops-1/gitops-operator-bundle@sha256:32efac25ae3acebe9de6252c9ed46c3e8f3011bed3353b8ec6a88457a026d80a_amd64", "product_id": "openshift-gitops-1/gitops-operator-bundle@sha256:32efac25ae3acebe9de6252c9ed46c3e8f3011bed3353b8ec6a88457a026d80a_amd64", "product_identification_helper": { "purl": "pkg:oci/gitops-operator-bundle@sha256:32efac25ae3acebe9de6252c9ed46c3e8f3011bed3353b8ec6a88457a026d80a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-operator-bundle\u0026tag=v1.11.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:f33126d9622317c68bff1b482ec97cdb8ab135168528740d3d7e1aa70c4daed2_amd64", "product": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:f33126d9622317c68bff1b482ec97cdb8ab135168528740d3d7e1aa70c4daed2_amd64", "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:f33126d9622317c68bff1b482ec97cdb8ab135168528740d3d7e1aa70c4daed2_amd64", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8-operator@sha256:f33126d9622317c68bff1b482ec97cdb8ab135168528740d3d7e1aa70c4daed2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.11.2-2" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-1/argocd-rhel8@sha256:e4cb3df8c0b83ba2c8f56fa06754c2afb40c75382488d3b1e337ce4f1e45b0c6_arm64", "product": { "name": "openshift-gitops-1/argocd-rhel8@sha256:e4cb3df8c0b83ba2c8f56fa06754c2afb40c75382488d3b1e337ce4f1e45b0c6_arm64", "product_id": "openshift-gitops-1/argocd-rhel8@sha256:e4cb3df8c0b83ba2c8f56fa06754c2afb40c75382488d3b1e337ce4f1e45b0c6_arm64", "product_identification_helper": { "purl": "pkg:oci/argocd-rhel8@sha256:e4cb3df8c0b83ba2c8f56fa06754c2afb40c75382488d3b1e337ce4f1e45b0c6?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.11.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:b3c2ce5bb5f18510cbec121264f167abd4ce3f2245640bfbc1dff42b093f2e4d_arm64", "product": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:b3c2ce5bb5f18510cbec121264f167abd4ce3f2245640bfbc1dff42b093f2e4d_arm64", "product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:b3c2ce5bb5f18510cbec121264f167abd4ce3f2245640bfbc1dff42b093f2e4d_arm64", "product_identification_helper": { "purl": "pkg:oci/argo-rollouts-rhel8@sha256:b3c2ce5bb5f18510cbec121264f167abd4ce3f2245640bfbc1dff42b093f2e4d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.11.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/console-plugin-rhel8@sha256:2a18498dd55a7220a3cb95206cc200cec9c755c38736ad58f6e7e7b940869d4a_arm64", "product": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:2a18498dd55a7220a3cb95206cc200cec9c755c38736ad58f6e7e7b940869d4a_arm64", "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:2a18498dd55a7220a3cb95206cc200cec9c755c38736ad58f6e7e7b940869d4a_arm64", "product_identification_helper": { "purl": "pkg:oci/console-plugin-rhel8@sha256:2a18498dd55a7220a3cb95206cc200cec9c755c38736ad58f6e7e7b940869d4a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.11.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8@sha256:3b42204307b0f129ecca6160f1ef0fd076ae84493ab3bc22b11a80dbd7eab0c1_arm64", "product": { "name": "openshift-gitops-1/gitops-rhel8@sha256:3b42204307b0f129ecca6160f1ef0fd076ae84493ab3bc22b11a80dbd7eab0c1_arm64", "product_id": "openshift-gitops-1/gitops-rhel8@sha256:3b42204307b0f129ecca6160f1ef0fd076ae84493ab3bc22b11a80dbd7eab0c1_arm64", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8@sha256:3b42204307b0f129ecca6160f1ef0fd076ae84493ab3bc22b11a80dbd7eab0c1?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.11.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/dex-rhel8@sha256:797dbf9aa33b3b00cca9a0f31bebff7ab35dc1e5d1bfd99ebb0aa74b7550cad1_arm64", "product": { "name": "openshift-gitops-1/dex-rhel8@sha256:797dbf9aa33b3b00cca9a0f31bebff7ab35dc1e5d1bfd99ebb0aa74b7550cad1_arm64", "product_id": "openshift-gitops-1/dex-rhel8@sha256:797dbf9aa33b3b00cca9a0f31bebff7ab35dc1e5d1bfd99ebb0aa74b7550cad1_arm64", "product_identification_helper": { "purl": "pkg:oci/dex-rhel8@sha256:797dbf9aa33b3b00cca9a0f31bebff7ab35dc1e5d1bfd99ebb0aa74b7550cad1?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.11.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:dc2d8ee2b6a5cb23a84b457fa8b2ec8512cb71ef8aec0f651924dab8b6702f2a_arm64", "product": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:dc2d8ee2b6a5cb23a84b457fa8b2ec8512cb71ef8aec0f651924dab8b6702f2a_arm64", "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:dc2d8ee2b6a5cb23a84b457fa8b2ec8512cb71ef8aec0f651924dab8b6702f2a_arm64", "product_identification_helper": { "purl": "pkg:oci/kam-delivery-rhel8@sha256:dc2d8ee2b6a5cb23a84b457fa8b2ec8512cb71ef8aec0f651924dab8b6702f2a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.11.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/must-gather-rhel8@sha256:cad722d913cd44aceb3caa78b87477e3283e4ce9f1e90e5f74f4ddd74d89aeaf_arm64", "product": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:cad722d913cd44aceb3caa78b87477e3283e4ce9f1e90e5f74f4ddd74d89aeaf_arm64", "product_id": "openshift-gitops-1/must-gather-rhel8@sha256:cad722d913cd44aceb3caa78b87477e3283e4ce9f1e90e5f74f4ddd74d89aeaf_arm64", "product_identification_helper": { "purl": "pkg:oci/must-gather-rhel8@sha256:cad722d913cd44aceb3caa78b87477e3283e4ce9f1e90e5f74f4ddd74d89aeaf?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.11.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:2ed30e3026e13ca181a8c31dc760986b6b6183f3ac602ea7eeb88b180e80daa2_arm64", "product": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:2ed30e3026e13ca181a8c31dc760986b6b6183f3ac602ea7eeb88b180e80daa2_arm64", "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:2ed30e3026e13ca181a8c31dc760986b6b6183f3ac602ea7eeb88b180e80daa2_arm64", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8-operator@sha256:2ed30e3026e13ca181a8c31dc760986b6b6183f3ac602ea7eeb88b180e80daa2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.11.2-2" } } } ], "category": "architecture", "name": "arm64" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-1/argocd-rhel8@sha256:1a8e335f35cf56d858c92b03bf9f13e2ef3bd326a5155e022517130ee4fb2e44_s390x", "product": { "name": "openshift-gitops-1/argocd-rhel8@sha256:1a8e335f35cf56d858c92b03bf9f13e2ef3bd326a5155e022517130ee4fb2e44_s390x", "product_id": "openshift-gitops-1/argocd-rhel8@sha256:1a8e335f35cf56d858c92b03bf9f13e2ef3bd326a5155e022517130ee4fb2e44_s390x", "product_identification_helper": { "purl": "pkg:oci/argocd-rhel8@sha256:1a8e335f35cf56d858c92b03bf9f13e2ef3bd326a5155e022517130ee4fb2e44?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.11.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:93769a67b9b6b8795a11f3e1c77ea8a41084f0aea164244d48cdecc7aef7ec46_s390x", "product": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:93769a67b9b6b8795a11f3e1c77ea8a41084f0aea164244d48cdecc7aef7ec46_s390x", "product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:93769a67b9b6b8795a11f3e1c77ea8a41084f0aea164244d48cdecc7aef7ec46_s390x", "product_identification_helper": { "purl": "pkg:oci/argo-rollouts-rhel8@sha256:93769a67b9b6b8795a11f3e1c77ea8a41084f0aea164244d48cdecc7aef7ec46?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.11.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/console-plugin-rhel8@sha256:1681e954c99a358ae92d01a0e822068e5b1e0d390cd510a4a703140767a48e0d_s390x", "product": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:1681e954c99a358ae92d01a0e822068e5b1e0d390cd510a4a703140767a48e0d_s390x", "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:1681e954c99a358ae92d01a0e822068e5b1e0d390cd510a4a703140767a48e0d_s390x", "product_identification_helper": { "purl": "pkg:oci/console-plugin-rhel8@sha256:1681e954c99a358ae92d01a0e822068e5b1e0d390cd510a4a703140767a48e0d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.11.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8@sha256:977be039dfe7e0b53fc984030eabe31d027cda5457955a9c78bfcf670fed3d75_s390x", "product": { "name": "openshift-gitops-1/gitops-rhel8@sha256:977be039dfe7e0b53fc984030eabe31d027cda5457955a9c78bfcf670fed3d75_s390x", "product_id": "openshift-gitops-1/gitops-rhel8@sha256:977be039dfe7e0b53fc984030eabe31d027cda5457955a9c78bfcf670fed3d75_s390x", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8@sha256:977be039dfe7e0b53fc984030eabe31d027cda5457955a9c78bfcf670fed3d75?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.11.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/dex-rhel8@sha256:f51071e02ac671512e0bc87a69a4247208ece219a671a6975a8b603689f16821_s390x", "product": { "name": "openshift-gitops-1/dex-rhel8@sha256:f51071e02ac671512e0bc87a69a4247208ece219a671a6975a8b603689f16821_s390x", "product_id": "openshift-gitops-1/dex-rhel8@sha256:f51071e02ac671512e0bc87a69a4247208ece219a671a6975a8b603689f16821_s390x", "product_identification_helper": { "purl": "pkg:oci/dex-rhel8@sha256:f51071e02ac671512e0bc87a69a4247208ece219a671a6975a8b603689f16821?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.11.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:517b591c2f38fd4d7b14d3dd957569b5b862d950552c96b7d7c3d4f30c0c3e1c_s390x", "product": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:517b591c2f38fd4d7b14d3dd957569b5b862d950552c96b7d7c3d4f30c0c3e1c_s390x", "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:517b591c2f38fd4d7b14d3dd957569b5b862d950552c96b7d7c3d4f30c0c3e1c_s390x", "product_identification_helper": { "purl": "pkg:oci/kam-delivery-rhel8@sha256:517b591c2f38fd4d7b14d3dd957569b5b862d950552c96b7d7c3d4f30c0c3e1c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.11.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/must-gather-rhel8@sha256:697ec831988f516a1387675acf0325a495af4cc4140ca5bf4698c51367e78ebd_s390x", "product": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:697ec831988f516a1387675acf0325a495af4cc4140ca5bf4698c51367e78ebd_s390x", "product_id": "openshift-gitops-1/must-gather-rhel8@sha256:697ec831988f516a1387675acf0325a495af4cc4140ca5bf4698c51367e78ebd_s390x", "product_identification_helper": { "purl": "pkg:oci/must-gather-rhel8@sha256:697ec831988f516a1387675acf0325a495af4cc4140ca5bf4698c51367e78ebd?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.11.2-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:353368e67b2749bb0ec018cb0a5b3ae9d10881e7bc3a207dda43790b27e1dd5b_s390x", "product": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:353368e67b2749bb0ec018cb0a5b3ae9d10881e7bc3a207dda43790b27e1dd5b_s390x", "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:353368e67b2749bb0ec018cb0a5b3ae9d10881e7bc3a207dda43790b27e1dd5b_s390x", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8-operator@sha256:353368e67b2749bb0ec018cb0a5b3ae9d10881e7bc3a207dda43790b27e1dd5b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.11.2-2" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:7ade7c64aedd610fa822b8366522ac480e973bc84c73a2a03a68a78fbcd4f614_amd64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:7ade7c64aedd610fa822b8366522ac480e973bc84c73a2a03a68a78fbcd4f614_amd64" }, "product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:7ade7c64aedd610fa822b8366522ac480e973bc84c73a2a03a68a78fbcd4f614_amd64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:93769a67b9b6b8795a11f3e1c77ea8a41084f0aea164244d48cdecc7aef7ec46_s390x as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:93769a67b9b6b8795a11f3e1c77ea8a41084f0aea164244d48cdecc7aef7ec46_s390x" }, "product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:93769a67b9b6b8795a11f3e1c77ea8a41084f0aea164244d48cdecc7aef7ec46_s390x", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:963b67a8e1ec1b9f08a869a4233dc017ec57b50e083fe3434bf143789c58c5a6_ppc64le as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:963b67a8e1ec1b9f08a869a4233dc017ec57b50e083fe3434bf143789c58c5a6_ppc64le" }, "product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:963b67a8e1ec1b9f08a869a4233dc017ec57b50e083fe3434bf143789c58c5a6_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:b3c2ce5bb5f18510cbec121264f167abd4ce3f2245640bfbc1dff42b093f2e4d_arm64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:b3c2ce5bb5f18510cbec121264f167abd4ce3f2245640bfbc1dff42b093f2e4d_arm64" }, "product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:b3c2ce5bb5f18510cbec121264f167abd4ce3f2245640bfbc1dff42b093f2e4d_arm64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argocd-rhel8@sha256:1a8e335f35cf56d858c92b03bf9f13e2ef3bd326a5155e022517130ee4fb2e44_s390x as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:1a8e335f35cf56d858c92b03bf9f13e2ef3bd326a5155e022517130ee4fb2e44_s390x" }, "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:1a8e335f35cf56d858c92b03bf9f13e2ef3bd326a5155e022517130ee4fb2e44_s390x", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argocd-rhel8@sha256:5661b095173b6ac4e5933708a99ad74d671200e2790eccdc403cbc33ac0309ef_amd64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:5661b095173b6ac4e5933708a99ad74d671200e2790eccdc403cbc33ac0309ef_amd64" }, "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:5661b095173b6ac4e5933708a99ad74d671200e2790eccdc403cbc33ac0309ef_amd64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argocd-rhel8@sha256:e4cb3df8c0b83ba2c8f56fa06754c2afb40c75382488d3b1e337ce4f1e45b0c6_arm64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:e4cb3df8c0b83ba2c8f56fa06754c2afb40c75382488d3b1e337ce4f1e45b0c6_arm64" }, "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:e4cb3df8c0b83ba2c8f56fa06754c2afb40c75382488d3b1e337ce4f1e45b0c6_arm64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argocd-rhel8@sha256:e82216628e8fe91dffaa78b0653b148e55035b459ca4c283a33f4439ce1edb3f_ppc64le as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:e82216628e8fe91dffaa78b0653b148e55035b459ca4c283a33f4439ce1edb3f_ppc64le" }, "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:e82216628e8fe91dffaa78b0653b148e55035b459ca4c283a33f4439ce1edb3f_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:1681e954c99a358ae92d01a0e822068e5b1e0d390cd510a4a703140767a48e0d_s390x as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:1681e954c99a358ae92d01a0e822068e5b1e0d390cd510a4a703140767a48e0d_s390x" }, "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:1681e954c99a358ae92d01a0e822068e5b1e0d390cd510a4a703140767a48e0d_s390x", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:2a18498dd55a7220a3cb95206cc200cec9c755c38736ad58f6e7e7b940869d4a_arm64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:2a18498dd55a7220a3cb95206cc200cec9c755c38736ad58f6e7e7b940869d4a_arm64" }, "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:2a18498dd55a7220a3cb95206cc200cec9c755c38736ad58f6e7e7b940869d4a_arm64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:8a400a97552170760891915c4855c9ae302c62588ad59a35c8aa2443f5482b0d_ppc64le as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:8a400a97552170760891915c4855c9ae302c62588ad59a35c8aa2443f5482b0d_ppc64le" }, "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:8a400a97552170760891915c4855c9ae302c62588ad59a35c8aa2443f5482b0d_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:fc0966ae2216547e28efc61461f37ec1320b06ff0c29f4f93150b0e2cd091e1d_amd64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:fc0966ae2216547e28efc61461f37ec1320b06ff0c29f4f93150b0e2cd091e1d_amd64" }, "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:fc0966ae2216547e28efc61461f37ec1320b06ff0c29f4f93150b0e2cd091e1d_amd64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/dex-rhel8@sha256:57d8fa22347e327bb163fb0d7e3710f83f1b2dd248acd0be5f3d8562b55197bb_amd64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:57d8fa22347e327bb163fb0d7e3710f83f1b2dd248acd0be5f3d8562b55197bb_amd64" }, "product_reference": "openshift-gitops-1/dex-rhel8@sha256:57d8fa22347e327bb163fb0d7e3710f83f1b2dd248acd0be5f3d8562b55197bb_amd64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/dex-rhel8@sha256:5eccc3f29285dcbf796181cf9d29725d1be68d6f7ecc7e1152fe943708066505_ppc64le as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:5eccc3f29285dcbf796181cf9d29725d1be68d6f7ecc7e1152fe943708066505_ppc64le" }, "product_reference": "openshift-gitops-1/dex-rhel8@sha256:5eccc3f29285dcbf796181cf9d29725d1be68d6f7ecc7e1152fe943708066505_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/dex-rhel8@sha256:797dbf9aa33b3b00cca9a0f31bebff7ab35dc1e5d1bfd99ebb0aa74b7550cad1_arm64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:797dbf9aa33b3b00cca9a0f31bebff7ab35dc1e5d1bfd99ebb0aa74b7550cad1_arm64" }, "product_reference": "openshift-gitops-1/dex-rhel8@sha256:797dbf9aa33b3b00cca9a0f31bebff7ab35dc1e5d1bfd99ebb0aa74b7550cad1_arm64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/dex-rhel8@sha256:f51071e02ac671512e0bc87a69a4247208ece219a671a6975a8b603689f16821_s390x as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:f51071e02ac671512e0bc87a69a4247208ece219a671a6975a8b603689f16821_s390x" }, "product_reference": "openshift-gitops-1/dex-rhel8@sha256:f51071e02ac671512e0bc87a69a4247208ece219a671a6975a8b603689f16821_s390x", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-operator-bundle@sha256:32efac25ae3acebe9de6252c9ed46c3e8f3011bed3353b8ec6a88457a026d80a_amd64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/gitops-operator-bundle@sha256:32efac25ae3acebe9de6252c9ed46c3e8f3011bed3353b8ec6a88457a026d80a_amd64" }, "product_reference": "openshift-gitops-1/gitops-operator-bundle@sha256:32efac25ae3acebe9de6252c9ed46c3e8f3011bed3353b8ec6a88457a026d80a_amd64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:2ed30e3026e13ca181a8c31dc760986b6b6183f3ac602ea7eeb88b180e80daa2_arm64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:2ed30e3026e13ca181a8c31dc760986b6b6183f3ac602ea7eeb88b180e80daa2_arm64" }, "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:2ed30e3026e13ca181a8c31dc760986b6b6183f3ac602ea7eeb88b180e80daa2_arm64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:353368e67b2749bb0ec018cb0a5b3ae9d10881e7bc3a207dda43790b27e1dd5b_s390x as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:353368e67b2749bb0ec018cb0a5b3ae9d10881e7bc3a207dda43790b27e1dd5b_s390x" }, "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:353368e67b2749bb0ec018cb0a5b3ae9d10881e7bc3a207dda43790b27e1dd5b_s390x", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:3e3bd3ff2f09371d3fdbad3468daadadb8f426a3210dcfbd4d5e17e071f68e06_ppc64le as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:3e3bd3ff2f09371d3fdbad3468daadadb8f426a3210dcfbd4d5e17e071f68e06_ppc64le" }, "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:3e3bd3ff2f09371d3fdbad3468daadadb8f426a3210dcfbd4d5e17e071f68e06_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:f33126d9622317c68bff1b482ec97cdb8ab135168528740d3d7e1aa70c4daed2_amd64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:f33126d9622317c68bff1b482ec97cdb8ab135168528740d3d7e1aa70c4daed2_amd64" }, "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:f33126d9622317c68bff1b482ec97cdb8ab135168528740d3d7e1aa70c4daed2_amd64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8@sha256:3b42204307b0f129ecca6160f1ef0fd076ae84493ab3bc22b11a80dbd7eab0c1_arm64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:3b42204307b0f129ecca6160f1ef0fd076ae84493ab3bc22b11a80dbd7eab0c1_arm64" }, "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:3b42204307b0f129ecca6160f1ef0fd076ae84493ab3bc22b11a80dbd7eab0c1_arm64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8@sha256:977be039dfe7e0b53fc984030eabe31d027cda5457955a9c78bfcf670fed3d75_s390x as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:977be039dfe7e0b53fc984030eabe31d027cda5457955a9c78bfcf670fed3d75_s390x" }, "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:977be039dfe7e0b53fc984030eabe31d027cda5457955a9c78bfcf670fed3d75_s390x", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8@sha256:b7d7a1090c008b96f4837062e5d44f1666a6181a96933d9de7d010a470e764af_ppc64le as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:b7d7a1090c008b96f4837062e5d44f1666a6181a96933d9de7d010a470e764af_ppc64le" }, "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:b7d7a1090c008b96f4837062e5d44f1666a6181a96933d9de7d010a470e764af_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8@sha256:ba4bd092cd6712005677949f9369b53f089d68a7c1e8a28a4d0584d120eca039_amd64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:ba4bd092cd6712005677949f9369b53f089d68a7c1e8a28a4d0584d120eca039_amd64" }, "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:ba4bd092cd6712005677949f9369b53f089d68a7c1e8a28a4d0584d120eca039_amd64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:517b591c2f38fd4d7b14d3dd957569b5b862d950552c96b7d7c3d4f30c0c3e1c_s390x as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:517b591c2f38fd4d7b14d3dd957569b5b862d950552c96b7d7c3d4f30c0c3e1c_s390x" }, "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:517b591c2f38fd4d7b14d3dd957569b5b862d950552c96b7d7c3d4f30c0c3e1c_s390x", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:8bd3a68563363904ea589b23b71fb49bbf6264a632cfab20e792fdc119ff8981_amd64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:8bd3a68563363904ea589b23b71fb49bbf6264a632cfab20e792fdc119ff8981_amd64" }, "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:8bd3a68563363904ea589b23b71fb49bbf6264a632cfab20e792fdc119ff8981_amd64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:dc2d8ee2b6a5cb23a84b457fa8b2ec8512cb71ef8aec0f651924dab8b6702f2a_arm64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:dc2d8ee2b6a5cb23a84b457fa8b2ec8512cb71ef8aec0f651924dab8b6702f2a_arm64" }, "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:dc2d8ee2b6a5cb23a84b457fa8b2ec8512cb71ef8aec0f651924dab8b6702f2a_arm64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:f51fd302417f7171ba723e0ea5df0305253a652e247b8737b60b465e3573a6e2_ppc64le as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:f51fd302417f7171ba723e0ea5df0305253a652e247b8737b60b465e3573a6e2_ppc64le" }, "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:f51fd302417f7171ba723e0ea5df0305253a652e247b8737b60b465e3573a6e2_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:308dde69749187080fecd3d82aa4a08ed3ac1c9f4e98ef502b6f7afd9023e1ba_amd64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:308dde69749187080fecd3d82aa4a08ed3ac1c9f4e98ef502b6f7afd9023e1ba_amd64" }, "product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:308dde69749187080fecd3d82aa4a08ed3ac1c9f4e98ef502b6f7afd9023e1ba_amd64", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:697ec831988f516a1387675acf0325a495af4cc4140ca5bf4698c51367e78ebd_s390x as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:697ec831988f516a1387675acf0325a495af4cc4140ca5bf4698c51367e78ebd_s390x" }, "product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:697ec831988f516a1387675acf0325a495af4cc4140ca5bf4698c51367e78ebd_s390x", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:96969f9e59b59364e239498d71b53d6faae74dabe9ea2ef5180d28833fbb6956_ppc64le as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:96969f9e59b59364e239498d71b53d6faae74dabe9ea2ef5180d28833fbb6956_ppc64le" }, "product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:96969f9e59b59364e239498d71b53d6faae74dabe9ea2ef5180d28833fbb6956_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:cad722d913cd44aceb3caa78b87477e3283e4ce9f1e90e5f74f4ddd74d89aeaf_arm64 as a component of Red Hat OpenShift GitOps 1.11", "product_id": "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:cad722d913cd44aceb3caa78b87477e3283e4ce9f1e90e5f74f4ddd74d89aeaf_arm64" }, "product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:cad722d913cd44aceb3caa78b87477e3283e4ce9f1e90e5f74f4ddd74d89aeaf_arm64", "relates_to_product_reference": "8Base-GitOps-1.11" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-28175", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2024-03-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268518" } ], "notes": [ { "category": "description", "text": "A flaw was found in Argo CD. Due to improper filtering of URL protocols in the application summary component, a remote attacker can execute a cross-site scripting (XSS) attack with privileges to edit the application.", "title": "Vulnerability description" }, { "category": "summary", "text": "argo-cd: XSS vulnerability in application summary component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:7ade7c64aedd610fa822b8366522ac480e973bc84c73a2a03a68a78fbcd4f614_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:93769a67b9b6b8795a11f3e1c77ea8a41084f0aea164244d48cdecc7aef7ec46_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:963b67a8e1ec1b9f08a869a4233dc017ec57b50e083fe3434bf143789c58c5a6_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:b3c2ce5bb5f18510cbec121264f167abd4ce3f2245640bfbc1dff42b093f2e4d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:1a8e335f35cf56d858c92b03bf9f13e2ef3bd326a5155e022517130ee4fb2e44_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:5661b095173b6ac4e5933708a99ad74d671200e2790eccdc403cbc33ac0309ef_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:e4cb3df8c0b83ba2c8f56fa06754c2afb40c75382488d3b1e337ce4f1e45b0c6_arm64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:e82216628e8fe91dffaa78b0653b148e55035b459ca4c283a33f4439ce1edb3f_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:1681e954c99a358ae92d01a0e822068e5b1e0d390cd510a4a703140767a48e0d_s390x", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:2a18498dd55a7220a3cb95206cc200cec9c755c38736ad58f6e7e7b940869d4a_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:8a400a97552170760891915c4855c9ae302c62588ad59a35c8aa2443f5482b0d_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:fc0966ae2216547e28efc61461f37ec1320b06ff0c29f4f93150b0e2cd091e1d_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:57d8fa22347e327bb163fb0d7e3710f83f1b2dd248acd0be5f3d8562b55197bb_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:5eccc3f29285dcbf796181cf9d29725d1be68d6f7ecc7e1152fe943708066505_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:797dbf9aa33b3b00cca9a0f31bebff7ab35dc1e5d1bfd99ebb0aa74b7550cad1_arm64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:f51071e02ac671512e0bc87a69a4247208ece219a671a6975a8b603689f16821_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-operator-bundle@sha256:32efac25ae3acebe9de6252c9ed46c3e8f3011bed3353b8ec6a88457a026d80a_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:2ed30e3026e13ca181a8c31dc760986b6b6183f3ac602ea7eeb88b180e80daa2_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:353368e67b2749bb0ec018cb0a5b3ae9d10881e7bc3a207dda43790b27e1dd5b_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:3e3bd3ff2f09371d3fdbad3468daadadb8f426a3210dcfbd4d5e17e071f68e06_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:f33126d9622317c68bff1b482ec97cdb8ab135168528740d3d7e1aa70c4daed2_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:3b42204307b0f129ecca6160f1ef0fd076ae84493ab3bc22b11a80dbd7eab0c1_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:977be039dfe7e0b53fc984030eabe31d027cda5457955a9c78bfcf670fed3d75_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:b7d7a1090c008b96f4837062e5d44f1666a6181a96933d9de7d010a470e764af_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:ba4bd092cd6712005677949f9369b53f089d68a7c1e8a28a4d0584d120eca039_amd64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:517b591c2f38fd4d7b14d3dd957569b5b862d950552c96b7d7c3d4f30c0c3e1c_s390x", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:8bd3a68563363904ea589b23b71fb49bbf6264a632cfab20e792fdc119ff8981_amd64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:dc2d8ee2b6a5cb23a84b457fa8b2ec8512cb71ef8aec0f651924dab8b6702f2a_arm64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:f51fd302417f7171ba723e0ea5df0305253a652e247b8737b60b465e3573a6e2_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:308dde69749187080fecd3d82aa4a08ed3ac1c9f4e98ef502b6f7afd9023e1ba_amd64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:697ec831988f516a1387675acf0325a495af4cc4140ca5bf4698c51367e78ebd_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:96969f9e59b59364e239498d71b53d6faae74dabe9ea2ef5180d28833fbb6956_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:cad722d913cd44aceb3caa78b87477e3283e4ce9f1e90e5f74f4ddd74d89aeaf_arm64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-28175" }, { "category": "external", "summary": "RHBZ#2268518", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268518" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28175", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28175" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28175", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28175" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-jwv5-8mqv-g387", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-jwv5-8mqv-g387" } ], "release_date": "2024-03-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-03-16T00:33:34+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:7ade7c64aedd610fa822b8366522ac480e973bc84c73a2a03a68a78fbcd4f614_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:93769a67b9b6b8795a11f3e1c77ea8a41084f0aea164244d48cdecc7aef7ec46_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:963b67a8e1ec1b9f08a869a4233dc017ec57b50e083fe3434bf143789c58c5a6_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:b3c2ce5bb5f18510cbec121264f167abd4ce3f2245640bfbc1dff42b093f2e4d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:1a8e335f35cf56d858c92b03bf9f13e2ef3bd326a5155e022517130ee4fb2e44_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:5661b095173b6ac4e5933708a99ad74d671200e2790eccdc403cbc33ac0309ef_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:e4cb3df8c0b83ba2c8f56fa06754c2afb40c75382488d3b1e337ce4f1e45b0c6_arm64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:e82216628e8fe91dffaa78b0653b148e55035b459ca4c283a33f4439ce1edb3f_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:1681e954c99a358ae92d01a0e822068e5b1e0d390cd510a4a703140767a48e0d_s390x", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:2a18498dd55a7220a3cb95206cc200cec9c755c38736ad58f6e7e7b940869d4a_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:8a400a97552170760891915c4855c9ae302c62588ad59a35c8aa2443f5482b0d_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:fc0966ae2216547e28efc61461f37ec1320b06ff0c29f4f93150b0e2cd091e1d_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:57d8fa22347e327bb163fb0d7e3710f83f1b2dd248acd0be5f3d8562b55197bb_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:5eccc3f29285dcbf796181cf9d29725d1be68d6f7ecc7e1152fe943708066505_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:797dbf9aa33b3b00cca9a0f31bebff7ab35dc1e5d1bfd99ebb0aa74b7550cad1_arm64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:f51071e02ac671512e0bc87a69a4247208ece219a671a6975a8b603689f16821_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-operator-bundle@sha256:32efac25ae3acebe9de6252c9ed46c3e8f3011bed3353b8ec6a88457a026d80a_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:2ed30e3026e13ca181a8c31dc760986b6b6183f3ac602ea7eeb88b180e80daa2_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:353368e67b2749bb0ec018cb0a5b3ae9d10881e7bc3a207dda43790b27e1dd5b_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:3e3bd3ff2f09371d3fdbad3468daadadb8f426a3210dcfbd4d5e17e071f68e06_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:f33126d9622317c68bff1b482ec97cdb8ab135168528740d3d7e1aa70c4daed2_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:3b42204307b0f129ecca6160f1ef0fd076ae84493ab3bc22b11a80dbd7eab0c1_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:977be039dfe7e0b53fc984030eabe31d027cda5457955a9c78bfcf670fed3d75_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:b7d7a1090c008b96f4837062e5d44f1666a6181a96933d9de7d010a470e764af_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:ba4bd092cd6712005677949f9369b53f089d68a7c1e8a28a4d0584d120eca039_amd64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:517b591c2f38fd4d7b14d3dd957569b5b862d950552c96b7d7c3d4f30c0c3e1c_s390x", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:8bd3a68563363904ea589b23b71fb49bbf6264a632cfab20e792fdc119ff8981_amd64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:dc2d8ee2b6a5cb23a84b457fa8b2ec8512cb71ef8aec0f651924dab8b6702f2a_arm64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:f51fd302417f7171ba723e0ea5df0305253a652e247b8737b60b465e3573a6e2_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:308dde69749187080fecd3d82aa4a08ed3ac1c9f4e98ef502b6f7afd9023e1ba_amd64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:697ec831988f516a1387675acf0325a495af4cc4140ca5bf4698c51367e78ebd_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:96969f9e59b59364e239498d71b53d6faae74dabe9ea2ef5180d28833fbb6956_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:cad722d913cd44aceb3caa78b87477e3283e4ce9f1e90e5f74f4ddd74d89aeaf_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1346" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:H", "version": "3.1" }, "products": [ "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:7ade7c64aedd610fa822b8366522ac480e973bc84c73a2a03a68a78fbcd4f614_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:93769a67b9b6b8795a11f3e1c77ea8a41084f0aea164244d48cdecc7aef7ec46_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:963b67a8e1ec1b9f08a869a4233dc017ec57b50e083fe3434bf143789c58c5a6_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/argo-rollouts-rhel8@sha256:b3c2ce5bb5f18510cbec121264f167abd4ce3f2245640bfbc1dff42b093f2e4d_arm64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:1a8e335f35cf56d858c92b03bf9f13e2ef3bd326a5155e022517130ee4fb2e44_s390x", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:5661b095173b6ac4e5933708a99ad74d671200e2790eccdc403cbc33ac0309ef_amd64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:e4cb3df8c0b83ba2c8f56fa06754c2afb40c75382488d3b1e337ce4f1e45b0c6_arm64", "8Base-GitOps-1.11:openshift-gitops-1/argocd-rhel8@sha256:e82216628e8fe91dffaa78b0653b148e55035b459ca4c283a33f4439ce1edb3f_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:1681e954c99a358ae92d01a0e822068e5b1e0d390cd510a4a703140767a48e0d_s390x", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:2a18498dd55a7220a3cb95206cc200cec9c755c38736ad58f6e7e7b940869d4a_arm64", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:8a400a97552170760891915c4855c9ae302c62588ad59a35c8aa2443f5482b0d_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/console-plugin-rhel8@sha256:fc0966ae2216547e28efc61461f37ec1320b06ff0c29f4f93150b0e2cd091e1d_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:57d8fa22347e327bb163fb0d7e3710f83f1b2dd248acd0be5f3d8562b55197bb_amd64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:5eccc3f29285dcbf796181cf9d29725d1be68d6f7ecc7e1152fe943708066505_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:797dbf9aa33b3b00cca9a0f31bebff7ab35dc1e5d1bfd99ebb0aa74b7550cad1_arm64", "8Base-GitOps-1.11:openshift-gitops-1/dex-rhel8@sha256:f51071e02ac671512e0bc87a69a4247208ece219a671a6975a8b603689f16821_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-operator-bundle@sha256:32efac25ae3acebe9de6252c9ed46c3e8f3011bed3353b8ec6a88457a026d80a_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:2ed30e3026e13ca181a8c31dc760986b6b6183f3ac602ea7eeb88b180e80daa2_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:353368e67b2749bb0ec018cb0a5b3ae9d10881e7bc3a207dda43790b27e1dd5b_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:3e3bd3ff2f09371d3fdbad3468daadadb8f426a3210dcfbd4d5e17e071f68e06_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8-operator@sha256:f33126d9622317c68bff1b482ec97cdb8ab135168528740d3d7e1aa70c4daed2_amd64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:3b42204307b0f129ecca6160f1ef0fd076ae84493ab3bc22b11a80dbd7eab0c1_arm64", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:977be039dfe7e0b53fc984030eabe31d027cda5457955a9c78bfcf670fed3d75_s390x", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:b7d7a1090c008b96f4837062e5d44f1666a6181a96933d9de7d010a470e764af_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/gitops-rhel8@sha256:ba4bd092cd6712005677949f9369b53f089d68a7c1e8a28a4d0584d120eca039_amd64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:517b591c2f38fd4d7b14d3dd957569b5b862d950552c96b7d7c3d4f30c0c3e1c_s390x", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:8bd3a68563363904ea589b23b71fb49bbf6264a632cfab20e792fdc119ff8981_amd64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:dc2d8ee2b6a5cb23a84b457fa8b2ec8512cb71ef8aec0f651924dab8b6702f2a_arm64", "8Base-GitOps-1.11:openshift-gitops-1/kam-delivery-rhel8@sha256:f51fd302417f7171ba723e0ea5df0305253a652e247b8737b60b465e3573a6e2_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:308dde69749187080fecd3d82aa4a08ed3ac1c9f4e98ef502b6f7afd9023e1ba_amd64", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:697ec831988f516a1387675acf0325a495af4cc4140ca5bf4698c51367e78ebd_s390x", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:96969f9e59b59364e239498d71b53d6faae74dabe9ea2ef5180d28833fbb6956_ppc64le", "8Base-GitOps-1.11:openshift-gitops-1/must-gather-rhel8@sha256:cad722d913cd44aceb3caa78b87477e3283e4ce9f1e90e5f74f4ddd74d89aeaf_arm64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "argo-cd: XSS vulnerability in application summary component" } ] }
rhsa-2024_1345
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat OpenShift GitOps 1.10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.\n\nSecurity Fix(es):\n\n* Before this update, due to the improper filtering of URL protocols in the Argo CD application summary component, an attacker could achieve cross-site scripting with permission to edit the application. This update fixes the issue by upgrading the Argo CD version to v2.8.12 which has the fix applied and is therefore not vulnerable (CVE-2024-28175)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:1345", "url": "https://access.redhat.com/errata/RHSA-2024:1345" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://docs.openshift.com/gitops/1.10/understanding_openshift_gitops/about-redhat-openshift-gitops.html", "url": "https://docs.openshift.com/gitops/1.10/understanding_openshift_gitops/about-redhat-openshift-gitops.html" }, { "category": "external", "summary": "2268518", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268518" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1345.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift GitOps security update", "tracking": { "current_release_date": "2024-11-24T12:46:21+00:00", "generator": { "date": "2024-11-24T12:46:21+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2024:1345", "initial_release_date": "2024-03-15T17:29:47+00:00", "revision_history": [ { "date": "2024-03-15T17:29:47+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-03-15T17:29:47+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-24T12:46:21+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift GitOps 1.10", "product": { "name": "Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_gitops:1.10::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift GitOps" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-1/argocd-rhel8@sha256:7cb494d99634885e90b74a6c0a34ed3334080d9c07eea6aed5391c70f91fcf98_amd64", "product": { "name": "openshift-gitops-1/argocd-rhel8@sha256:7cb494d99634885e90b74a6c0a34ed3334080d9c07eea6aed5391c70f91fcf98_amd64", "product_id": "openshift-gitops-1/argocd-rhel8@sha256:7cb494d99634885e90b74a6c0a34ed3334080d9c07eea6aed5391c70f91fcf98_amd64", "product_identification_helper": { "purl": "pkg:oci/argocd-rhel8@sha256:7cb494d99634885e90b74a6c0a34ed3334080d9c07eea6aed5391c70f91fcf98?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.10.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:ec5a025c5f521427b6b351df83f84609dc613206fd7a425bb1c52db5bcaeabc5_amd64", "product": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:ec5a025c5f521427b6b351df83f84609dc613206fd7a425bb1c52db5bcaeabc5_amd64", "product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:ec5a025c5f521427b6b351df83f84609dc613206fd7a425bb1c52db5bcaeabc5_amd64", "product_identification_helper": { "purl": "pkg:oci/argo-rollouts-rhel8@sha256:ec5a025c5f521427b6b351df83f84609dc613206fd7a425bb1c52db5bcaeabc5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.10.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/console-plugin-rhel8@sha256:224a675cee09ab390a5d142df02f3b1ac027e2b990c032bf952b2f19b4991876_amd64", "product": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:224a675cee09ab390a5d142df02f3b1ac027e2b990c032bf952b2f19b4991876_amd64", "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:224a675cee09ab390a5d142df02f3b1ac027e2b990c032bf952b2f19b4991876_amd64", "product_identification_helper": { "purl": "pkg:oci/console-plugin-rhel8@sha256:224a675cee09ab390a5d142df02f3b1ac027e2b990c032bf952b2f19b4991876?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.10.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8@sha256:1f18050d0e9c10388d6361f9514f8db9b5fdaaf1edafd2a5809e9e816ed64c4b_amd64", "product": { "name": "openshift-gitops-1/gitops-rhel8@sha256:1f18050d0e9c10388d6361f9514f8db9b5fdaaf1edafd2a5809e9e816ed64c4b_amd64", "product_id": "openshift-gitops-1/gitops-rhel8@sha256:1f18050d0e9c10388d6361f9514f8db9b5fdaaf1edafd2a5809e9e816ed64c4b_amd64", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8@sha256:1f18050d0e9c10388d6361f9514f8db9b5fdaaf1edafd2a5809e9e816ed64c4b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.10.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/dex-rhel8@sha256:56d88fa414e3313d228061d6a646b2003d4c2272d98cfbac76e7e7823154ba5e_amd64", "product": { "name": "openshift-gitops-1/dex-rhel8@sha256:56d88fa414e3313d228061d6a646b2003d4c2272d98cfbac76e7e7823154ba5e_amd64", "product_id": "openshift-gitops-1/dex-rhel8@sha256:56d88fa414e3313d228061d6a646b2003d4c2272d98cfbac76e7e7823154ba5e_amd64", "product_identification_helper": { "purl": "pkg:oci/dex-rhel8@sha256:56d88fa414e3313d228061d6a646b2003d4c2272d98cfbac76e7e7823154ba5e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.10.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:280887260b20b2b96395c238b590985404e9dbd4340f840825c7383bdc1423ed_amd64", "product": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:280887260b20b2b96395c238b590985404e9dbd4340f840825c7383bdc1423ed_amd64", "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:280887260b20b2b96395c238b590985404e9dbd4340f840825c7383bdc1423ed_amd64", "product_identification_helper": { "purl": "pkg:oci/kam-delivery-rhel8@sha256:280887260b20b2b96395c238b590985404e9dbd4340f840825c7383bdc1423ed?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.10.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/must-gather-rhel8@sha256:7d32bfb51fe6b6f73209446b1387036c2453b4a185695149f69bf01c63e3b4e7_amd64", "product": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:7d32bfb51fe6b6f73209446b1387036c2453b4a185695149f69bf01c63e3b4e7_amd64", "product_id": "openshift-gitops-1/must-gather-rhel8@sha256:7d32bfb51fe6b6f73209446b1387036c2453b4a185695149f69bf01c63e3b4e7_amd64", "product_identification_helper": { "purl": "pkg:oci/must-gather-rhel8@sha256:7d32bfb51fe6b6f73209446b1387036c2453b4a185695149f69bf01c63e3b4e7?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.10.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-operator-bundle@sha256:e2f3dd4c2fd8f4b96cc52a16bd5f8612ae50286f1f828e3046803132827a744e_amd64", "product": { "name": "openshift-gitops-1/gitops-operator-bundle@sha256:e2f3dd4c2fd8f4b96cc52a16bd5f8612ae50286f1f828e3046803132827a744e_amd64", "product_id": "openshift-gitops-1/gitops-operator-bundle@sha256:e2f3dd4c2fd8f4b96cc52a16bd5f8612ae50286f1f828e3046803132827a744e_amd64", "product_identification_helper": { "purl": "pkg:oci/gitops-operator-bundle@sha256:e2f3dd4c2fd8f4b96cc52a16bd5f8612ae50286f1f828e3046803132827a744e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-operator-bundle\u0026tag=v1.10.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:84e0f709503a4e361f58a1e195e13d9cd18bd9fd12468c18a262af2f259314e4_amd64", "product": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:84e0f709503a4e361f58a1e195e13d9cd18bd9fd12468c18a262af2f259314e4_amd64", "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:84e0f709503a4e361f58a1e195e13d9cd18bd9fd12468c18a262af2f259314e4_amd64", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8-operator@sha256:84e0f709503a4e361f58a1e195e13d9cd18bd9fd12468c18a262af2f259314e4?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.10.3-2" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-1/argocd-rhel8@sha256:06b3f1d7954bb4bf996a4e322a88dcf34be9e0dc5c9460921042d24702cf9273_arm64", "product": { "name": "openshift-gitops-1/argocd-rhel8@sha256:06b3f1d7954bb4bf996a4e322a88dcf34be9e0dc5c9460921042d24702cf9273_arm64", "product_id": "openshift-gitops-1/argocd-rhel8@sha256:06b3f1d7954bb4bf996a4e322a88dcf34be9e0dc5c9460921042d24702cf9273_arm64", "product_identification_helper": { "purl": "pkg:oci/argocd-rhel8@sha256:06b3f1d7954bb4bf996a4e322a88dcf34be9e0dc5c9460921042d24702cf9273?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.10.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:ea49f6180d4745cae913a8a4afc8e1562cd305d013fe4dd146519caaafd77773_arm64", "product": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:ea49f6180d4745cae913a8a4afc8e1562cd305d013fe4dd146519caaafd77773_arm64", "product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:ea49f6180d4745cae913a8a4afc8e1562cd305d013fe4dd146519caaafd77773_arm64", "product_identification_helper": { "purl": "pkg:oci/argo-rollouts-rhel8@sha256:ea49f6180d4745cae913a8a4afc8e1562cd305d013fe4dd146519caaafd77773?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.10.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/console-plugin-rhel8@sha256:69384801212a7078e828b4c1607c5090353574c3cac15e19d45b9a3cd60b8041_arm64", "product": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:69384801212a7078e828b4c1607c5090353574c3cac15e19d45b9a3cd60b8041_arm64", "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:69384801212a7078e828b4c1607c5090353574c3cac15e19d45b9a3cd60b8041_arm64", "product_identification_helper": { "purl": "pkg:oci/console-plugin-rhel8@sha256:69384801212a7078e828b4c1607c5090353574c3cac15e19d45b9a3cd60b8041?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.10.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8@sha256:d416b2f0ea3b69436e418d9ea4478cf40482c08a89f970c11b85d418453ec0f5_arm64", "product": { "name": "openshift-gitops-1/gitops-rhel8@sha256:d416b2f0ea3b69436e418d9ea4478cf40482c08a89f970c11b85d418453ec0f5_arm64", "product_id": "openshift-gitops-1/gitops-rhel8@sha256:d416b2f0ea3b69436e418d9ea4478cf40482c08a89f970c11b85d418453ec0f5_arm64", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8@sha256:d416b2f0ea3b69436e418d9ea4478cf40482c08a89f970c11b85d418453ec0f5?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.10.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/dex-rhel8@sha256:14f25329da45fbcce1e51a2c170080e43d87d551a810c4d7e790c763b7988d68_arm64", "product": { "name": "openshift-gitops-1/dex-rhel8@sha256:14f25329da45fbcce1e51a2c170080e43d87d551a810c4d7e790c763b7988d68_arm64", "product_id": "openshift-gitops-1/dex-rhel8@sha256:14f25329da45fbcce1e51a2c170080e43d87d551a810c4d7e790c763b7988d68_arm64", "product_identification_helper": { "purl": "pkg:oci/dex-rhel8@sha256:14f25329da45fbcce1e51a2c170080e43d87d551a810c4d7e790c763b7988d68?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.10.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:c01da53b5844d5403f42a7fd2653e8b2e991ed4140bd85ec17a07df077e06768_arm64", "product": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:c01da53b5844d5403f42a7fd2653e8b2e991ed4140bd85ec17a07df077e06768_arm64", "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:c01da53b5844d5403f42a7fd2653e8b2e991ed4140bd85ec17a07df077e06768_arm64", "product_identification_helper": { "purl": "pkg:oci/kam-delivery-rhel8@sha256:c01da53b5844d5403f42a7fd2653e8b2e991ed4140bd85ec17a07df077e06768?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.10.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/must-gather-rhel8@sha256:dcd541930817cb186c98e28d6cd19d6718be1b5ee887326bf423524a71c30a80_arm64", "product": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:dcd541930817cb186c98e28d6cd19d6718be1b5ee887326bf423524a71c30a80_arm64", "product_id": "openshift-gitops-1/must-gather-rhel8@sha256:dcd541930817cb186c98e28d6cd19d6718be1b5ee887326bf423524a71c30a80_arm64", "product_identification_helper": { "purl": "pkg:oci/must-gather-rhel8@sha256:dcd541930817cb186c98e28d6cd19d6718be1b5ee887326bf423524a71c30a80?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.10.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:5b3a993c39b2256cdd11ca1dca87713271f49fe07d630f872582388e5132c454_arm64", "product": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:5b3a993c39b2256cdd11ca1dca87713271f49fe07d630f872582388e5132c454_arm64", "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:5b3a993c39b2256cdd11ca1dca87713271f49fe07d630f872582388e5132c454_arm64", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8-operator@sha256:5b3a993c39b2256cdd11ca1dca87713271f49fe07d630f872582388e5132c454?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.10.3-2" } } } ], "category": "architecture", "name": "arm64" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-1/argocd-rhel8@sha256:a66d01c15bcfeee90db04b8bdaabdfa995f80fd90d6e6d6397562c9afeffc39a_s390x", "product": { "name": "openshift-gitops-1/argocd-rhel8@sha256:a66d01c15bcfeee90db04b8bdaabdfa995f80fd90d6e6d6397562c9afeffc39a_s390x", "product_id": "openshift-gitops-1/argocd-rhel8@sha256:a66d01c15bcfeee90db04b8bdaabdfa995f80fd90d6e6d6397562c9afeffc39a_s390x", "product_identification_helper": { "purl": "pkg:oci/argocd-rhel8@sha256:a66d01c15bcfeee90db04b8bdaabdfa995f80fd90d6e6d6397562c9afeffc39a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.10.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:b60a19a2fdb4cd62250379198b479fd27678cbee03ccca342c9adfce9c7a8b7c_s390x", "product": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:b60a19a2fdb4cd62250379198b479fd27678cbee03ccca342c9adfce9c7a8b7c_s390x", "product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:b60a19a2fdb4cd62250379198b479fd27678cbee03ccca342c9adfce9c7a8b7c_s390x", "product_identification_helper": { "purl": "pkg:oci/argo-rollouts-rhel8@sha256:b60a19a2fdb4cd62250379198b479fd27678cbee03ccca342c9adfce9c7a8b7c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.10.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/console-plugin-rhel8@sha256:0abc9616dacf980010d8e8a1afbfbe9f2f9c2a3f4a230b24882937a1db6ad727_s390x", "product": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:0abc9616dacf980010d8e8a1afbfbe9f2f9c2a3f4a230b24882937a1db6ad727_s390x", "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:0abc9616dacf980010d8e8a1afbfbe9f2f9c2a3f4a230b24882937a1db6ad727_s390x", "product_identification_helper": { "purl": "pkg:oci/console-plugin-rhel8@sha256:0abc9616dacf980010d8e8a1afbfbe9f2f9c2a3f4a230b24882937a1db6ad727?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.10.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8@sha256:adc811bd291f1c55a72c197e39533d70574e1d20118a969ecb76afe5a03b7205_s390x", "product": { "name": "openshift-gitops-1/gitops-rhel8@sha256:adc811bd291f1c55a72c197e39533d70574e1d20118a969ecb76afe5a03b7205_s390x", "product_id": "openshift-gitops-1/gitops-rhel8@sha256:adc811bd291f1c55a72c197e39533d70574e1d20118a969ecb76afe5a03b7205_s390x", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8@sha256:adc811bd291f1c55a72c197e39533d70574e1d20118a969ecb76afe5a03b7205?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.10.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/dex-rhel8@sha256:0d15d2a8e2f914074f045eb53cd67f5f0a64221fb10abae399dedff15950d130_s390x", "product": { "name": "openshift-gitops-1/dex-rhel8@sha256:0d15d2a8e2f914074f045eb53cd67f5f0a64221fb10abae399dedff15950d130_s390x", "product_id": "openshift-gitops-1/dex-rhel8@sha256:0d15d2a8e2f914074f045eb53cd67f5f0a64221fb10abae399dedff15950d130_s390x", "product_identification_helper": { "purl": "pkg:oci/dex-rhel8@sha256:0d15d2a8e2f914074f045eb53cd67f5f0a64221fb10abae399dedff15950d130?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.10.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:897dcf18c3658660e8b8f2de951b32c7d3ebfc496fb59304202555a899bfa328_s390x", "product": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:897dcf18c3658660e8b8f2de951b32c7d3ebfc496fb59304202555a899bfa328_s390x", "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:897dcf18c3658660e8b8f2de951b32c7d3ebfc496fb59304202555a899bfa328_s390x", "product_identification_helper": { "purl": "pkg:oci/kam-delivery-rhel8@sha256:897dcf18c3658660e8b8f2de951b32c7d3ebfc496fb59304202555a899bfa328?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.10.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/must-gather-rhel8@sha256:380a980bceef989a0966b1e68df9eaa8ed068cc5f4cc0a2d1ad56e6e26fa26f8_s390x", "product": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:380a980bceef989a0966b1e68df9eaa8ed068cc5f4cc0a2d1ad56e6e26fa26f8_s390x", "product_id": "openshift-gitops-1/must-gather-rhel8@sha256:380a980bceef989a0966b1e68df9eaa8ed068cc5f4cc0a2d1ad56e6e26fa26f8_s390x", "product_identification_helper": { "purl": "pkg:oci/must-gather-rhel8@sha256:380a980bceef989a0966b1e68df9eaa8ed068cc5f4cc0a2d1ad56e6e26fa26f8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.10.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:9f706db14cd4782e5e84cee8c6772db7f6b52fb53e1c825f35875c202dfff537_s390x", "product": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:9f706db14cd4782e5e84cee8c6772db7f6b52fb53e1c825f35875c202dfff537_s390x", "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:9f706db14cd4782e5e84cee8c6772db7f6b52fb53e1c825f35875c202dfff537_s390x", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8-operator@sha256:9f706db14cd4782e5e84cee8c6772db7f6b52fb53e1c825f35875c202dfff537?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.10.3-2" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openshift-gitops-1/argocd-rhel8@sha256:5bd431935a0f74050413b7f08261e11865e7d8d003f3c5031bfbef67169fec6d_ppc64le", "product": { "name": "openshift-gitops-1/argocd-rhel8@sha256:5bd431935a0f74050413b7f08261e11865e7d8d003f3c5031bfbef67169fec6d_ppc64le", "product_id": "openshift-gitops-1/argocd-rhel8@sha256:5bd431935a0f74050413b7f08261e11865e7d8d003f3c5031bfbef67169fec6d_ppc64le", "product_identification_helper": { "purl": "pkg:oci/argocd-rhel8@sha256:5bd431935a0f74050413b7f08261e11865e7d8d003f3c5031bfbef67169fec6d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.10.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:5a40902d458902970ce16354c5ddbe836267342ecf744fa91a0573a2b2d10137_ppc64le", "product": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:5a40902d458902970ce16354c5ddbe836267342ecf744fa91a0573a2b2d10137_ppc64le", "product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:5a40902d458902970ce16354c5ddbe836267342ecf744fa91a0573a2b2d10137_ppc64le", "product_identification_helper": { "purl": "pkg:oci/argo-rollouts-rhel8@sha256:5a40902d458902970ce16354c5ddbe836267342ecf744fa91a0573a2b2d10137?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.10.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/console-plugin-rhel8@sha256:5384fbff804b5695063fb86cd40b882a2445e97f3a5fbae76eb7519acae8b373_ppc64le", "product": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:5384fbff804b5695063fb86cd40b882a2445e97f3a5fbae76eb7519acae8b373_ppc64le", "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:5384fbff804b5695063fb86cd40b882a2445e97f3a5fbae76eb7519acae8b373_ppc64le", "product_identification_helper": { "purl": "pkg:oci/console-plugin-rhel8@sha256:5384fbff804b5695063fb86cd40b882a2445e97f3a5fbae76eb7519acae8b373?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.10.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8@sha256:ab302c79427c6750450a3ec41c783bf343ddd396ddd947af6757466ee2b7ec62_ppc64le", "product": { "name": "openshift-gitops-1/gitops-rhel8@sha256:ab302c79427c6750450a3ec41c783bf343ddd396ddd947af6757466ee2b7ec62_ppc64le", "product_id": "openshift-gitops-1/gitops-rhel8@sha256:ab302c79427c6750450a3ec41c783bf343ddd396ddd947af6757466ee2b7ec62_ppc64le", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8@sha256:ab302c79427c6750450a3ec41c783bf343ddd396ddd947af6757466ee2b7ec62?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.10.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/dex-rhel8@sha256:24b016e044c96505be199ea2c748adcc18cd2dad34b2dd1b894e8a46bd5d08d2_ppc64le", "product": { "name": "openshift-gitops-1/dex-rhel8@sha256:24b016e044c96505be199ea2c748adcc18cd2dad34b2dd1b894e8a46bd5d08d2_ppc64le", "product_id": "openshift-gitops-1/dex-rhel8@sha256:24b016e044c96505be199ea2c748adcc18cd2dad34b2dd1b894e8a46bd5d08d2_ppc64le", "product_identification_helper": { "purl": "pkg:oci/dex-rhel8@sha256:24b016e044c96505be199ea2c748adcc18cd2dad34b2dd1b894e8a46bd5d08d2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.10.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:b445dbdbd289ce4ac89d4693a565ebdaaa37f3e6eb5148a8d8d2a562f5a305f2_ppc64le", "product": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:b445dbdbd289ce4ac89d4693a565ebdaaa37f3e6eb5148a8d8d2a562f5a305f2_ppc64le", "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:b445dbdbd289ce4ac89d4693a565ebdaaa37f3e6eb5148a8d8d2a562f5a305f2_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kam-delivery-rhel8@sha256:b445dbdbd289ce4ac89d4693a565ebdaaa37f3e6eb5148a8d8d2a562f5a305f2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.10.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/must-gather-rhel8@sha256:b4dda67dbc043aa90e5c10a7eb479eb0c5292d4f855316791280bc54dae97761_ppc64le", "product": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:b4dda67dbc043aa90e5c10a7eb479eb0c5292d4f855316791280bc54dae97761_ppc64le", "product_id": "openshift-gitops-1/must-gather-rhel8@sha256:b4dda67dbc043aa90e5c10a7eb479eb0c5292d4f855316791280bc54dae97761_ppc64le", "product_identification_helper": { "purl": "pkg:oci/must-gather-rhel8@sha256:b4dda67dbc043aa90e5c10a7eb479eb0c5292d4f855316791280bc54dae97761?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.10.3-2" } } }, { "category": "product_version", "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:23fa0c400b43aeee323ea4bd0b33bfc183bfa1c9d47fe9221cc576e228855afb_ppc64le", "product": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:23fa0c400b43aeee323ea4bd0b33bfc183bfa1c9d47fe9221cc576e228855afb_ppc64le", "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:23fa0c400b43aeee323ea4bd0b33bfc183bfa1c9d47fe9221cc576e228855afb_ppc64le", "product_identification_helper": { "purl": "pkg:oci/gitops-rhel8-operator@sha256:23fa0c400b43aeee323ea4bd0b33bfc183bfa1c9d47fe9221cc576e228855afb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.10.3-2" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:5a40902d458902970ce16354c5ddbe836267342ecf744fa91a0573a2b2d10137_ppc64le as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:5a40902d458902970ce16354c5ddbe836267342ecf744fa91a0573a2b2d10137_ppc64le" }, "product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:5a40902d458902970ce16354c5ddbe836267342ecf744fa91a0573a2b2d10137_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:b60a19a2fdb4cd62250379198b479fd27678cbee03ccca342c9adfce9c7a8b7c_s390x as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:b60a19a2fdb4cd62250379198b479fd27678cbee03ccca342c9adfce9c7a8b7c_s390x" }, "product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:b60a19a2fdb4cd62250379198b479fd27678cbee03ccca342c9adfce9c7a8b7c_s390x", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:ea49f6180d4745cae913a8a4afc8e1562cd305d013fe4dd146519caaafd77773_arm64 as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:ea49f6180d4745cae913a8a4afc8e1562cd305d013fe4dd146519caaafd77773_arm64" }, "product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:ea49f6180d4745cae913a8a4afc8e1562cd305d013fe4dd146519caaafd77773_arm64", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:ec5a025c5f521427b6b351df83f84609dc613206fd7a425bb1c52db5bcaeabc5_amd64 as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:ec5a025c5f521427b6b351df83f84609dc613206fd7a425bb1c52db5bcaeabc5_amd64" }, "product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:ec5a025c5f521427b6b351df83f84609dc613206fd7a425bb1c52db5bcaeabc5_amd64", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argocd-rhel8@sha256:06b3f1d7954bb4bf996a4e322a88dcf34be9e0dc5c9460921042d24702cf9273_arm64 as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:06b3f1d7954bb4bf996a4e322a88dcf34be9e0dc5c9460921042d24702cf9273_arm64" }, "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:06b3f1d7954bb4bf996a4e322a88dcf34be9e0dc5c9460921042d24702cf9273_arm64", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argocd-rhel8@sha256:5bd431935a0f74050413b7f08261e11865e7d8d003f3c5031bfbef67169fec6d_ppc64le as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:5bd431935a0f74050413b7f08261e11865e7d8d003f3c5031bfbef67169fec6d_ppc64le" }, "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:5bd431935a0f74050413b7f08261e11865e7d8d003f3c5031bfbef67169fec6d_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argocd-rhel8@sha256:7cb494d99634885e90b74a6c0a34ed3334080d9c07eea6aed5391c70f91fcf98_amd64 as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:7cb494d99634885e90b74a6c0a34ed3334080d9c07eea6aed5391c70f91fcf98_amd64" }, "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:7cb494d99634885e90b74a6c0a34ed3334080d9c07eea6aed5391c70f91fcf98_amd64", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/argocd-rhel8@sha256:a66d01c15bcfeee90db04b8bdaabdfa995f80fd90d6e6d6397562c9afeffc39a_s390x as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:a66d01c15bcfeee90db04b8bdaabdfa995f80fd90d6e6d6397562c9afeffc39a_s390x" }, "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:a66d01c15bcfeee90db04b8bdaabdfa995f80fd90d6e6d6397562c9afeffc39a_s390x", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:0abc9616dacf980010d8e8a1afbfbe9f2f9c2a3f4a230b24882937a1db6ad727_s390x as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:0abc9616dacf980010d8e8a1afbfbe9f2f9c2a3f4a230b24882937a1db6ad727_s390x" }, "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:0abc9616dacf980010d8e8a1afbfbe9f2f9c2a3f4a230b24882937a1db6ad727_s390x", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:224a675cee09ab390a5d142df02f3b1ac027e2b990c032bf952b2f19b4991876_amd64 as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:224a675cee09ab390a5d142df02f3b1ac027e2b990c032bf952b2f19b4991876_amd64" }, "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:224a675cee09ab390a5d142df02f3b1ac027e2b990c032bf952b2f19b4991876_amd64", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:5384fbff804b5695063fb86cd40b882a2445e97f3a5fbae76eb7519acae8b373_ppc64le as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:5384fbff804b5695063fb86cd40b882a2445e97f3a5fbae76eb7519acae8b373_ppc64le" }, "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:5384fbff804b5695063fb86cd40b882a2445e97f3a5fbae76eb7519acae8b373_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/console-plugin-rhel8@sha256:69384801212a7078e828b4c1607c5090353574c3cac15e19d45b9a3cd60b8041_arm64 as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:69384801212a7078e828b4c1607c5090353574c3cac15e19d45b9a3cd60b8041_arm64" }, "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:69384801212a7078e828b4c1607c5090353574c3cac15e19d45b9a3cd60b8041_arm64", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/dex-rhel8@sha256:0d15d2a8e2f914074f045eb53cd67f5f0a64221fb10abae399dedff15950d130_s390x as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:0d15d2a8e2f914074f045eb53cd67f5f0a64221fb10abae399dedff15950d130_s390x" }, "product_reference": "openshift-gitops-1/dex-rhel8@sha256:0d15d2a8e2f914074f045eb53cd67f5f0a64221fb10abae399dedff15950d130_s390x", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/dex-rhel8@sha256:14f25329da45fbcce1e51a2c170080e43d87d551a810c4d7e790c763b7988d68_arm64 as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:14f25329da45fbcce1e51a2c170080e43d87d551a810c4d7e790c763b7988d68_arm64" }, "product_reference": "openshift-gitops-1/dex-rhel8@sha256:14f25329da45fbcce1e51a2c170080e43d87d551a810c4d7e790c763b7988d68_arm64", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/dex-rhel8@sha256:24b016e044c96505be199ea2c748adcc18cd2dad34b2dd1b894e8a46bd5d08d2_ppc64le as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:24b016e044c96505be199ea2c748adcc18cd2dad34b2dd1b894e8a46bd5d08d2_ppc64le" }, "product_reference": "openshift-gitops-1/dex-rhel8@sha256:24b016e044c96505be199ea2c748adcc18cd2dad34b2dd1b894e8a46bd5d08d2_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/dex-rhel8@sha256:56d88fa414e3313d228061d6a646b2003d4c2272d98cfbac76e7e7823154ba5e_amd64 as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:56d88fa414e3313d228061d6a646b2003d4c2272d98cfbac76e7e7823154ba5e_amd64" }, "product_reference": "openshift-gitops-1/dex-rhel8@sha256:56d88fa414e3313d228061d6a646b2003d4c2272d98cfbac76e7e7823154ba5e_amd64", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-operator-bundle@sha256:e2f3dd4c2fd8f4b96cc52a16bd5f8612ae50286f1f828e3046803132827a744e_amd64 as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/gitops-operator-bundle@sha256:e2f3dd4c2fd8f4b96cc52a16bd5f8612ae50286f1f828e3046803132827a744e_amd64" }, "product_reference": "openshift-gitops-1/gitops-operator-bundle@sha256:e2f3dd4c2fd8f4b96cc52a16bd5f8612ae50286f1f828e3046803132827a744e_amd64", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:23fa0c400b43aeee323ea4bd0b33bfc183bfa1c9d47fe9221cc576e228855afb_ppc64le as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:23fa0c400b43aeee323ea4bd0b33bfc183bfa1c9d47fe9221cc576e228855afb_ppc64le" }, "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:23fa0c400b43aeee323ea4bd0b33bfc183bfa1c9d47fe9221cc576e228855afb_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:5b3a993c39b2256cdd11ca1dca87713271f49fe07d630f872582388e5132c454_arm64 as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:5b3a993c39b2256cdd11ca1dca87713271f49fe07d630f872582388e5132c454_arm64" }, "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:5b3a993c39b2256cdd11ca1dca87713271f49fe07d630f872582388e5132c454_arm64", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:84e0f709503a4e361f58a1e195e13d9cd18bd9fd12468c18a262af2f259314e4_amd64 as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:84e0f709503a4e361f58a1e195e13d9cd18bd9fd12468c18a262af2f259314e4_amd64" }, "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:84e0f709503a4e361f58a1e195e13d9cd18bd9fd12468c18a262af2f259314e4_amd64", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:9f706db14cd4782e5e84cee8c6772db7f6b52fb53e1c825f35875c202dfff537_s390x as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:9f706db14cd4782e5e84cee8c6772db7f6b52fb53e1c825f35875c202dfff537_s390x" }, "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:9f706db14cd4782e5e84cee8c6772db7f6b52fb53e1c825f35875c202dfff537_s390x", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8@sha256:1f18050d0e9c10388d6361f9514f8db9b5fdaaf1edafd2a5809e9e816ed64c4b_amd64 as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:1f18050d0e9c10388d6361f9514f8db9b5fdaaf1edafd2a5809e9e816ed64c4b_amd64" }, "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:1f18050d0e9c10388d6361f9514f8db9b5fdaaf1edafd2a5809e9e816ed64c4b_amd64", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8@sha256:ab302c79427c6750450a3ec41c783bf343ddd396ddd947af6757466ee2b7ec62_ppc64le as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:ab302c79427c6750450a3ec41c783bf343ddd396ddd947af6757466ee2b7ec62_ppc64le" }, "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:ab302c79427c6750450a3ec41c783bf343ddd396ddd947af6757466ee2b7ec62_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8@sha256:adc811bd291f1c55a72c197e39533d70574e1d20118a969ecb76afe5a03b7205_s390x as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:adc811bd291f1c55a72c197e39533d70574e1d20118a969ecb76afe5a03b7205_s390x" }, "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:adc811bd291f1c55a72c197e39533d70574e1d20118a969ecb76afe5a03b7205_s390x", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/gitops-rhel8@sha256:d416b2f0ea3b69436e418d9ea4478cf40482c08a89f970c11b85d418453ec0f5_arm64 as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:d416b2f0ea3b69436e418d9ea4478cf40482c08a89f970c11b85d418453ec0f5_arm64" }, "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:d416b2f0ea3b69436e418d9ea4478cf40482c08a89f970c11b85d418453ec0f5_arm64", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:280887260b20b2b96395c238b590985404e9dbd4340f840825c7383bdc1423ed_amd64 as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:280887260b20b2b96395c238b590985404e9dbd4340f840825c7383bdc1423ed_amd64" }, "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:280887260b20b2b96395c238b590985404e9dbd4340f840825c7383bdc1423ed_amd64", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:897dcf18c3658660e8b8f2de951b32c7d3ebfc496fb59304202555a899bfa328_s390x as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:897dcf18c3658660e8b8f2de951b32c7d3ebfc496fb59304202555a899bfa328_s390x" }, "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:897dcf18c3658660e8b8f2de951b32c7d3ebfc496fb59304202555a899bfa328_s390x", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:b445dbdbd289ce4ac89d4693a565ebdaaa37f3e6eb5148a8d8d2a562f5a305f2_ppc64le as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:b445dbdbd289ce4ac89d4693a565ebdaaa37f3e6eb5148a8d8d2a562f5a305f2_ppc64le" }, "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:b445dbdbd289ce4ac89d4693a565ebdaaa37f3e6eb5148a8d8d2a562f5a305f2_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:c01da53b5844d5403f42a7fd2653e8b2e991ed4140bd85ec17a07df077e06768_arm64 as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:c01da53b5844d5403f42a7fd2653e8b2e991ed4140bd85ec17a07df077e06768_arm64" }, "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:c01da53b5844d5403f42a7fd2653e8b2e991ed4140bd85ec17a07df077e06768_arm64", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:380a980bceef989a0966b1e68df9eaa8ed068cc5f4cc0a2d1ad56e6e26fa26f8_s390x as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:380a980bceef989a0966b1e68df9eaa8ed068cc5f4cc0a2d1ad56e6e26fa26f8_s390x" }, "product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:380a980bceef989a0966b1e68df9eaa8ed068cc5f4cc0a2d1ad56e6e26fa26f8_s390x", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:7d32bfb51fe6b6f73209446b1387036c2453b4a185695149f69bf01c63e3b4e7_amd64 as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:7d32bfb51fe6b6f73209446b1387036c2453b4a185695149f69bf01c63e3b4e7_amd64" }, "product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:7d32bfb51fe6b6f73209446b1387036c2453b4a185695149f69bf01c63e3b4e7_amd64", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:b4dda67dbc043aa90e5c10a7eb479eb0c5292d4f855316791280bc54dae97761_ppc64le as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:b4dda67dbc043aa90e5c10a7eb479eb0c5292d4f855316791280bc54dae97761_ppc64le" }, "product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:b4dda67dbc043aa90e5c10a7eb479eb0c5292d4f855316791280bc54dae97761_ppc64le", "relates_to_product_reference": "8Base-GitOps-1.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-gitops-1/must-gather-rhel8@sha256:dcd541930817cb186c98e28d6cd19d6718be1b5ee887326bf423524a71c30a80_arm64 as a component of Red Hat OpenShift GitOps 1.10", "product_id": "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:dcd541930817cb186c98e28d6cd19d6718be1b5ee887326bf423524a71c30a80_arm64" }, "product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:dcd541930817cb186c98e28d6cd19d6718be1b5ee887326bf423524a71c30a80_arm64", "relates_to_product_reference": "8Base-GitOps-1.10" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-28175", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2024-03-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:5a40902d458902970ce16354c5ddbe836267342ecf744fa91a0573a2b2d10137_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:b60a19a2fdb4cd62250379198b479fd27678cbee03ccca342c9adfce9c7a8b7c_s390x", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:ea49f6180d4745cae913a8a4afc8e1562cd305d013fe4dd146519caaafd77773_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:ec5a025c5f521427b6b351df83f84609dc613206fd7a425bb1c52db5bcaeabc5_amd64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:0abc9616dacf980010d8e8a1afbfbe9f2f9c2a3f4a230b24882937a1db6ad727_s390x", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:224a675cee09ab390a5d142df02f3b1ac027e2b990c032bf952b2f19b4991876_amd64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:5384fbff804b5695063fb86cd40b882a2445e97f3a5fbae76eb7519acae8b373_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:69384801212a7078e828b4c1607c5090353574c3cac15e19d45b9a3cd60b8041_arm64", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:0d15d2a8e2f914074f045eb53cd67f5f0a64221fb10abae399dedff15950d130_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:14f25329da45fbcce1e51a2c170080e43d87d551a810c4d7e790c763b7988d68_arm64", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:24b016e044c96505be199ea2c748adcc18cd2dad34b2dd1b894e8a46bd5d08d2_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:56d88fa414e3313d228061d6a646b2003d4c2272d98cfbac76e7e7823154ba5e_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-operator-bundle@sha256:e2f3dd4c2fd8f4b96cc52a16bd5f8612ae50286f1f828e3046803132827a744e_amd64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:280887260b20b2b96395c238b590985404e9dbd4340f840825c7383bdc1423ed_amd64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:897dcf18c3658660e8b8f2de951b32c7d3ebfc496fb59304202555a899bfa328_s390x", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:b445dbdbd289ce4ac89d4693a565ebdaaa37f3e6eb5148a8d8d2a562f5a305f2_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:c01da53b5844d5403f42a7fd2653e8b2e991ed4140bd85ec17a07df077e06768_arm64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:380a980bceef989a0966b1e68df9eaa8ed068cc5f4cc0a2d1ad56e6e26fa26f8_s390x", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:7d32bfb51fe6b6f73209446b1387036c2453b4a185695149f69bf01c63e3b4e7_amd64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:b4dda67dbc043aa90e5c10a7eb479eb0c5292d4f855316791280bc54dae97761_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:dcd541930817cb186c98e28d6cd19d6718be1b5ee887326bf423524a71c30a80_arm64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268518" } ], "notes": [ { "category": "description", "text": "A flaw was found in Argo CD. Due to improper filtering of URL protocols in the application summary component, a remote attacker can execute a cross-site scripting (XSS) attack with privileges to edit the application.", "title": "Vulnerability description" }, { "category": "summary", "text": "argo-cd: XSS vulnerability in application summary component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:06b3f1d7954bb4bf996a4e322a88dcf34be9e0dc5c9460921042d24702cf9273_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:5bd431935a0f74050413b7f08261e11865e7d8d003f3c5031bfbef67169fec6d_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:7cb494d99634885e90b74a6c0a34ed3334080d9c07eea6aed5391c70f91fcf98_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:a66d01c15bcfeee90db04b8bdaabdfa995f80fd90d6e6d6397562c9afeffc39a_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:23fa0c400b43aeee323ea4bd0b33bfc183bfa1c9d47fe9221cc576e228855afb_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:5b3a993c39b2256cdd11ca1dca87713271f49fe07d630f872582388e5132c454_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:84e0f709503a4e361f58a1e195e13d9cd18bd9fd12468c18a262af2f259314e4_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:9f706db14cd4782e5e84cee8c6772db7f6b52fb53e1c825f35875c202dfff537_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:1f18050d0e9c10388d6361f9514f8db9b5fdaaf1edafd2a5809e9e816ed64c4b_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:ab302c79427c6750450a3ec41c783bf343ddd396ddd947af6757466ee2b7ec62_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:adc811bd291f1c55a72c197e39533d70574e1d20118a969ecb76afe5a03b7205_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:d416b2f0ea3b69436e418d9ea4478cf40482c08a89f970c11b85d418453ec0f5_arm64" ], "known_not_affected": [ "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:5a40902d458902970ce16354c5ddbe836267342ecf744fa91a0573a2b2d10137_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:b60a19a2fdb4cd62250379198b479fd27678cbee03ccca342c9adfce9c7a8b7c_s390x", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:ea49f6180d4745cae913a8a4afc8e1562cd305d013fe4dd146519caaafd77773_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argo-rollouts-rhel8@sha256:ec5a025c5f521427b6b351df83f84609dc613206fd7a425bb1c52db5bcaeabc5_amd64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:0abc9616dacf980010d8e8a1afbfbe9f2f9c2a3f4a230b24882937a1db6ad727_s390x", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:224a675cee09ab390a5d142df02f3b1ac027e2b990c032bf952b2f19b4991876_amd64", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:5384fbff804b5695063fb86cd40b882a2445e97f3a5fbae76eb7519acae8b373_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/console-plugin-rhel8@sha256:69384801212a7078e828b4c1607c5090353574c3cac15e19d45b9a3cd60b8041_arm64", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:0d15d2a8e2f914074f045eb53cd67f5f0a64221fb10abae399dedff15950d130_s390x", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:14f25329da45fbcce1e51a2c170080e43d87d551a810c4d7e790c763b7988d68_arm64", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:24b016e044c96505be199ea2c748adcc18cd2dad34b2dd1b894e8a46bd5d08d2_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/dex-rhel8@sha256:56d88fa414e3313d228061d6a646b2003d4c2272d98cfbac76e7e7823154ba5e_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-operator-bundle@sha256:e2f3dd4c2fd8f4b96cc52a16bd5f8612ae50286f1f828e3046803132827a744e_amd64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:280887260b20b2b96395c238b590985404e9dbd4340f840825c7383bdc1423ed_amd64", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:897dcf18c3658660e8b8f2de951b32c7d3ebfc496fb59304202555a899bfa328_s390x", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:b445dbdbd289ce4ac89d4693a565ebdaaa37f3e6eb5148a8d8d2a562f5a305f2_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/kam-delivery-rhel8@sha256:c01da53b5844d5403f42a7fd2653e8b2e991ed4140bd85ec17a07df077e06768_arm64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:380a980bceef989a0966b1e68df9eaa8ed068cc5f4cc0a2d1ad56e6e26fa26f8_s390x", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:7d32bfb51fe6b6f73209446b1387036c2453b4a185695149f69bf01c63e3b4e7_amd64", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:b4dda67dbc043aa90e5c10a7eb479eb0c5292d4f855316791280bc54dae97761_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/must-gather-rhel8@sha256:dcd541930817cb186c98e28d6cd19d6718be1b5ee887326bf423524a71c30a80_arm64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-28175" }, { "category": "external", "summary": "RHBZ#2268518", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268518" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28175", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28175" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28175", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28175" }, { "category": "external", "summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-jwv5-8mqv-g387", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-jwv5-8mqv-g387" } ], "release_date": "2024-03-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-03-15T17:29:47+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:06b3f1d7954bb4bf996a4e322a88dcf34be9e0dc5c9460921042d24702cf9273_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:5bd431935a0f74050413b7f08261e11865e7d8d003f3c5031bfbef67169fec6d_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:7cb494d99634885e90b74a6c0a34ed3334080d9c07eea6aed5391c70f91fcf98_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:a66d01c15bcfeee90db04b8bdaabdfa995f80fd90d6e6d6397562c9afeffc39a_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:23fa0c400b43aeee323ea4bd0b33bfc183bfa1c9d47fe9221cc576e228855afb_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:5b3a993c39b2256cdd11ca1dca87713271f49fe07d630f872582388e5132c454_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:84e0f709503a4e361f58a1e195e13d9cd18bd9fd12468c18a262af2f259314e4_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:9f706db14cd4782e5e84cee8c6772db7f6b52fb53e1c825f35875c202dfff537_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:1f18050d0e9c10388d6361f9514f8db9b5fdaaf1edafd2a5809e9e816ed64c4b_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:ab302c79427c6750450a3ec41c783bf343ddd396ddd947af6757466ee2b7ec62_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:adc811bd291f1c55a72c197e39533d70574e1d20118a969ecb76afe5a03b7205_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:d416b2f0ea3b69436e418d9ea4478cf40482c08a89f970c11b85d418453ec0f5_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1345" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:H", "version": "3.1" }, "products": [ "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:06b3f1d7954bb4bf996a4e322a88dcf34be9e0dc5c9460921042d24702cf9273_arm64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:5bd431935a0f74050413b7f08261e11865e7d8d003f3c5031bfbef67169fec6d_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:7cb494d99634885e90b74a6c0a34ed3334080d9c07eea6aed5391c70f91fcf98_amd64", "8Base-GitOps-1.10:openshift-gitops-1/argocd-rhel8@sha256:a66d01c15bcfeee90db04b8bdaabdfa995f80fd90d6e6d6397562c9afeffc39a_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:23fa0c400b43aeee323ea4bd0b33bfc183bfa1c9d47fe9221cc576e228855afb_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:5b3a993c39b2256cdd11ca1dca87713271f49fe07d630f872582388e5132c454_arm64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:84e0f709503a4e361f58a1e195e13d9cd18bd9fd12468c18a262af2f259314e4_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8-operator@sha256:9f706db14cd4782e5e84cee8c6772db7f6b52fb53e1c825f35875c202dfff537_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:1f18050d0e9c10388d6361f9514f8db9b5fdaaf1edafd2a5809e9e816ed64c4b_amd64", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:ab302c79427c6750450a3ec41c783bf343ddd396ddd947af6757466ee2b7ec62_ppc64le", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:adc811bd291f1c55a72c197e39533d70574e1d20118a969ecb76afe5a03b7205_s390x", "8Base-GitOps-1.10:openshift-gitops-1/gitops-rhel8@sha256:d416b2f0ea3b69436e418d9ea4478cf40482c08a89f970c11b85d418453ec0f5_arm64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "argo-cd: XSS vulnerability in application summary component" } ] }
wid-sec-w-2024-0647
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Red Hat OpenShift ausnutzen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- UNIX\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0647 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0647.json" }, { "category": "self", "summary": "WID-SEC-2024-0647 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0647" }, { "category": "external", "summary": "RedHat Security Advisory vom 2024-03-17", "url": "https://access.redhat.com/errata/RHSA-2024:1345" }, { "category": "external", "summary": "RedHat Security Advisory vom 2024-03-17", "url": "https://access.redhat.com/errata/RHSA-2024:1346" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:1441 vom 2024-03-20", "url": "https://access.redhat.com/errata/RHSA-2024:1441" } ], "source_lang": "en-US", "title": "Red Hat OpenShift: Schwachstelle erm\u00f6glicht Cross-Site Scripting", "tracking": { "current_release_date": "2024-11-24T23:00:00.000+00:00", "generator": { "date": "2024-11-25T09:15:34.817+00:00", "engine": { "name": "BSI-WID", "version": "1.3.8" } }, "id": "WID-SEC-W-2024-0647", "initial_release_date": "2024-03-17T23:00:00.000+00:00", "revision_history": [ { "date": "2024-03-17T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-03-19T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-11-24T23:00:00.000+00:00", "number": "3", "summary": "Produktzuordnung \u00fcberpr\u00fcft" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } }, { "branches": [ { "category": "product_version_range", "name": "GitOps \u003c1.10", "product": { "name": "Red Hat OpenShift GitOps \u003c1.10", "product_id": "T030178" } }, { "category": "product_version", "name": "GitOps 1.10", "product": { "name": "Red Hat OpenShift GitOps 1.10", "product_id": "T030178-fixed", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:gitops__1.10" } } }, { "category": "product_version_range", "name": "GitOps \u003c1.11", "product": { "name": "Red Hat OpenShift GitOps \u003c1.11", "product_id": "T033625" } }, { "category": "product_version", "name": "GitOps 1.11", "product": { "name": "Red Hat OpenShift GitOps 1.11", "product_id": "T033625-fixed", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:gitops__1.11" } } } ], "category": "product_name", "name": "OpenShift" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-28175", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existiert eine Cross-Site Scripting Schwachstelle. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentifiziert Angreifer kann durch Ausnutzung dieser Schwachstelle beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T030178", "67646", "T033625" ] }, "release_date": "2024-03-17T23:00:00.000+00:00", "title": "CVE-2024-28175" } ] }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.