Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-68156 (GCVE-0-2025-68156)
Vulnerability from cvelistv5 – Published: 2025-12-16 18:24 – Updated: 2025-12-16 19:59
VLAI?
EPSS
Title
Expr has Denial of Service via Unbounded Recursion in Builtin Functions
Summary
Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation environment contains deeply nested or cyclic data structures, these functions may recurse indefinitely until exceed the Go runtime stack limit. This results in a stack overflow panic, causing the host application to crash. While exploitability depends on whether an attacker can influence or inject cyclic or pathologically deep data into the
evaluation environment, this behavior represents a denial-of-service (DoS) risk and affects overall library robustness. Instead of returning a recoverable evaluation error, the process may terminate unexpectedly. In affected versions, evaluation of expressions that invoke certain builtin functions on untrusted or insufficiently validated data structures can lead to a process-level crash due to stack exhaustion. This issue is most relevant in scenarios where Expr is used to evaluate expressions against externally supplied or dynamically constructed environments; cyclic references (directly or indirectly) can be introduced into arrays, maps, or structs; and there are no application-level safeguards preventing deeply nested input data. In typical use cases with controlled, acyclic data, the issue may not manifest. However, when present, the resulting panic can be used to reliably crash the application, constituting a denial of service. The issue has been fixed in the v1.17.7 versions of Expr. The patch introduces a maximum recursion depth limit for affected builtin functions. When this limit is exceeded, evaluation aborts gracefully and returns a descriptive error instead of panicking. Additionally, the maximum depth can be customized by users via `builtin.MaxDepth`, allowing applications with legitimate deep structures to raise the limit in a controlled manner. Users are strongly encouraged to upgrade to the patched release, which includes both the recursion guard and comprehensive test coverage to prevent regressions. For users who cannot immediately upgrade, some mitigations are recommended. Ensure that evaluation environments cannot contain cyclic references, validate or sanitize externally supplied data structures before passing them to Expr, and/or wrap expression evaluation with panic recovery to prevent a full process crash (as a last-resort defensive measure). These workarounds reduce risk but do not fully eliminate the issue without the patch.
Severity ?
7.5 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68156",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T19:58:48.969218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T19:59:24.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "expr",
"vendor": "expr-lang",
"versions": [
{
"status": "affected",
"version": "\u003c 1.17.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation environment contains deeply nested or cyclic data structures, these functions may recurse indefinitely until exceed the Go runtime stack limit. This results in a stack overflow panic, causing the host application to crash. While exploitability depends on whether an attacker can influence or inject cyclic or pathologically deep data into the\nevaluation environment, this behavior represents a denial-of-service (DoS) risk and affects overall library robustness. Instead of returning a recoverable evaluation error, the process may terminate unexpectedly. In affected versions, evaluation of expressions that invoke certain builtin functions on untrusted or insufficiently validated data structures can lead to a process-level crash due to stack exhaustion. This issue is most relevant in scenarios where Expr is used to evaluate expressions against externally supplied or dynamically constructed environments; cyclic references (directly or indirectly) can be introduced into arrays, maps, or structs; and there are no application-level safeguards preventing deeply nested input data. In typical use cases with controlled, acyclic data, the issue may not manifest. However, when present, the resulting panic can be used to reliably crash the application, constituting a denial of service. The issue has been fixed in the v1.17.7 versions of Expr. The patch introduces a maximum recursion depth limit for affected builtin functions. When this limit is exceeded, evaluation aborts gracefully and returns a descriptive error instead of panicking. Additionally, the maximum depth can be customized by users via `builtin.MaxDepth`, allowing applications with legitimate deep structures to raise the limit in a controlled manner. Users are strongly encouraged to upgrade to the patched release, which includes both the recursion guard and comprehensive test coverage to prevent regressions. For users who cannot immediately upgrade, some mitigations are recommended. Ensure that evaluation environments cannot contain cyclic references, validate or sanitize externally supplied data structures before passing them to Expr, and/or wrap expression evaluation with panic recovery to prevent a full process crash (as a last-resort defensive measure). These workarounds reduce risk but do not fully eliminate the issue without the patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T18:24:11.648Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6"
},
{
"name": "https://github.com/expr-lang/expr/pull/870",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/expr-lang/expr/pull/870"
}
],
"source": {
"advisory": "GHSA-cfpf-hrx2-8rv6",
"discovery": "UNKNOWN"
},
"title": "Expr has Denial of Service via Unbounded Recursion in Builtin Functions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-68156",
"datePublished": "2025-12-16T18:24:11.648Z",
"dateReserved": "2025-12-15T23:02:17.604Z",
"dateUpdated": "2025-12-16T19:59:24.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-68156\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-12-16T19:16:00.567\",\"lastModified\":\"2025-12-18T15:08:06.237\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation environment contains deeply nested or cyclic data structures, these functions may recurse indefinitely until exceed the Go runtime stack limit. This results in a stack overflow panic, causing the host application to crash. While exploitability depends on whether an attacker can influence or inject cyclic or pathologically deep data into the\\nevaluation environment, this behavior represents a denial-of-service (DoS) risk and affects overall library robustness. Instead of returning a recoverable evaluation error, the process may terminate unexpectedly. In affected versions, evaluation of expressions that invoke certain builtin functions on untrusted or insufficiently validated data structures can lead to a process-level crash due to stack exhaustion. This issue is most relevant in scenarios where Expr is used to evaluate expressions against externally supplied or dynamically constructed environments; cyclic references (directly or indirectly) can be introduced into arrays, maps, or structs; and there are no application-level safeguards preventing deeply nested input data. In typical use cases with controlled, acyclic data, the issue may not manifest. However, when present, the resulting panic can be used to reliably crash the application, constituting a denial of service. The issue has been fixed in the v1.17.7 versions of Expr. The patch introduces a maximum recursion depth limit for affected builtin functions. When this limit is exceeded, evaluation aborts gracefully and returns a descriptive error instead of panicking. Additionally, the maximum depth can be customized by users via `builtin.MaxDepth`, allowing applications with legitimate deep structures to raise the limit in a controlled manner. Users are strongly encouraged to upgrade to the patched release, which includes both the recursion guard and comprehensive test coverage to prevent regressions. For users who cannot immediately upgrade, some mitigations are recommended. Ensure that evaluation environments cannot contain cyclic references, validate or sanitize externally supplied data structures before passing them to Expr, and/or wrap expression evaluation with panic recovery to prevent a full process crash (as a last-resort defensive measure). These workarounds reduce risk but do not fully eliminate the issue without the patch.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"references\":[{\"url\":\"https://github.com/expr-lang/expr/pull/870\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6\",\"source\":\"security-advisories@github.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-68156\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-16T19:58:48.969218Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-16T19:59:13.480Z\"}}], \"cna\": {\"title\": \"Expr has Denial of Service via Unbounded Recursion in Builtin Functions\", \"source\": {\"advisory\": \"GHSA-cfpf-hrx2-8rv6\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"expr-lang\", \"product\": \"expr\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.17.7\"}]}], \"references\": [{\"url\": \"https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6\", \"name\": \"https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/expr-lang/expr/pull/870\", \"name\": \"https://github.com/expr-lang/expr/pull/870\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation environment contains deeply nested or cyclic data structures, these functions may recurse indefinitely until exceed the Go runtime stack limit. This results in a stack overflow panic, causing the host application to crash. While exploitability depends on whether an attacker can influence or inject cyclic or pathologically deep data into the\\nevaluation environment, this behavior represents a denial-of-service (DoS) risk and affects overall library robustness. Instead of returning a recoverable evaluation error, the process may terminate unexpectedly. In affected versions, evaluation of expressions that invoke certain builtin functions on untrusted or insufficiently validated data structures can lead to a process-level crash due to stack exhaustion. This issue is most relevant in scenarios where Expr is used to evaluate expressions against externally supplied or dynamically constructed environments; cyclic references (directly or indirectly) can be introduced into arrays, maps, or structs; and there are no application-level safeguards preventing deeply nested input data. In typical use cases with controlled, acyclic data, the issue may not manifest. However, when present, the resulting panic can be used to reliably crash the application, constituting a denial of service. The issue has been fixed in the v1.17.7 versions of Expr. The patch introduces a maximum recursion depth limit for affected builtin functions. When this limit is exceeded, evaluation aborts gracefully and returns a descriptive error instead of panicking. Additionally, the maximum depth can be customized by users via `builtin.MaxDepth`, allowing applications with legitimate deep structures to raise the limit in a controlled manner. Users are strongly encouraged to upgrade to the patched release, which includes both the recursion guard and comprehensive test coverage to prevent regressions. For users who cannot immediately upgrade, some mitigations are recommended. Ensure that evaluation environments cannot contain cyclic references, validate or sanitize externally supplied data structures before passing them to Expr, and/or wrap expression evaluation with panic recovery to prevent a full process crash (as a last-resort defensive measure). These workarounds reduce risk but do not fully eliminate the issue without the patch.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770: Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-12-16T18:24:11.648Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-68156\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-16T19:59:24.007Z\", \"dateReserved\": \"2025-12-15T23:02:17.604Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-12-16T18:24:11.648Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2025:23664
Vulnerability from csaf_redhat - Published: 2025-12-18 18:53 - Updated: 2026-01-22 22:23Summary
Red Hat Security Advisory: opentelemetry-collector security update
Notes
Topic
An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Collector with the supported components for a Red Hat build of OpenTelemetry
Security Fix(es):
* github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation (CVE-2025-68156)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Collector with the supported components for a Red Hat build of OpenTelemetry\n\nSecurity Fix(es):\n\n* github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation (CVE-2025-68156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23664",
"url": "https://access.redhat.com/errata/RHSA-2025:23664"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2422891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422891"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23664.json"
}
],
"title": "Red Hat Security Advisory: opentelemetry-collector security update",
"tracking": {
"current_release_date": "2026-01-22T22:23:28+00:00",
"generator": {
"date": "2026-01-22T22:23:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2025:23664",
"initial_release_date": "2025-12-18T18:53:08+00:00",
"revision_history": [
{
"date": "2025-12-18T18:53:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-18T18:53:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-22T22:23:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "opentelemetry-collector-0:0.135.0-2.el10_1.src",
"product": {
"name": "opentelemetry-collector-0:0.135.0-2.el10_1.src",
"product_id": "opentelemetry-collector-0:0.135.0-2.el10_1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opentelemetry-collector@0.135.0-2.el10_1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "opentelemetry-collector-0:0.135.0-2.el10_1.aarch64",
"product": {
"name": "opentelemetry-collector-0:0.135.0-2.el10_1.aarch64",
"product_id": "opentelemetry-collector-0:0.135.0-2.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opentelemetry-collector@0.135.0-2.el10_1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "opentelemetry-collector-0:0.135.0-2.el10_1.ppc64le",
"product": {
"name": "opentelemetry-collector-0:0.135.0-2.el10_1.ppc64le",
"product_id": "opentelemetry-collector-0:0.135.0-2.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opentelemetry-collector@0.135.0-2.el10_1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "opentelemetry-collector-0:0.135.0-2.el10_1.s390x",
"product": {
"name": "opentelemetry-collector-0:0.135.0-2.el10_1.s390x",
"product_id": "opentelemetry-collector-0:0.135.0-2.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opentelemetry-collector@0.135.0-2.el10_1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "opentelemetry-collector-0:0.135.0-2.el10_1.x86_64",
"product": {
"name": "opentelemetry-collector-0:0.135.0-2.el10_1.x86_64",
"product_id": "opentelemetry-collector-0:0.135.0-2.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opentelemetry-collector@0.135.0-2.el10_1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "opentelemetry-collector-0:0.135.0-2.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:opentelemetry-collector-0:0.135.0-2.el10_1.aarch64"
},
"product_reference": "opentelemetry-collector-0:0.135.0-2.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opentelemetry-collector-0:0.135.0-2.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:opentelemetry-collector-0:0.135.0-2.el10_1.ppc64le"
},
"product_reference": "opentelemetry-collector-0:0.135.0-2.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opentelemetry-collector-0:0.135.0-2.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:opentelemetry-collector-0:0.135.0-2.el10_1.s390x"
},
"product_reference": "opentelemetry-collector-0:0.135.0-2.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opentelemetry-collector-0:0.135.0-2.el10_1.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:opentelemetry-collector-0:0.135.0-2.el10_1.src"
},
"product_reference": "opentelemetry-collector-0:0.135.0-2.el10_1.src",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opentelemetry-collector-0:0.135.0-2.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:opentelemetry-collector-0:0.135.0-2.el10_1.x86_64"
},
"product_reference": "opentelemetry-collector-0:0.135.0-2.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-68156",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-16T19:01:42.049157+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2422891"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service (DoS) via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic and application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products utilizing the `Expr` Go library because it can lead to a denial-of-service. Exploitation requires an application to evaluate expressions against untrusted or insufficiently validated data structures containing deeply nested or cyclic references, which can cause a stack overflow and application crash. Products that do not process untrusted input with `Expr` are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:opentelemetry-collector-0:0.135.0-2.el10_1.aarch64",
"AppStream-10.1.Z:opentelemetry-collector-0:0.135.0-2.el10_1.ppc64le",
"AppStream-10.1.Z:opentelemetry-collector-0:0.135.0-2.el10_1.s390x",
"AppStream-10.1.Z:opentelemetry-collector-0:0.135.0-2.el10_1.src",
"AppStream-10.1.Z:opentelemetry-collector-0:0.135.0-2.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68156"
},
{
"category": "external",
"summary": "RHBZ#2422891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422891"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68156",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68156"
},
{
"category": "external",
"summary": "https://github.com/expr-lang/expr/pull/870",
"url": "https://github.com/expr-lang/expr/pull/870"
},
{
"category": "external",
"summary": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6",
"url": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6"
}
],
"release_date": "2025-12-16T18:24:11.648000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-18T18:53:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:opentelemetry-collector-0:0.135.0-2.el10_1.aarch64",
"AppStream-10.1.Z:opentelemetry-collector-0:0.135.0-2.el10_1.ppc64le",
"AppStream-10.1.Z:opentelemetry-collector-0:0.135.0-2.el10_1.s390x",
"AppStream-10.1.Z:opentelemetry-collector-0:0.135.0-2.el10_1.src",
"AppStream-10.1.Z:opentelemetry-collector-0:0.135.0-2.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23664"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications using the `Expr` library should ensure that evaluation environments do not contain cyclic references. Additionally, externally supplied data structures must be validated or sanitized before being passed to `Expr` for evaluation. As a last-resort defensive measure, expression evaluation can be wrapped with panic recovery to prevent a full process crash.",
"product_ids": [
"AppStream-10.1.Z:opentelemetry-collector-0:0.135.0-2.el10_1.aarch64",
"AppStream-10.1.Z:opentelemetry-collector-0:0.135.0-2.el10_1.ppc64le",
"AppStream-10.1.Z:opentelemetry-collector-0:0.135.0-2.el10_1.s390x",
"AppStream-10.1.Z:opentelemetry-collector-0:0.135.0-2.el10_1.src",
"AppStream-10.1.Z:opentelemetry-collector-0:0.135.0-2.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:opentelemetry-collector-0:0.135.0-2.el10_1.aarch64",
"AppStream-10.1.Z:opentelemetry-collector-0:0.135.0-2.el10_1.ppc64le",
"AppStream-10.1.Z:opentelemetry-collector-0:0.135.0-2.el10_1.s390x",
"AppStream-10.1.Z:opentelemetry-collector-0:0.135.0-2.el10_1.src",
"AppStream-10.1.Z:opentelemetry-collector-0:0.135.0-2.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation"
}
]
}
RHSA-2026:0514
Vulnerability from csaf_redhat - Published: 2026-01-13 16:21 - Updated: 2026-01-22 22:23Summary
Red Hat Security Advisory: opentelemetry-collector security update
Notes
Topic
An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Collector with the supported components for a Red Hat build of OpenTelemetry
Security Fix(es):
* github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation (CVE-2025-68156)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Collector with the supported components for a Red Hat build of OpenTelemetry\n\nSecurity Fix(es):\n\n* github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation (CVE-2025-68156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0514",
"url": "https://access.redhat.com/errata/RHSA-2026:0514"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2422891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422891"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0514.json"
}
],
"title": "Red Hat Security Advisory: opentelemetry-collector security update",
"tracking": {
"current_release_date": "2026-01-22T22:23:31+00:00",
"generator": {
"date": "2026-01-22T22:23:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2026:0514",
"initial_release_date": "2026-01-13T16:21:59+00:00",
"revision_history": [
{
"date": "2026-01-13T16:21:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-13T16:21:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-22T22:23:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux_eus:10.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "opentelemetry-collector-0:0.135.0-2.el10_0.src",
"product": {
"name": "opentelemetry-collector-0:0.135.0-2.el10_0.src",
"product_id": "opentelemetry-collector-0:0.135.0-2.el10_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opentelemetry-collector@0.135.0-2.el10_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "opentelemetry-collector-0:0.135.0-2.el10_0.aarch64",
"product": {
"name": "opentelemetry-collector-0:0.135.0-2.el10_0.aarch64",
"product_id": "opentelemetry-collector-0:0.135.0-2.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opentelemetry-collector@0.135.0-2.el10_0?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "opentelemetry-collector-0:0.135.0-2.el10_0.ppc64le",
"product": {
"name": "opentelemetry-collector-0:0.135.0-2.el10_0.ppc64le",
"product_id": "opentelemetry-collector-0:0.135.0-2.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opentelemetry-collector@0.135.0-2.el10_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "opentelemetry-collector-0:0.135.0-2.el10_0.s390x",
"product": {
"name": "opentelemetry-collector-0:0.135.0-2.el10_0.s390x",
"product_id": "opentelemetry-collector-0:0.135.0-2.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opentelemetry-collector@0.135.0-2.el10_0?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "opentelemetry-collector-0:0.135.0-2.el10_0.x86_64",
"product": {
"name": "opentelemetry-collector-0:0.135.0-2.el10_0.x86_64",
"product_id": "opentelemetry-collector-0:0.135.0-2.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opentelemetry-collector@0.135.0-2.el10_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "opentelemetry-collector-0:0.135.0-2.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:opentelemetry-collector-0:0.135.0-2.el10_0.aarch64"
},
"product_reference": "opentelemetry-collector-0:0.135.0-2.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opentelemetry-collector-0:0.135.0-2.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:opentelemetry-collector-0:0.135.0-2.el10_0.ppc64le"
},
"product_reference": "opentelemetry-collector-0:0.135.0-2.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opentelemetry-collector-0:0.135.0-2.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:opentelemetry-collector-0:0.135.0-2.el10_0.s390x"
},
"product_reference": "opentelemetry-collector-0:0.135.0-2.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opentelemetry-collector-0:0.135.0-2.el10_0.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:opentelemetry-collector-0:0.135.0-2.el10_0.src"
},
"product_reference": "opentelemetry-collector-0:0.135.0-2.el10_0.src",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opentelemetry-collector-0:0.135.0-2.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:opentelemetry-collector-0:0.135.0-2.el10_0.x86_64"
},
"product_reference": "opentelemetry-collector-0:0.135.0-2.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-68156",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-16T19:01:42.049157+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2422891"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service (DoS) via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic and application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products utilizing the `Expr` Go library because it can lead to a denial-of-service. Exploitation requires an application to evaluate expressions against untrusted or insufficiently validated data structures containing deeply nested or cyclic references, which can cause a stack overflow and application crash. Products that do not process untrusted input with `Expr` are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:opentelemetry-collector-0:0.135.0-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:opentelemetry-collector-0:0.135.0-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:opentelemetry-collector-0:0.135.0-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:opentelemetry-collector-0:0.135.0-2.el10_0.src",
"AppStream-10.0.Z.E2S:opentelemetry-collector-0:0.135.0-2.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68156"
},
{
"category": "external",
"summary": "RHBZ#2422891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422891"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68156",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68156"
},
{
"category": "external",
"summary": "https://github.com/expr-lang/expr/pull/870",
"url": "https://github.com/expr-lang/expr/pull/870"
},
{
"category": "external",
"summary": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6",
"url": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6"
}
],
"release_date": "2025-12-16T18:24:11.648000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-13T16:21:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:opentelemetry-collector-0:0.135.0-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:opentelemetry-collector-0:0.135.0-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:opentelemetry-collector-0:0.135.0-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:opentelemetry-collector-0:0.135.0-2.el10_0.src",
"AppStream-10.0.Z.E2S:opentelemetry-collector-0:0.135.0-2.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0514"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications using the `Expr` library should ensure that evaluation environments do not contain cyclic references. Additionally, externally supplied data structures must be validated or sanitized before being passed to `Expr` for evaluation. As a last-resort defensive measure, expression evaluation can be wrapped with panic recovery to prevent a full process crash.",
"product_ids": [
"AppStream-10.0.Z.E2S:opentelemetry-collector-0:0.135.0-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:opentelemetry-collector-0:0.135.0-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:opentelemetry-collector-0:0.135.0-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:opentelemetry-collector-0:0.135.0-2.el10_0.src",
"AppStream-10.0.Z.E2S:opentelemetry-collector-0:0.135.0-2.el10_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:opentelemetry-collector-0:0.135.0-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:opentelemetry-collector-0:0.135.0-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:opentelemetry-collector-0:0.135.0-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:opentelemetry-collector-0:0.135.0-2.el10_0.src",
"AppStream-10.0.Z.E2S:opentelemetry-collector-0:0.135.0-2.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation"
}
]
}
RHSA-2026:1018
Vulnerability from csaf_redhat - Published: 2026-01-22 15:52 - Updated: 2026-01-23 14:04Summary
Red Hat Security Advisory: Red Hat OpenShift GitOps v1.17.4 security update
Notes
Topic
Important: Red Hat OpenShift GitOps v1.17.4 security update
Details
An update is now available for Red Hat OpenShift GitOps.
Bug Fix(es) and Enhancement(s):
* GITOPS-8231 (CVE-2025-47913 openshift-gitops-1/argocd-agent-rhel8: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS [gitops-1.17])
* GITOPS-8233 (CVE-2025-47913 openshift-gitops-1/argocd-rhel9: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS [gitops-1.17])
* GITOPS-8078 (CVE-2025-58183 openshift-gitops-1/argocd-rhel8: Unbounded allocation when parsing GNU sparse map [gitops-1.17])
* GITOPS-8081 (CVE-2025-58183 openshift-gitops-1/dex-rhel8: Unbounded allocation when parsing GNU sparse map [gitops-1.17])
* GITOPS-7753 (CVE-2025-58754 openshift-gitops-1/argocd-extensions-rhel8: Axios DoS via lack of data size check [gitops-1.17])
* GITOPS-8511 (CVE-2025-68156 openshift-gitops-1/argocd-rhel8: Expr: Denial of Service via uncontrolled recursion in expression evaluation [gitops-1.17])
* GITOPS-8512 (CVE-2025-68156 openshift-gitops-1/argocd-rhel9: Expr: Denial of Service via uncontrolled recursion in expression evaluation [gitops-1.17])
* GITOPS-7568 (ignoreDifferences setting is not honored for OAuthClient resource)
* GITOPS-7992 (openshift-gitops-operator-metrics-monitor ServiceMonitor is attempting to use a bearerTokenFile configuration in its endpoints definition)
* GITOPS-8225 (RC 1.19.0-2 : haproxy replica remains 1 with HA upgrade)
* GITOPS-8411 (CVE-2025-55190 still blocking due to github.com/argoproj/argo-cd/v2@v2.14.11 in gitops-rhel8:v1.18.1)
* GITOPS-8591 (Reciving TargetDown after upgrading GitOps )
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Important: Red Hat OpenShift GitOps v1.17.4 security update",
"title": "Topic"
},
{
"category": "general",
"text": "An update is now available for Red Hat OpenShift GitOps.\nBug Fix(es) and Enhancement(s):\n* GITOPS-8231 (CVE-2025-47913 openshift-gitops-1/argocd-agent-rhel8: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS [gitops-1.17])\n* GITOPS-8233 (CVE-2025-47913 openshift-gitops-1/argocd-rhel9: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS [gitops-1.17])\n* GITOPS-8078 (CVE-2025-58183 openshift-gitops-1/argocd-rhel8: Unbounded allocation when parsing GNU sparse map [gitops-1.17])\n* GITOPS-8081 (CVE-2025-58183 openshift-gitops-1/dex-rhel8: Unbounded allocation when parsing GNU sparse map [gitops-1.17])\n* GITOPS-7753 (CVE-2025-58754 openshift-gitops-1/argocd-extensions-rhel8: Axios DoS via lack of data size check [gitops-1.17])\n* GITOPS-8511 (CVE-2025-68156 openshift-gitops-1/argocd-rhel8: Expr: Denial of Service via uncontrolled recursion in expression evaluation [gitops-1.17])\n* GITOPS-8512 (CVE-2025-68156 openshift-gitops-1/argocd-rhel9: Expr: Denial of Service via uncontrolled recursion in expression evaluation [gitops-1.17])\n* GITOPS-7568 (ignoreDifferences setting is not honored for OAuthClient resource)\n* GITOPS-7992 (openshift-gitops-operator-metrics-monitor ServiceMonitor is attempting to use a bearerTokenFile configuration in its endpoints definition)\n* GITOPS-8225 (RC 1.19.0-2 : haproxy replica remains 1 with HA upgrade)\n* GITOPS-8411 (CVE-2025-55190 still blocking due to github.com/argoproj/argo-cd/v2@v2.14.11 in gitops-rhel8:v1.18.1)\n* GITOPS-8591 (Reciving TargetDown after upgrading GitOps )",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:1018",
"url": "https://access.redhat.com/errata/RHSA-2026:1018"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47913",
"url": "https://access.redhat.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-55190",
"url": "https://access.redhat.com/security/cve/CVE-2025-55190"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58183",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58754",
"url": "https://access.redhat.com/security/cve/CVE-2025-58754"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68156",
"url": "https://access.redhat.com/security/cve/CVE-2025-68156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_openshift_gitops/1.17/",
"url": "https://docs.redhat.com/en/documentation/red_hat_openshift_gitops/1.17/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1018.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift GitOps v1.17.4 security update",
"tracking": {
"current_release_date": "2026-01-23T14:04:05+00:00",
"generator": {
"date": "2026-01-23T14:04:05+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.16"
}
},
"id": "RHSA-2026:1018",
"initial_release_date": "2026-01-22T15:52:24+00:00",
"revision_history": [
{
"date": "2026-01-22T15:52:24+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-23T04:51:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-23T14:04:05+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.17",
"product": {
"name": "Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_gitops:1.17::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift GitOps"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:c1061a246650fe9735d3c5b439fb81e859e5badcd69c4ea241204287e14ec802_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:c1061a246650fe9735d3c5b439fb81e859e5badcd69c4ea241204287e14ec802_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:c1061a246650fe9735d3c5b439fb81e859e5badcd69c4ea241204287e14ec802_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256%3Ac1061a246650fe9735d3c5b439fb81e859e5badcd69c4ea241204287e14ec802?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768825455"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f5b3f576f18c0687c5cb757d8c7420ca883033975b906cd2c6fabace582a7fdd_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f5b3f576f18c0687c5cb757d8c7420ca883033975b906cd2c6fabace582a7fdd_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f5b3f576f18c0687c5cb757d8c7420ca883033975b906cd2c6fabace582a7fdd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256%3Af5b3f576f18c0687c5cb757d8c7420ca883033975b906cd2c6fabace582a7fdd?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768825762"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:8a07b1dcc21b99093a21936da2959f4ff9dbe9b2a138609594ec1cbfab06d096_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:8a07b1dcc21b99093a21936da2959f4ff9dbe9b2a138609594ec1cbfab06d096_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:8a07b1dcc21b99093a21936da2959f4ff9dbe9b2a138609594ec1cbfab06d096_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-agent-rhel8@sha256%3A8a07b1dcc21b99093a21936da2959f4ff9dbe9b2a138609594ec1cbfab06d096?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768824729"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:95db3bb5baeea65a0304c1701ae7f84b9431fc1f13f7c18085abc82d5a7eace1_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:95db3bb5baeea65a0304c1701ae7f84b9431fc1f13f7c18085abc82d5a7eace1_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:95db3bb5baeea65a0304c1701ae7f84b9431fc1f13f7c18085abc82d5a7eace1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-extensions-rhel8@sha256%3A95db3bb5baeea65a0304c1701ae7f84b9431fc1f13f7c18085abc82d5a7eace1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768824533"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:8019ec0d2ecc069941d771369cd072c656532aa7bff4a15ba0f62e4d0545992e_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:8019ec0d2ecc069941d771369cd072c656532aa7bff4a15ba0f62e4d0545992e_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:8019ec0d2ecc069941d771369cd072c656532aa7bff4a15ba0f62e4d0545992e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel9@sha256%3A8019ec0d2ecc069941d771369cd072c656532aa7bff4a15ba0f62e4d0545992e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768824532"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:f626986471cf481e3101377242474d3904439fa12ed45b9dd49cb1d369390c65_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:f626986471cf481e3101377242474d3904439fa12ed45b9dd49cb1d369390c65_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:f626986471cf481e3101377242474d3904439fa12ed45b9dd49cb1d369390c65_amd64",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256%3Af626986471cf481e3101377242474d3904439fa12ed45b9dd49cb1d369390c65?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768824983"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:b5ef707dee8e0098612e5117b8e5baaebb959c75a0416624d727dd44106c401b_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:b5ef707dee8e0098612e5117b8e5baaebb959c75a0416624d727dd44106c401b_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:b5ef707dee8e0098612e5117b8e5baaebb959c75a0416624d727dd44106c401b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256%3Ab5ef707dee8e0098612e5117b8e5baaebb959c75a0416624d727dd44106c401b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768825799"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:d12e12f7aa0f40272033174000422448695ccaa5f5331624144be0506e3f2475_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:d12e12f7aa0f40272033174000422448695ccaa5f5331624144be0506e3f2475_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:d12e12f7aa0f40272033174000422448695ccaa5f5331624144be0506e3f2475_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256%3Ad12e12f7aa0f40272033174000422448695ccaa5f5331624144be0506e3f2475?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768824960"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:1fdc8378e3f67e274146571a566c49a99069964e167e7915fa078d508cedf388_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:1fdc8378e3f67e274146571a566c49a99069964e167e7915fa078d508cedf388_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:1fdc8378e3f67e274146571a566c49a99069964e167e7915fa078d508cedf388_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256%3A1fdc8378e3f67e274146571a566c49a99069964e167e7915fa078d508cedf388?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768825193"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:710f6fe3896177cae0d900643b7147d11410e5e58ee012e139fbeee308ee297b_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:710f6fe3896177cae0d900643b7147d11410e5e58ee012e139fbeee308ee297b_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:710f6fe3896177cae0d900643b7147d11410e5e58ee012e139fbeee308ee297b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-operator-bundle@sha256%3A710f6fe3896177cae0d900643b7147d11410e5e58ee012e139fbeee308ee297b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768828150"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:e76acb4eff779bd17f575e3535cf8be658205fe1e7bc14c67a4f26110c4f8c5f_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:e76acb4eff779bd17f575e3535cf8be658205fe1e7bc14c67a4f26110c4f8c5f_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:e76acb4eff779bd17f575e3535cf8be658205fe1e7bc14c67a4f26110c4f8c5f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256%3Ae76acb4eff779bd17f575e3535cf8be658205fe1e7bc14c67a4f26110c4f8c5f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768824197"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:5cd9912e51ffea57bad97d8d725cd6210c0ba43d41d6a11c67b03d7e8807a1b4_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:5cd9912e51ffea57bad97d8d725cd6210c0ba43d41d6a11c67b03d7e8807a1b4_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:5cd9912e51ffea57bad97d8d725cd6210c0ba43d41d6a11c67b03d7e8807a1b4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256%3A5cd9912e51ffea57bad97d8d725cd6210c0ba43d41d6a11c67b03d7e8807a1b4?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768825455"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1f93ea9508e4f1a9c54158d8fa6a0dc7babb65fcbd606c3474fd953fc80e95c9_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1f93ea9508e4f1a9c54158d8fa6a0dc7babb65fcbd606c3474fd953fc80e95c9_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1f93ea9508e4f1a9c54158d8fa6a0dc7babb65fcbd606c3474fd953fc80e95c9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256%3A1f93ea9508e4f1a9c54158d8fa6a0dc7babb65fcbd606c3474fd953fc80e95c9?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768825762"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a922ecfd9f8d0cbc42897871235789c5f60dfeef43487697152acd492da2ba52_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a922ecfd9f8d0cbc42897871235789c5f60dfeef43487697152acd492da2ba52_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a922ecfd9f8d0cbc42897871235789c5f60dfeef43487697152acd492da2ba52_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-agent-rhel8@sha256%3Aa922ecfd9f8d0cbc42897871235789c5f60dfeef43487697152acd492da2ba52?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768824729"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:752863bfda3f6021ffbb356696049b7983dec9556da06f2c5e653fa9244a2b25_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:752863bfda3f6021ffbb356696049b7983dec9556da06f2c5e653fa9244a2b25_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:752863bfda3f6021ffbb356696049b7983dec9556da06f2c5e653fa9244a2b25_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-extensions-rhel8@sha256%3A752863bfda3f6021ffbb356696049b7983dec9556da06f2c5e653fa9244a2b25?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768824533"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:19ee8d67235801b83af21c52b92b0855e34f959700eb400d2db455a50b91f512_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:19ee8d67235801b83af21c52b92b0855e34f959700eb400d2db455a50b91f512_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:19ee8d67235801b83af21c52b92b0855e34f959700eb400d2db455a50b91f512_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel9@sha256%3A19ee8d67235801b83af21c52b92b0855e34f959700eb400d2db455a50b91f512?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768824532"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:54cf6dad43d830b530b6554c25f24b23be3bb51fc9436b20fc4c75fa03665b84_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:54cf6dad43d830b530b6554c25f24b23be3bb51fc9436b20fc4c75fa03665b84_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:54cf6dad43d830b530b6554c25f24b23be3bb51fc9436b20fc4c75fa03665b84_arm64",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256%3A54cf6dad43d830b530b6554c25f24b23be3bb51fc9436b20fc4c75fa03665b84?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768824983"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:c89915b32d7812867b049c754480667c6218738d81fceb7012a615928508d62d_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:c89915b32d7812867b049c754480667c6218738d81fceb7012a615928508d62d_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:c89915b32d7812867b049c754480667c6218738d81fceb7012a615928508d62d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256%3Ac89915b32d7812867b049c754480667c6218738d81fceb7012a615928508d62d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768825799"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:c8c274929641a8ddcbd8045daee04d1cc4f361acd4e9891b43718acef88ea842_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:c8c274929641a8ddcbd8045daee04d1cc4f361acd4e9891b43718acef88ea842_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:c8c274929641a8ddcbd8045daee04d1cc4f361acd4e9891b43718acef88ea842_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256%3Ac8c274929641a8ddcbd8045daee04d1cc4f361acd4e9891b43718acef88ea842?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768824960"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:bc068cd4d0d2a6c9bae530b3343cfc31ff19e109b70021ef260bb87548a9c1b9_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:bc068cd4d0d2a6c9bae530b3343cfc31ff19e109b70021ef260bb87548a9c1b9_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:bc068cd4d0d2a6c9bae530b3343cfc31ff19e109b70021ef260bb87548a9c1b9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256%3Abc068cd4d0d2a6c9bae530b3343cfc31ff19e109b70021ef260bb87548a9c1b9?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768825193"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:8d10a7ccbb3ef67f3f5ad3f4dd77927a6ab15b7bdb78cf821ee764f967adcdc2_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:8d10a7ccbb3ef67f3f5ad3f4dd77927a6ab15b7bdb78cf821ee764f967adcdc2_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:8d10a7ccbb3ef67f3f5ad3f4dd77927a6ab15b7bdb78cf821ee764f967adcdc2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256%3A8d10a7ccbb3ef67f3f5ad3f4dd77927a6ab15b7bdb78cf821ee764f967adcdc2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768824197"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:04a0309f1ea64b27a03d51ed435e3ba03b9b1c00f92ef1d136db7873be49bf6c_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:04a0309f1ea64b27a03d51ed435e3ba03b9b1c00f92ef1d136db7873be49bf6c_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:04a0309f1ea64b27a03d51ed435e3ba03b9b1c00f92ef1d136db7873be49bf6c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256%3A04a0309f1ea64b27a03d51ed435e3ba03b9b1c00f92ef1d136db7873be49bf6c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768825455"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0afd39c2275c46025cee7518d62cc3a26441758f9315e864d25f8b78a5e464f4_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0afd39c2275c46025cee7518d62cc3a26441758f9315e864d25f8b78a5e464f4_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0afd39c2275c46025cee7518d62cc3a26441758f9315e864d25f8b78a5e464f4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256%3A0afd39c2275c46025cee7518d62cc3a26441758f9315e864d25f8b78a5e464f4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768825762"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:309b422848a3c58a2f6716b2ae7891fae31a2bee824dddf2206d3ee4d9c0e3be_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:309b422848a3c58a2f6716b2ae7891fae31a2bee824dddf2206d3ee4d9c0e3be_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:309b422848a3c58a2f6716b2ae7891fae31a2bee824dddf2206d3ee4d9c0e3be_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-agent-rhel8@sha256%3A309b422848a3c58a2f6716b2ae7891fae31a2bee824dddf2206d3ee4d9c0e3be?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768824729"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:221e413f5a21ae4a8eb3a92c88a0f901980fb022f43c5c9dd0b618cb8d94f12f_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:221e413f5a21ae4a8eb3a92c88a0f901980fb022f43c5c9dd0b618cb8d94f12f_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:221e413f5a21ae4a8eb3a92c88a0f901980fb022f43c5c9dd0b618cb8d94f12f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-extensions-rhel8@sha256%3A221e413f5a21ae4a8eb3a92c88a0f901980fb022f43c5c9dd0b618cb8d94f12f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768824533"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2946fd417176936f3339cbbb3597d45f586357e68810d8449e716fb827f5debb_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2946fd417176936f3339cbbb3597d45f586357e68810d8449e716fb827f5debb_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2946fd417176936f3339cbbb3597d45f586357e68810d8449e716fb827f5debb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel9@sha256%3A2946fd417176936f3339cbbb3597d45f586357e68810d8449e716fb827f5debb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768824532"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:cf87bc59b51519af1fb349291dc6e0e346c22db132ab8ed2b0efd49e2a1f9775_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:cf87bc59b51519af1fb349291dc6e0e346c22db132ab8ed2b0efd49e2a1f9775_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:cf87bc59b51519af1fb349291dc6e0e346c22db132ab8ed2b0efd49e2a1f9775_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256%3Acf87bc59b51519af1fb349291dc6e0e346c22db132ab8ed2b0efd49e2a1f9775?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768824983"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:495cfc1e0b1112d6d534baacda0d5591b67af1123b7099a65514365226b8874d_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:495cfc1e0b1112d6d534baacda0d5591b67af1123b7099a65514365226b8874d_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:495cfc1e0b1112d6d534baacda0d5591b67af1123b7099a65514365226b8874d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256%3A495cfc1e0b1112d6d534baacda0d5591b67af1123b7099a65514365226b8874d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768825799"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:e7a5ca5641b9c72d42b39b087a9277183a2767e326914ea0441ce5904a77b44f_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:e7a5ca5641b9c72d42b39b087a9277183a2767e326914ea0441ce5904a77b44f_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:e7a5ca5641b9c72d42b39b087a9277183a2767e326914ea0441ce5904a77b44f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256%3Ae7a5ca5641b9c72d42b39b087a9277183a2767e326914ea0441ce5904a77b44f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768824960"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:c8cca109f73568bd4331ecab567ba39a5d016bfd249bc6e62c79eb903df7f77d_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:c8cca109f73568bd4331ecab567ba39a5d016bfd249bc6e62c79eb903df7f77d_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:c8cca109f73568bd4331ecab567ba39a5d016bfd249bc6e62c79eb903df7f77d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256%3Ac8cca109f73568bd4331ecab567ba39a5d016bfd249bc6e62c79eb903df7f77d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768825193"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:3a7697e1f5e899b15e86d98c813857a5513055dbb8202f082ebcd1c1e91e7e2c_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:3a7697e1f5e899b15e86d98c813857a5513055dbb8202f082ebcd1c1e91e7e2c_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:3a7697e1f5e899b15e86d98c813857a5513055dbb8202f082ebcd1c1e91e7e2c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256%3A3a7697e1f5e899b15e86d98c813857a5513055dbb8202f082ebcd1c1e91e7e2c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768824197"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:42bcfb29916b6c0ed25625841c9dd483b1a36cd978c6815a2969a794417474b0_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:42bcfb29916b6c0ed25625841c9dd483b1a36cd978c6815a2969a794417474b0_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:42bcfb29916b6c0ed25625841c9dd483b1a36cd978c6815a2969a794417474b0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256%3A42bcfb29916b6c0ed25625841c9dd483b1a36cd978c6815a2969a794417474b0?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768825455"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:7bec6ba526ade9f626672e69d9b4a22df5a4d5d6b65a3d7fd681055968e85db8_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:7bec6ba526ade9f626672e69d9b4a22df5a4d5d6b65a3d7fd681055968e85db8_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:7bec6ba526ade9f626672e69d9b4a22df5a4d5d6b65a3d7fd681055968e85db8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256%3A7bec6ba526ade9f626672e69d9b4a22df5a4d5d6b65a3d7fd681055968e85db8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768825762"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:38252c3097bc6ac5971aff8ca9c9280a5569b8824a96034cddeff4a2feed9354_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:38252c3097bc6ac5971aff8ca9c9280a5569b8824a96034cddeff4a2feed9354_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:38252c3097bc6ac5971aff8ca9c9280a5569b8824a96034cddeff4a2feed9354_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-agent-rhel8@sha256%3A38252c3097bc6ac5971aff8ca9c9280a5569b8824a96034cddeff4a2feed9354?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768824729"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:6dbc097f05deedeb5a1242bcbbbd71a32f7280e60d65ba0773b36f83b98bcd31_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:6dbc097f05deedeb5a1242bcbbbd71a32f7280e60d65ba0773b36f83b98bcd31_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:6dbc097f05deedeb5a1242bcbbbd71a32f7280e60d65ba0773b36f83b98bcd31_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-extensions-rhel8@sha256%3A6dbc097f05deedeb5a1242bcbbbd71a32f7280e60d65ba0773b36f83b98bcd31?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768824533"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:80f845196a254e186385aa8c0217bfd857a1832357bc309875b6b82a835eadee_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:80f845196a254e186385aa8c0217bfd857a1832357bc309875b6b82a835eadee_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:80f845196a254e186385aa8c0217bfd857a1832357bc309875b6b82a835eadee_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel9@sha256%3A80f845196a254e186385aa8c0217bfd857a1832357bc309875b6b82a835eadee?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768824532"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:81f57cf09f298ba6436d9f3236d53210de456b8b1e54b565788b15b7a9d48411_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:81f57cf09f298ba6436d9f3236d53210de456b8b1e54b565788b15b7a9d48411_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:81f57cf09f298ba6436d9f3236d53210de456b8b1e54b565788b15b7a9d48411_s390x",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256%3A81f57cf09f298ba6436d9f3236d53210de456b8b1e54b565788b15b7a9d48411?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768824983"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:072fc7738b1bd7fdfacc99eafc7fe55dfa3ebfb79466f255401b821391667971_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:072fc7738b1bd7fdfacc99eafc7fe55dfa3ebfb79466f255401b821391667971_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:072fc7738b1bd7fdfacc99eafc7fe55dfa3ebfb79466f255401b821391667971_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256%3A072fc7738b1bd7fdfacc99eafc7fe55dfa3ebfb79466f255401b821391667971?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768825799"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:809292e8911468c8b463736793bc42adb6e9d886d7a3a3452706668091f22b20_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:809292e8911468c8b463736793bc42adb6e9d886d7a3a3452706668091f22b20_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:809292e8911468c8b463736793bc42adb6e9d886d7a3a3452706668091f22b20_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256%3A809292e8911468c8b463736793bc42adb6e9d886d7a3a3452706668091f22b20?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768824960"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:4a9f42b315becd846787de8798c2bb85d3a2bf607dacd85a18976fa16c00302d_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:4a9f42b315becd846787de8798c2bb85d3a2bf607dacd85a18976fa16c00302d_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:4a9f42b315becd846787de8798c2bb85d3a2bf607dacd85a18976fa16c00302d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256%3A4a9f42b315becd846787de8798c2bb85d3a2bf607dacd85a18976fa16c00302d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768825193"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:dab0ffcf048536d127483cce2042665a687086d72ce420ecca6dba3e3787f339_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:dab0ffcf048536d127483cce2042665a687086d72ce420ecca6dba3e3787f339_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:dab0ffcf048536d127483cce2042665a687086d72ce420ecca6dba3e3787f339_s390x",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256%3Adab0ffcf048536d127483cce2042665a687086d72ce420ecca6dba3e3787f339?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768824197"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:04a0309f1ea64b27a03d51ed435e3ba03b9b1c00f92ef1d136db7873be49bf6c_ppc64le as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:04a0309f1ea64b27a03d51ed435e3ba03b9b1c00f92ef1d136db7873be49bf6c_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:04a0309f1ea64b27a03d51ed435e3ba03b9b1c00f92ef1d136db7873be49bf6c_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:42bcfb29916b6c0ed25625841c9dd483b1a36cd978c6815a2969a794417474b0_s390x as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:42bcfb29916b6c0ed25625841c9dd483b1a36cd978c6815a2969a794417474b0_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:42bcfb29916b6c0ed25625841c9dd483b1a36cd978c6815a2969a794417474b0_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:5cd9912e51ffea57bad97d8d725cd6210c0ba43d41d6a11c67b03d7e8807a1b4_arm64 as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:5cd9912e51ffea57bad97d8d725cd6210c0ba43d41d6a11c67b03d7e8807a1b4_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:5cd9912e51ffea57bad97d8d725cd6210c0ba43d41d6a11c67b03d7e8807a1b4_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:c1061a246650fe9735d3c5b439fb81e859e5badcd69c4ea241204287e14ec802_amd64 as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:c1061a246650fe9735d3c5b439fb81e859e5badcd69c4ea241204287e14ec802_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:c1061a246650fe9735d3c5b439fb81e859e5badcd69c4ea241204287e14ec802_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:309b422848a3c58a2f6716b2ae7891fae31a2bee824dddf2206d3ee4d9c0e3be_ppc64le as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:309b422848a3c58a2f6716b2ae7891fae31a2bee824dddf2206d3ee4d9c0e3be_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:309b422848a3c58a2f6716b2ae7891fae31a2bee824dddf2206d3ee4d9c0e3be_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:38252c3097bc6ac5971aff8ca9c9280a5569b8824a96034cddeff4a2feed9354_s390x as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:38252c3097bc6ac5971aff8ca9c9280a5569b8824a96034cddeff4a2feed9354_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:38252c3097bc6ac5971aff8ca9c9280a5569b8824a96034cddeff4a2feed9354_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:8a07b1dcc21b99093a21936da2959f4ff9dbe9b2a138609594ec1cbfab06d096_amd64 as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:8a07b1dcc21b99093a21936da2959f4ff9dbe9b2a138609594ec1cbfab06d096_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:8a07b1dcc21b99093a21936da2959f4ff9dbe9b2a138609594ec1cbfab06d096_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a922ecfd9f8d0cbc42897871235789c5f60dfeef43487697152acd492da2ba52_arm64 as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a922ecfd9f8d0cbc42897871235789c5f60dfeef43487697152acd492da2ba52_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a922ecfd9f8d0cbc42897871235789c5f60dfeef43487697152acd492da2ba52_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:221e413f5a21ae4a8eb3a92c88a0f901980fb022f43c5c9dd0b618cb8d94f12f_ppc64le as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:221e413f5a21ae4a8eb3a92c88a0f901980fb022f43c5c9dd0b618cb8d94f12f_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:221e413f5a21ae4a8eb3a92c88a0f901980fb022f43c5c9dd0b618cb8d94f12f_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:6dbc097f05deedeb5a1242bcbbbd71a32f7280e60d65ba0773b36f83b98bcd31_s390x as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:6dbc097f05deedeb5a1242bcbbbd71a32f7280e60d65ba0773b36f83b98bcd31_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:6dbc097f05deedeb5a1242bcbbbd71a32f7280e60d65ba0773b36f83b98bcd31_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:752863bfda3f6021ffbb356696049b7983dec9556da06f2c5e653fa9244a2b25_arm64 as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:752863bfda3f6021ffbb356696049b7983dec9556da06f2c5e653fa9244a2b25_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:752863bfda3f6021ffbb356696049b7983dec9556da06f2c5e653fa9244a2b25_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:95db3bb5baeea65a0304c1701ae7f84b9431fc1f13f7c18085abc82d5a7eace1_amd64 as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:95db3bb5baeea65a0304c1701ae7f84b9431fc1f13f7c18085abc82d5a7eace1_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:95db3bb5baeea65a0304c1701ae7f84b9431fc1f13f7c18085abc82d5a7eace1_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0afd39c2275c46025cee7518d62cc3a26441758f9315e864d25f8b78a5e464f4_ppc64le as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0afd39c2275c46025cee7518d62cc3a26441758f9315e864d25f8b78a5e464f4_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0afd39c2275c46025cee7518d62cc3a26441758f9315e864d25f8b78a5e464f4_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1f93ea9508e4f1a9c54158d8fa6a0dc7babb65fcbd606c3474fd953fc80e95c9_arm64 as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1f93ea9508e4f1a9c54158d8fa6a0dc7babb65fcbd606c3474fd953fc80e95c9_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1f93ea9508e4f1a9c54158d8fa6a0dc7babb65fcbd606c3474fd953fc80e95c9_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:7bec6ba526ade9f626672e69d9b4a22df5a4d5d6b65a3d7fd681055968e85db8_s390x as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:7bec6ba526ade9f626672e69d9b4a22df5a4d5d6b65a3d7fd681055968e85db8_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:7bec6ba526ade9f626672e69d9b4a22df5a4d5d6b65a3d7fd681055968e85db8_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f5b3f576f18c0687c5cb757d8c7420ca883033975b906cd2c6fabace582a7fdd_amd64 as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f5b3f576f18c0687c5cb757d8c7420ca883033975b906cd2c6fabace582a7fdd_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f5b3f576f18c0687c5cb757d8c7420ca883033975b906cd2c6fabace582a7fdd_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:19ee8d67235801b83af21c52b92b0855e34f959700eb400d2db455a50b91f512_arm64 as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:19ee8d67235801b83af21c52b92b0855e34f959700eb400d2db455a50b91f512_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:19ee8d67235801b83af21c52b92b0855e34f959700eb400d2db455a50b91f512_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2946fd417176936f3339cbbb3597d45f586357e68810d8449e716fb827f5debb_ppc64le as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2946fd417176936f3339cbbb3597d45f586357e68810d8449e716fb827f5debb_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2946fd417176936f3339cbbb3597d45f586357e68810d8449e716fb827f5debb_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:8019ec0d2ecc069941d771369cd072c656532aa7bff4a15ba0f62e4d0545992e_amd64 as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:8019ec0d2ecc069941d771369cd072c656532aa7bff4a15ba0f62e4d0545992e_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:8019ec0d2ecc069941d771369cd072c656532aa7bff4a15ba0f62e4d0545992e_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:80f845196a254e186385aa8c0217bfd857a1832357bc309875b6b82a835eadee_s390x as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:80f845196a254e186385aa8c0217bfd857a1832357bc309875b6b82a835eadee_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:80f845196a254e186385aa8c0217bfd857a1832357bc309875b6b82a835eadee_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:54cf6dad43d830b530b6554c25f24b23be3bb51fc9436b20fc4c75fa03665b84_arm64 as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:54cf6dad43d830b530b6554c25f24b23be3bb51fc9436b20fc4c75fa03665b84_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:54cf6dad43d830b530b6554c25f24b23be3bb51fc9436b20fc4c75fa03665b84_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:81f57cf09f298ba6436d9f3236d53210de456b8b1e54b565788b15b7a9d48411_s390x as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:81f57cf09f298ba6436d9f3236d53210de456b8b1e54b565788b15b7a9d48411_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:81f57cf09f298ba6436d9f3236d53210de456b8b1e54b565788b15b7a9d48411_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:cf87bc59b51519af1fb349291dc6e0e346c22db132ab8ed2b0efd49e2a1f9775_ppc64le as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:cf87bc59b51519af1fb349291dc6e0e346c22db132ab8ed2b0efd49e2a1f9775_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:cf87bc59b51519af1fb349291dc6e0e346c22db132ab8ed2b0efd49e2a1f9775_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:f626986471cf481e3101377242474d3904439fa12ed45b9dd49cb1d369390c65_amd64 as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:f626986471cf481e3101377242474d3904439fa12ed45b9dd49cb1d369390c65_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:f626986471cf481e3101377242474d3904439fa12ed45b9dd49cb1d369390c65_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:072fc7738b1bd7fdfacc99eafc7fe55dfa3ebfb79466f255401b821391667971_s390x as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:072fc7738b1bd7fdfacc99eafc7fe55dfa3ebfb79466f255401b821391667971_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:072fc7738b1bd7fdfacc99eafc7fe55dfa3ebfb79466f255401b821391667971_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:495cfc1e0b1112d6d534baacda0d5591b67af1123b7099a65514365226b8874d_ppc64le as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:495cfc1e0b1112d6d534baacda0d5591b67af1123b7099a65514365226b8874d_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:495cfc1e0b1112d6d534baacda0d5591b67af1123b7099a65514365226b8874d_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:b5ef707dee8e0098612e5117b8e5baaebb959c75a0416624d727dd44106c401b_amd64 as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:b5ef707dee8e0098612e5117b8e5baaebb959c75a0416624d727dd44106c401b_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:b5ef707dee8e0098612e5117b8e5baaebb959c75a0416624d727dd44106c401b_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:c89915b32d7812867b049c754480667c6218738d81fceb7012a615928508d62d_arm64 as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:c89915b32d7812867b049c754480667c6218738d81fceb7012a615928508d62d_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:c89915b32d7812867b049c754480667c6218738d81fceb7012a615928508d62d_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:710f6fe3896177cae0d900643b7147d11410e5e58ee012e139fbeee308ee297b_amd64 as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:710f6fe3896177cae0d900643b7147d11410e5e58ee012e139fbeee308ee297b_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:710f6fe3896177cae0d900643b7147d11410e5e58ee012e139fbeee308ee297b_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:1fdc8378e3f67e274146571a566c49a99069964e167e7915fa078d508cedf388_amd64 as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:1fdc8378e3f67e274146571a566c49a99069964e167e7915fa078d508cedf388_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:1fdc8378e3f67e274146571a566c49a99069964e167e7915fa078d508cedf388_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:4a9f42b315becd846787de8798c2bb85d3a2bf607dacd85a18976fa16c00302d_s390x as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:4a9f42b315becd846787de8798c2bb85d3a2bf607dacd85a18976fa16c00302d_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:4a9f42b315becd846787de8798c2bb85d3a2bf607dacd85a18976fa16c00302d_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:bc068cd4d0d2a6c9bae530b3343cfc31ff19e109b70021ef260bb87548a9c1b9_arm64 as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:bc068cd4d0d2a6c9bae530b3343cfc31ff19e109b70021ef260bb87548a9c1b9_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:bc068cd4d0d2a6c9bae530b3343cfc31ff19e109b70021ef260bb87548a9c1b9_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:c8cca109f73568bd4331ecab567ba39a5d016bfd249bc6e62c79eb903df7f77d_ppc64le as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:c8cca109f73568bd4331ecab567ba39a5d016bfd249bc6e62c79eb903df7f77d_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:c8cca109f73568bd4331ecab567ba39a5d016bfd249bc6e62c79eb903df7f77d_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:809292e8911468c8b463736793bc42adb6e9d886d7a3a3452706668091f22b20_s390x as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:809292e8911468c8b463736793bc42adb6e9d886d7a3a3452706668091f22b20_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:809292e8911468c8b463736793bc42adb6e9d886d7a3a3452706668091f22b20_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:c8c274929641a8ddcbd8045daee04d1cc4f361acd4e9891b43718acef88ea842_arm64 as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:c8c274929641a8ddcbd8045daee04d1cc4f361acd4e9891b43718acef88ea842_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:c8c274929641a8ddcbd8045daee04d1cc4f361acd4e9891b43718acef88ea842_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:d12e12f7aa0f40272033174000422448695ccaa5f5331624144be0506e3f2475_amd64 as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:d12e12f7aa0f40272033174000422448695ccaa5f5331624144be0506e3f2475_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:d12e12f7aa0f40272033174000422448695ccaa5f5331624144be0506e3f2475_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:e7a5ca5641b9c72d42b39b087a9277183a2767e326914ea0441ce5904a77b44f_ppc64le as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:e7a5ca5641b9c72d42b39b087a9277183a2767e326914ea0441ce5904a77b44f_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:e7a5ca5641b9c72d42b39b087a9277183a2767e326914ea0441ce5904a77b44f_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:3a7697e1f5e899b15e86d98c813857a5513055dbb8202f082ebcd1c1e91e7e2c_ppc64le as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:3a7697e1f5e899b15e86d98c813857a5513055dbb8202f082ebcd1c1e91e7e2c_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:3a7697e1f5e899b15e86d98c813857a5513055dbb8202f082ebcd1c1e91e7e2c_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:8d10a7ccbb3ef67f3f5ad3f4dd77927a6ab15b7bdb78cf821ee764f967adcdc2_arm64 as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:8d10a7ccbb3ef67f3f5ad3f4dd77927a6ab15b7bdb78cf821ee764f967adcdc2_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:8d10a7ccbb3ef67f3f5ad3f4dd77927a6ab15b7bdb78cf821ee764f967adcdc2_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:dab0ffcf048536d127483cce2042665a687086d72ce420ecca6dba3e3787f339_s390x as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:dab0ffcf048536d127483cce2042665a687086d72ce420ecca6dba3e3787f339_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:dab0ffcf048536d127483cce2042665a687086d72ce420ecca6dba3e3787f339_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:e76acb4eff779bd17f575e3535cf8be658205fe1e7bc14c67a4f26110c4f8c5f_amd64 as a component of Red Hat OpenShift GitOps 1.17",
"product_id": "Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:e76acb4eff779bd17f575e3535cf8be658205fe1e7bc14c67a4f26110c4f8c5f_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:e76acb4eff779bd17f575e3535cf8be658205fe1e7bc14c67a4f26110c4f8c5f_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.17"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47913",
"discovery_date": "2025-11-13T22:01:26.092452+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:04a0309f1ea64b27a03d51ed435e3ba03b9b1c00f92ef1d136db7873be49bf6c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:42bcfb29916b6c0ed25625841c9dd483b1a36cd978c6815a2969a794417474b0_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:5cd9912e51ffea57bad97d8d725cd6210c0ba43d41d6a11c67b03d7e8807a1b4_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:c1061a246650fe9735d3c5b439fb81e859e5badcd69c4ea241204287e14ec802_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:221e413f5a21ae4a8eb3a92c88a0f901980fb022f43c5c9dd0b618cb8d94f12f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:6dbc097f05deedeb5a1242bcbbbd71a32f7280e60d65ba0773b36f83b98bcd31_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:752863bfda3f6021ffbb356696049b7983dec9556da06f2c5e653fa9244a2b25_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:95db3bb5baeea65a0304c1701ae7f84b9431fc1f13f7c18085abc82d5a7eace1_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0afd39c2275c46025cee7518d62cc3a26441758f9315e864d25f8b78a5e464f4_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1f93ea9508e4f1a9c54158d8fa6a0dc7babb65fcbd606c3474fd953fc80e95c9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:7bec6ba526ade9f626672e69d9b4a22df5a4d5d6b65a3d7fd681055968e85db8_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f5b3f576f18c0687c5cb757d8c7420ca883033975b906cd2c6fabace582a7fdd_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:54cf6dad43d830b530b6554c25f24b23be3bb51fc9436b20fc4c75fa03665b84_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:81f57cf09f298ba6436d9f3236d53210de456b8b1e54b565788b15b7a9d48411_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:cf87bc59b51519af1fb349291dc6e0e346c22db132ab8ed2b0efd49e2a1f9775_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:f626986471cf481e3101377242474d3904439fa12ed45b9dd49cb1d369390c65_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:072fc7738b1bd7fdfacc99eafc7fe55dfa3ebfb79466f255401b821391667971_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:495cfc1e0b1112d6d534baacda0d5591b67af1123b7099a65514365226b8874d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:b5ef707dee8e0098612e5117b8e5baaebb959c75a0416624d727dd44106c401b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:c89915b32d7812867b049c754480667c6218738d81fceb7012a615928508d62d_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:710f6fe3896177cae0d900643b7147d11410e5e58ee012e139fbeee308ee297b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:1fdc8378e3f67e274146571a566c49a99069964e167e7915fa078d508cedf388_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:4a9f42b315becd846787de8798c2bb85d3a2bf607dacd85a18976fa16c00302d_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:bc068cd4d0d2a6c9bae530b3343cfc31ff19e109b70021ef260bb87548a9c1b9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:c8cca109f73568bd4331ecab567ba39a5d016bfd249bc6e62c79eb903df7f77d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:809292e8911468c8b463736793bc42adb6e9d886d7a3a3452706668091f22b20_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:c8c274929641a8ddcbd8045daee04d1cc4f361acd4e9891b43718acef88ea842_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:d12e12f7aa0f40272033174000422448695ccaa5f5331624144be0506e3f2475_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:e7a5ca5641b9c72d42b39b087a9277183a2767e326914ea0441ce5904a77b44f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:3a7697e1f5e899b15e86d98c813857a5513055dbb8202f082ebcd1c1e91e7e2c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:8d10a7ccbb3ef67f3f5ad3f4dd77927a6ab15b7bdb78cf821ee764f967adcdc2_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:dab0ffcf048536d127483cce2042665a687086d72ce420ecca6dba3e3787f339_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:e76acb4eff779bd17f575e3535cf8be658205fe1e7bc14c67a4f26110c4f8c5f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2414943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSH_AGENT_SUCCESS (0x06) message to requests expecting typed replies (e.g., List, Sign). The unmarshal layer produces an unexpected message type, which the client code does not handle, leading to panic(\"unreachable\") or a nil-pointer dereference. A malicious agent or forwarded connection can exploit this to terminate the client process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability was marked as Important because it allows any malicious or misbehaving SSH agent to force a crash in the client process using a single valid protocol byte. The panic occurs before the client has a chance to validate message structure or recover, which means an attacker controlling\u2014or intercepting\u2014SSH agent traffic can reliably terminate processes that rely on agent interactions. In environments where SSH agents operate over forwarded sockets, shared workspaces, or CI/CD runners, this turns into a reliable, unauthenticated remote denial of service against critical automation or developer tooling. The flaw also stems from unsafe assumptions in the unmarshalling logic, where unexpected but protocol-legal message types drop into \u201cunreachable\u201d code paths instead of being handled gracefully\u2014making it a design-level reliability break rather than a simple error-handling bug. For this reason, it is rated as an important availability-impacting vulnerability rather than a moderate issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:309b422848a3c58a2f6716b2ae7891fae31a2bee824dddf2206d3ee4d9c0e3be_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:38252c3097bc6ac5971aff8ca9c9280a5569b8824a96034cddeff4a2feed9354_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:8a07b1dcc21b99093a21936da2959f4ff9dbe9b2a138609594ec1cbfab06d096_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a922ecfd9f8d0cbc42897871235789c5f60dfeef43487697152acd492da2ba52_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:19ee8d67235801b83af21c52b92b0855e34f959700eb400d2db455a50b91f512_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2946fd417176936f3339cbbb3597d45f586357e68810d8449e716fb827f5debb_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:8019ec0d2ecc069941d771369cd072c656532aa7bff4a15ba0f62e4d0545992e_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:80f845196a254e186385aa8c0217bfd857a1832357bc309875b6b82a835eadee_s390x"
],
"known_not_affected": [
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:04a0309f1ea64b27a03d51ed435e3ba03b9b1c00f92ef1d136db7873be49bf6c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:42bcfb29916b6c0ed25625841c9dd483b1a36cd978c6815a2969a794417474b0_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:5cd9912e51ffea57bad97d8d725cd6210c0ba43d41d6a11c67b03d7e8807a1b4_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:c1061a246650fe9735d3c5b439fb81e859e5badcd69c4ea241204287e14ec802_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:221e413f5a21ae4a8eb3a92c88a0f901980fb022f43c5c9dd0b618cb8d94f12f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:6dbc097f05deedeb5a1242bcbbbd71a32f7280e60d65ba0773b36f83b98bcd31_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:752863bfda3f6021ffbb356696049b7983dec9556da06f2c5e653fa9244a2b25_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:95db3bb5baeea65a0304c1701ae7f84b9431fc1f13f7c18085abc82d5a7eace1_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0afd39c2275c46025cee7518d62cc3a26441758f9315e864d25f8b78a5e464f4_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1f93ea9508e4f1a9c54158d8fa6a0dc7babb65fcbd606c3474fd953fc80e95c9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:7bec6ba526ade9f626672e69d9b4a22df5a4d5d6b65a3d7fd681055968e85db8_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f5b3f576f18c0687c5cb757d8c7420ca883033975b906cd2c6fabace582a7fdd_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:54cf6dad43d830b530b6554c25f24b23be3bb51fc9436b20fc4c75fa03665b84_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:81f57cf09f298ba6436d9f3236d53210de456b8b1e54b565788b15b7a9d48411_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:cf87bc59b51519af1fb349291dc6e0e346c22db132ab8ed2b0efd49e2a1f9775_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:f626986471cf481e3101377242474d3904439fa12ed45b9dd49cb1d369390c65_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:072fc7738b1bd7fdfacc99eafc7fe55dfa3ebfb79466f255401b821391667971_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:495cfc1e0b1112d6d534baacda0d5591b67af1123b7099a65514365226b8874d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:b5ef707dee8e0098612e5117b8e5baaebb959c75a0416624d727dd44106c401b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:c89915b32d7812867b049c754480667c6218738d81fceb7012a615928508d62d_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:710f6fe3896177cae0d900643b7147d11410e5e58ee012e139fbeee308ee297b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:1fdc8378e3f67e274146571a566c49a99069964e167e7915fa078d508cedf388_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:4a9f42b315becd846787de8798c2bb85d3a2bf607dacd85a18976fa16c00302d_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:bc068cd4d0d2a6c9bae530b3343cfc31ff19e109b70021ef260bb87548a9c1b9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:c8cca109f73568bd4331ecab567ba39a5d016bfd249bc6e62c79eb903df7f77d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:809292e8911468c8b463736793bc42adb6e9d886d7a3a3452706668091f22b20_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:c8c274929641a8ddcbd8045daee04d1cc4f361acd4e9891b43718acef88ea842_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:d12e12f7aa0f40272033174000422448695ccaa5f5331624144be0506e3f2475_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:e7a5ca5641b9c72d42b39b087a9277183a2767e326914ea0441ce5904a77b44f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:3a7697e1f5e899b15e86d98c813857a5513055dbb8202f082ebcd1c1e91e7e2c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:8d10a7ccbb3ef67f3f5ad3f4dd77927a6ab15b7bdb78cf821ee764f967adcdc2_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:dab0ffcf048536d127483cce2042665a687086d72ce420ecca6dba3e3787f339_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:e76acb4eff779bd17f575e3535cf8be658205fe1e7bc14c67a4f26110c4f8c5f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "RHBZ#2414943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-hcg3-q754-cr77",
"url": "https://github.com/advisories/GHSA-hcg3-q754-cr77"
},
{
"category": "external",
"summary": "https://go.dev/cl/700295",
"url": "https://go.dev/cl/700295"
},
{
"category": "external",
"summary": "https://go.dev/issue/75178",
"url": "https://go.dev/issue/75178"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4116",
"url": "https://pkg.go.dev/vuln/GO-2025-4116"
}
],
"release_date": "2025-11-13T21:29:39.907000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T15:52:24+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:309b422848a3c58a2f6716b2ae7891fae31a2bee824dddf2206d3ee4d9c0e3be_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:38252c3097bc6ac5971aff8ca9c9280a5569b8824a96034cddeff4a2feed9354_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:8a07b1dcc21b99093a21936da2959f4ff9dbe9b2a138609594ec1cbfab06d096_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a922ecfd9f8d0cbc42897871235789c5f60dfeef43487697152acd492da2ba52_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:19ee8d67235801b83af21c52b92b0855e34f959700eb400d2db455a50b91f512_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2946fd417176936f3339cbbb3597d45f586357e68810d8449e716fb827f5debb_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:8019ec0d2ecc069941d771369cd072c656532aa7bff4a15ba0f62e4d0545992e_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:80f845196a254e186385aa8c0217bfd857a1832357bc309875b6b82a835eadee_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1018"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:04a0309f1ea64b27a03d51ed435e3ba03b9b1c00f92ef1d136db7873be49bf6c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:42bcfb29916b6c0ed25625841c9dd483b1a36cd978c6815a2969a794417474b0_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:5cd9912e51ffea57bad97d8d725cd6210c0ba43d41d6a11c67b03d7e8807a1b4_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:c1061a246650fe9735d3c5b439fb81e859e5badcd69c4ea241204287e14ec802_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:309b422848a3c58a2f6716b2ae7891fae31a2bee824dddf2206d3ee4d9c0e3be_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:38252c3097bc6ac5971aff8ca9c9280a5569b8824a96034cddeff4a2feed9354_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:8a07b1dcc21b99093a21936da2959f4ff9dbe9b2a138609594ec1cbfab06d096_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a922ecfd9f8d0cbc42897871235789c5f60dfeef43487697152acd492da2ba52_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:221e413f5a21ae4a8eb3a92c88a0f901980fb022f43c5c9dd0b618cb8d94f12f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:6dbc097f05deedeb5a1242bcbbbd71a32f7280e60d65ba0773b36f83b98bcd31_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:752863bfda3f6021ffbb356696049b7983dec9556da06f2c5e653fa9244a2b25_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:95db3bb5baeea65a0304c1701ae7f84b9431fc1f13f7c18085abc82d5a7eace1_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0afd39c2275c46025cee7518d62cc3a26441758f9315e864d25f8b78a5e464f4_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1f93ea9508e4f1a9c54158d8fa6a0dc7babb65fcbd606c3474fd953fc80e95c9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:7bec6ba526ade9f626672e69d9b4a22df5a4d5d6b65a3d7fd681055968e85db8_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f5b3f576f18c0687c5cb757d8c7420ca883033975b906cd2c6fabace582a7fdd_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:19ee8d67235801b83af21c52b92b0855e34f959700eb400d2db455a50b91f512_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2946fd417176936f3339cbbb3597d45f586357e68810d8449e716fb827f5debb_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:8019ec0d2ecc069941d771369cd072c656532aa7bff4a15ba0f62e4d0545992e_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:80f845196a254e186385aa8c0217bfd857a1832357bc309875b6b82a835eadee_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:54cf6dad43d830b530b6554c25f24b23be3bb51fc9436b20fc4c75fa03665b84_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:81f57cf09f298ba6436d9f3236d53210de456b8b1e54b565788b15b7a9d48411_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:cf87bc59b51519af1fb349291dc6e0e346c22db132ab8ed2b0efd49e2a1f9775_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:f626986471cf481e3101377242474d3904439fa12ed45b9dd49cb1d369390c65_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:072fc7738b1bd7fdfacc99eafc7fe55dfa3ebfb79466f255401b821391667971_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:495cfc1e0b1112d6d534baacda0d5591b67af1123b7099a65514365226b8874d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:b5ef707dee8e0098612e5117b8e5baaebb959c75a0416624d727dd44106c401b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:c89915b32d7812867b049c754480667c6218738d81fceb7012a615928508d62d_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:710f6fe3896177cae0d900643b7147d11410e5e58ee012e139fbeee308ee297b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:1fdc8378e3f67e274146571a566c49a99069964e167e7915fa078d508cedf388_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:4a9f42b315becd846787de8798c2bb85d3a2bf607dacd85a18976fa16c00302d_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:bc068cd4d0d2a6c9bae530b3343cfc31ff19e109b70021ef260bb87548a9c1b9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:c8cca109f73568bd4331ecab567ba39a5d016bfd249bc6e62c79eb903df7f77d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:809292e8911468c8b463736793bc42adb6e9d886d7a3a3452706668091f22b20_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:c8c274929641a8ddcbd8045daee04d1cc4f361acd4e9891b43718acef88ea842_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:d12e12f7aa0f40272033174000422448695ccaa5f5331624144be0506e3f2475_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:e7a5ca5641b9c72d42b39b087a9277183a2767e326914ea0441ce5904a77b44f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:3a7697e1f5e899b15e86d98c813857a5513055dbb8202f082ebcd1c1e91e7e2c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:8d10a7ccbb3ef67f3f5ad3f4dd77927a6ab15b7bdb78cf821ee764f967adcdc2_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:dab0ffcf048536d127483cce2042665a687086d72ce420ecca6dba3e3787f339_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:e76acb4eff779bd17f575e3535cf8be658205fe1e7bc14c67a4f26110c4f8c5f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:04a0309f1ea64b27a03d51ed435e3ba03b9b1c00f92ef1d136db7873be49bf6c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:42bcfb29916b6c0ed25625841c9dd483b1a36cd978c6815a2969a794417474b0_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:5cd9912e51ffea57bad97d8d725cd6210c0ba43d41d6a11c67b03d7e8807a1b4_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:c1061a246650fe9735d3c5b439fb81e859e5badcd69c4ea241204287e14ec802_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:309b422848a3c58a2f6716b2ae7891fae31a2bee824dddf2206d3ee4d9c0e3be_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:38252c3097bc6ac5971aff8ca9c9280a5569b8824a96034cddeff4a2feed9354_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:8a07b1dcc21b99093a21936da2959f4ff9dbe9b2a138609594ec1cbfab06d096_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a922ecfd9f8d0cbc42897871235789c5f60dfeef43487697152acd492da2ba52_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:221e413f5a21ae4a8eb3a92c88a0f901980fb022f43c5c9dd0b618cb8d94f12f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:6dbc097f05deedeb5a1242bcbbbd71a32f7280e60d65ba0773b36f83b98bcd31_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:752863bfda3f6021ffbb356696049b7983dec9556da06f2c5e653fa9244a2b25_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:95db3bb5baeea65a0304c1701ae7f84b9431fc1f13f7c18085abc82d5a7eace1_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0afd39c2275c46025cee7518d62cc3a26441758f9315e864d25f8b78a5e464f4_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1f93ea9508e4f1a9c54158d8fa6a0dc7babb65fcbd606c3474fd953fc80e95c9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:7bec6ba526ade9f626672e69d9b4a22df5a4d5d6b65a3d7fd681055968e85db8_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f5b3f576f18c0687c5cb757d8c7420ca883033975b906cd2c6fabace582a7fdd_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:19ee8d67235801b83af21c52b92b0855e34f959700eb400d2db455a50b91f512_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2946fd417176936f3339cbbb3597d45f586357e68810d8449e716fb827f5debb_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:8019ec0d2ecc069941d771369cd072c656532aa7bff4a15ba0f62e4d0545992e_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:80f845196a254e186385aa8c0217bfd857a1832357bc309875b6b82a835eadee_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:54cf6dad43d830b530b6554c25f24b23be3bb51fc9436b20fc4c75fa03665b84_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:81f57cf09f298ba6436d9f3236d53210de456b8b1e54b565788b15b7a9d48411_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:cf87bc59b51519af1fb349291dc6e0e346c22db132ab8ed2b0efd49e2a1f9775_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:f626986471cf481e3101377242474d3904439fa12ed45b9dd49cb1d369390c65_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:072fc7738b1bd7fdfacc99eafc7fe55dfa3ebfb79466f255401b821391667971_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:495cfc1e0b1112d6d534baacda0d5591b67af1123b7099a65514365226b8874d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:b5ef707dee8e0098612e5117b8e5baaebb959c75a0416624d727dd44106c401b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:c89915b32d7812867b049c754480667c6218738d81fceb7012a615928508d62d_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:710f6fe3896177cae0d900643b7147d11410e5e58ee012e139fbeee308ee297b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:1fdc8378e3f67e274146571a566c49a99069964e167e7915fa078d508cedf388_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:4a9f42b315becd846787de8798c2bb85d3a2bf607dacd85a18976fa16c00302d_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:bc068cd4d0d2a6c9bae530b3343cfc31ff19e109b70021ef260bb87548a9c1b9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:c8cca109f73568bd4331ecab567ba39a5d016bfd249bc6e62c79eb903df7f77d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:809292e8911468c8b463736793bc42adb6e9d886d7a3a3452706668091f22b20_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:c8c274929641a8ddcbd8045daee04d1cc4f361acd4e9891b43718acef88ea842_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:d12e12f7aa0f40272033174000422448695ccaa5f5331624144be0506e3f2475_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:e7a5ca5641b9c72d42b39b087a9277183a2767e326914ea0441ce5904a77b44f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:3a7697e1f5e899b15e86d98c813857a5513055dbb8202f082ebcd1c1e91e7e2c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:8d10a7ccbb3ef67f3f5ad3f4dd77927a6ab15b7bdb78cf821ee764f967adcdc2_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:dab0ffcf048536d127483cce2042665a687086d72ce420ecca6dba3e3787f339_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:e76acb4eff779bd17f575e3535cf8be658205fe1e7bc14c67a4f26110c4f8c5f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS"
},
{
"cve": "CVE-2025-55190",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"discovery_date": "2025-08-21T07:09:49.658000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:04a0309f1ea64b27a03d51ed435e3ba03b9b1c00f92ef1d136db7873be49bf6c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:42bcfb29916b6c0ed25625841c9dd483b1a36cd978c6815a2969a794417474b0_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:5cd9912e51ffea57bad97d8d725cd6210c0ba43d41d6a11c67b03d7e8807a1b4_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:c1061a246650fe9735d3c5b439fb81e859e5badcd69c4ea241204287e14ec802_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:309b422848a3c58a2f6716b2ae7891fae31a2bee824dddf2206d3ee4d9c0e3be_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:38252c3097bc6ac5971aff8ca9c9280a5569b8824a96034cddeff4a2feed9354_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:8a07b1dcc21b99093a21936da2959f4ff9dbe9b2a138609594ec1cbfab06d096_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a922ecfd9f8d0cbc42897871235789c5f60dfeef43487697152acd492da2ba52_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:221e413f5a21ae4a8eb3a92c88a0f901980fb022f43c5c9dd0b618cb8d94f12f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:6dbc097f05deedeb5a1242bcbbbd71a32f7280e60d65ba0773b36f83b98bcd31_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:752863bfda3f6021ffbb356696049b7983dec9556da06f2c5e653fa9244a2b25_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:95db3bb5baeea65a0304c1701ae7f84b9431fc1f13f7c18085abc82d5a7eace1_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0afd39c2275c46025cee7518d62cc3a26441758f9315e864d25f8b78a5e464f4_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1f93ea9508e4f1a9c54158d8fa6a0dc7babb65fcbd606c3474fd953fc80e95c9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:7bec6ba526ade9f626672e69d9b4a22df5a4d5d6b65a3d7fd681055968e85db8_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f5b3f576f18c0687c5cb757d8c7420ca883033975b906cd2c6fabace582a7fdd_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:19ee8d67235801b83af21c52b92b0855e34f959700eb400d2db455a50b91f512_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2946fd417176936f3339cbbb3597d45f586357e68810d8449e716fb827f5debb_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:8019ec0d2ecc069941d771369cd072c656532aa7bff4a15ba0f62e4d0545992e_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:80f845196a254e186385aa8c0217bfd857a1832357bc309875b6b82a835eadee_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:54cf6dad43d830b530b6554c25f24b23be3bb51fc9436b20fc4c75fa03665b84_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:81f57cf09f298ba6436d9f3236d53210de456b8b1e54b565788b15b7a9d48411_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:cf87bc59b51519af1fb349291dc6e0e346c22db132ab8ed2b0efd49e2a1f9775_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:f626986471cf481e3101377242474d3904439fa12ed45b9dd49cb1d369390c65_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:072fc7738b1bd7fdfacc99eafc7fe55dfa3ebfb79466f255401b821391667971_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:495cfc1e0b1112d6d534baacda0d5591b67af1123b7099a65514365226b8874d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:b5ef707dee8e0098612e5117b8e5baaebb959c75a0416624d727dd44106c401b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:c89915b32d7812867b049c754480667c6218738d81fceb7012a615928508d62d_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:710f6fe3896177cae0d900643b7147d11410e5e58ee012e139fbeee308ee297b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:1fdc8378e3f67e274146571a566c49a99069964e167e7915fa078d508cedf388_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:4a9f42b315becd846787de8798c2bb85d3a2bf607dacd85a18976fa16c00302d_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:bc068cd4d0d2a6c9bae530b3343cfc31ff19e109b70021ef260bb87548a9c1b9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:c8cca109f73568bd4331ecab567ba39a5d016bfd249bc6e62c79eb903df7f77d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:3a7697e1f5e899b15e86d98c813857a5513055dbb8202f082ebcd1c1e91e7e2c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:8d10a7ccbb3ef67f3f5ad3f4dd77927a6ab15b7bdb78cf821ee764f967adcdc2_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:dab0ffcf048536d127483cce2042665a687086d72ce420ecca6dba3e3787f339_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:e76acb4eff779bd17f575e3535cf8be658205fe1e7bc14c67a4f26110c4f8c5f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2390026"
}
],
"notes": [
{
"category": "description",
"text": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive repository credentials (usernames, passwords) through the project details API endpoint, even when the token only has standard application management permissions and no explicit access to secrets. This vulnerability does not only affect project-level permissions. Any token with project get permissions is also vulnerable, including global permissions such as: `p, role/user, projects, get, *, allow`. This issue is fixed in versions 2.13.9, 2.14.16, 3.0.14 and 3.1.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/argoproj/argo-cd: Project API Token Exposes Repository Credentials",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has Important impact as exploitation requires some privileges granted by the system. An attacker would either need the ability to create an API token (via having valid login credentials) or to have stolen an API token from a legitimate user. It does not grant full control over the system, attackers can only tamper with the project(s) associated with an API token.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:809292e8911468c8b463736793bc42adb6e9d886d7a3a3452706668091f22b20_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:c8c274929641a8ddcbd8045daee04d1cc4f361acd4e9891b43718acef88ea842_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:d12e12f7aa0f40272033174000422448695ccaa5f5331624144be0506e3f2475_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:e7a5ca5641b9c72d42b39b087a9277183a2767e326914ea0441ce5904a77b44f_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:04a0309f1ea64b27a03d51ed435e3ba03b9b1c00f92ef1d136db7873be49bf6c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:42bcfb29916b6c0ed25625841c9dd483b1a36cd978c6815a2969a794417474b0_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:5cd9912e51ffea57bad97d8d725cd6210c0ba43d41d6a11c67b03d7e8807a1b4_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:c1061a246650fe9735d3c5b439fb81e859e5badcd69c4ea241204287e14ec802_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:309b422848a3c58a2f6716b2ae7891fae31a2bee824dddf2206d3ee4d9c0e3be_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:38252c3097bc6ac5971aff8ca9c9280a5569b8824a96034cddeff4a2feed9354_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:8a07b1dcc21b99093a21936da2959f4ff9dbe9b2a138609594ec1cbfab06d096_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a922ecfd9f8d0cbc42897871235789c5f60dfeef43487697152acd492da2ba52_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:221e413f5a21ae4a8eb3a92c88a0f901980fb022f43c5c9dd0b618cb8d94f12f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:6dbc097f05deedeb5a1242bcbbbd71a32f7280e60d65ba0773b36f83b98bcd31_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:752863bfda3f6021ffbb356696049b7983dec9556da06f2c5e653fa9244a2b25_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:95db3bb5baeea65a0304c1701ae7f84b9431fc1f13f7c18085abc82d5a7eace1_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0afd39c2275c46025cee7518d62cc3a26441758f9315e864d25f8b78a5e464f4_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1f93ea9508e4f1a9c54158d8fa6a0dc7babb65fcbd606c3474fd953fc80e95c9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:7bec6ba526ade9f626672e69d9b4a22df5a4d5d6b65a3d7fd681055968e85db8_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f5b3f576f18c0687c5cb757d8c7420ca883033975b906cd2c6fabace582a7fdd_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:19ee8d67235801b83af21c52b92b0855e34f959700eb400d2db455a50b91f512_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2946fd417176936f3339cbbb3597d45f586357e68810d8449e716fb827f5debb_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:8019ec0d2ecc069941d771369cd072c656532aa7bff4a15ba0f62e4d0545992e_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:80f845196a254e186385aa8c0217bfd857a1832357bc309875b6b82a835eadee_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:54cf6dad43d830b530b6554c25f24b23be3bb51fc9436b20fc4c75fa03665b84_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:81f57cf09f298ba6436d9f3236d53210de456b8b1e54b565788b15b7a9d48411_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:cf87bc59b51519af1fb349291dc6e0e346c22db132ab8ed2b0efd49e2a1f9775_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:f626986471cf481e3101377242474d3904439fa12ed45b9dd49cb1d369390c65_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:072fc7738b1bd7fdfacc99eafc7fe55dfa3ebfb79466f255401b821391667971_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:495cfc1e0b1112d6d534baacda0d5591b67af1123b7099a65514365226b8874d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:b5ef707dee8e0098612e5117b8e5baaebb959c75a0416624d727dd44106c401b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:c89915b32d7812867b049c754480667c6218738d81fceb7012a615928508d62d_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:710f6fe3896177cae0d900643b7147d11410e5e58ee012e139fbeee308ee297b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:1fdc8378e3f67e274146571a566c49a99069964e167e7915fa078d508cedf388_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:4a9f42b315becd846787de8798c2bb85d3a2bf607dacd85a18976fa16c00302d_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:bc068cd4d0d2a6c9bae530b3343cfc31ff19e109b70021ef260bb87548a9c1b9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:c8cca109f73568bd4331ecab567ba39a5d016bfd249bc6e62c79eb903df7f77d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:3a7697e1f5e899b15e86d98c813857a5513055dbb8202f082ebcd1c1e91e7e2c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:8d10a7ccbb3ef67f3f5ad3f4dd77927a6ab15b7bdb78cf821ee764f967adcdc2_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:dab0ffcf048536d127483cce2042665a687086d72ce420ecca6dba3e3787f339_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:e76acb4eff779bd17f575e3535cf8be658205fe1e7bc14c67a4f26110c4f8c5f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55190"
},
{
"category": "external",
"summary": "RHBZ#2390026",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2390026"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55190"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55190",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55190"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-786q-9hcg-v9ff",
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-786q-9hcg-v9ff"
}
],
"release_date": "2025-09-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T15:52:24+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:809292e8911468c8b463736793bc42adb6e9d886d7a3a3452706668091f22b20_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:c8c274929641a8ddcbd8045daee04d1cc4f361acd4e9891b43718acef88ea842_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:d12e12f7aa0f40272033174000422448695ccaa5f5331624144be0506e3f2475_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:e7a5ca5641b9c72d42b39b087a9277183a2767e326914ea0441ce5904a77b44f_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1018"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:04a0309f1ea64b27a03d51ed435e3ba03b9b1c00f92ef1d136db7873be49bf6c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:42bcfb29916b6c0ed25625841c9dd483b1a36cd978c6815a2969a794417474b0_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:5cd9912e51ffea57bad97d8d725cd6210c0ba43d41d6a11c67b03d7e8807a1b4_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:c1061a246650fe9735d3c5b439fb81e859e5badcd69c4ea241204287e14ec802_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:309b422848a3c58a2f6716b2ae7891fae31a2bee824dddf2206d3ee4d9c0e3be_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:38252c3097bc6ac5971aff8ca9c9280a5569b8824a96034cddeff4a2feed9354_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:8a07b1dcc21b99093a21936da2959f4ff9dbe9b2a138609594ec1cbfab06d096_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a922ecfd9f8d0cbc42897871235789c5f60dfeef43487697152acd492da2ba52_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:221e413f5a21ae4a8eb3a92c88a0f901980fb022f43c5c9dd0b618cb8d94f12f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:6dbc097f05deedeb5a1242bcbbbd71a32f7280e60d65ba0773b36f83b98bcd31_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:752863bfda3f6021ffbb356696049b7983dec9556da06f2c5e653fa9244a2b25_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:95db3bb5baeea65a0304c1701ae7f84b9431fc1f13f7c18085abc82d5a7eace1_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0afd39c2275c46025cee7518d62cc3a26441758f9315e864d25f8b78a5e464f4_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1f93ea9508e4f1a9c54158d8fa6a0dc7babb65fcbd606c3474fd953fc80e95c9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:7bec6ba526ade9f626672e69d9b4a22df5a4d5d6b65a3d7fd681055968e85db8_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f5b3f576f18c0687c5cb757d8c7420ca883033975b906cd2c6fabace582a7fdd_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:19ee8d67235801b83af21c52b92b0855e34f959700eb400d2db455a50b91f512_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2946fd417176936f3339cbbb3597d45f586357e68810d8449e716fb827f5debb_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:8019ec0d2ecc069941d771369cd072c656532aa7bff4a15ba0f62e4d0545992e_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:80f845196a254e186385aa8c0217bfd857a1832357bc309875b6b82a835eadee_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:54cf6dad43d830b530b6554c25f24b23be3bb51fc9436b20fc4c75fa03665b84_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:81f57cf09f298ba6436d9f3236d53210de456b8b1e54b565788b15b7a9d48411_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:cf87bc59b51519af1fb349291dc6e0e346c22db132ab8ed2b0efd49e2a1f9775_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:f626986471cf481e3101377242474d3904439fa12ed45b9dd49cb1d369390c65_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:072fc7738b1bd7fdfacc99eafc7fe55dfa3ebfb79466f255401b821391667971_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:495cfc1e0b1112d6d534baacda0d5591b67af1123b7099a65514365226b8874d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:b5ef707dee8e0098612e5117b8e5baaebb959c75a0416624d727dd44106c401b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:c89915b32d7812867b049c754480667c6218738d81fceb7012a615928508d62d_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:710f6fe3896177cae0d900643b7147d11410e5e58ee012e139fbeee308ee297b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:1fdc8378e3f67e274146571a566c49a99069964e167e7915fa078d508cedf388_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:4a9f42b315becd846787de8798c2bb85d3a2bf607dacd85a18976fa16c00302d_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:bc068cd4d0d2a6c9bae530b3343cfc31ff19e109b70021ef260bb87548a9c1b9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:c8cca109f73568bd4331ecab567ba39a5d016bfd249bc6e62c79eb903df7f77d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:809292e8911468c8b463736793bc42adb6e9d886d7a3a3452706668091f22b20_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:c8c274929641a8ddcbd8045daee04d1cc4f361acd4e9891b43718acef88ea842_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:d12e12f7aa0f40272033174000422448695ccaa5f5331624144be0506e3f2475_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:e7a5ca5641b9c72d42b39b087a9277183a2767e326914ea0441ce5904a77b44f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:3a7697e1f5e899b15e86d98c813857a5513055dbb8202f082ebcd1c1e91e7e2c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:8d10a7ccbb3ef67f3f5ad3f4dd77927a6ab15b7bdb78cf821ee764f967adcdc2_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:dab0ffcf048536d127483cce2042665a687086d72ce420ecca6dba3e3787f339_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:e76acb4eff779bd17f575e3535cf8be658205fe1e7bc14c67a4f26110c4f8c5f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:04a0309f1ea64b27a03d51ed435e3ba03b9b1c00f92ef1d136db7873be49bf6c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:42bcfb29916b6c0ed25625841c9dd483b1a36cd978c6815a2969a794417474b0_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:5cd9912e51ffea57bad97d8d725cd6210c0ba43d41d6a11c67b03d7e8807a1b4_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:c1061a246650fe9735d3c5b439fb81e859e5badcd69c4ea241204287e14ec802_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:309b422848a3c58a2f6716b2ae7891fae31a2bee824dddf2206d3ee4d9c0e3be_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:38252c3097bc6ac5971aff8ca9c9280a5569b8824a96034cddeff4a2feed9354_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:8a07b1dcc21b99093a21936da2959f4ff9dbe9b2a138609594ec1cbfab06d096_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a922ecfd9f8d0cbc42897871235789c5f60dfeef43487697152acd492da2ba52_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:221e413f5a21ae4a8eb3a92c88a0f901980fb022f43c5c9dd0b618cb8d94f12f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:6dbc097f05deedeb5a1242bcbbbd71a32f7280e60d65ba0773b36f83b98bcd31_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:752863bfda3f6021ffbb356696049b7983dec9556da06f2c5e653fa9244a2b25_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:95db3bb5baeea65a0304c1701ae7f84b9431fc1f13f7c18085abc82d5a7eace1_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0afd39c2275c46025cee7518d62cc3a26441758f9315e864d25f8b78a5e464f4_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1f93ea9508e4f1a9c54158d8fa6a0dc7babb65fcbd606c3474fd953fc80e95c9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:7bec6ba526ade9f626672e69d9b4a22df5a4d5d6b65a3d7fd681055968e85db8_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f5b3f576f18c0687c5cb757d8c7420ca883033975b906cd2c6fabace582a7fdd_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:19ee8d67235801b83af21c52b92b0855e34f959700eb400d2db455a50b91f512_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2946fd417176936f3339cbbb3597d45f586357e68810d8449e716fb827f5debb_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:8019ec0d2ecc069941d771369cd072c656532aa7bff4a15ba0f62e4d0545992e_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:80f845196a254e186385aa8c0217bfd857a1832357bc309875b6b82a835eadee_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:54cf6dad43d830b530b6554c25f24b23be3bb51fc9436b20fc4c75fa03665b84_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:81f57cf09f298ba6436d9f3236d53210de456b8b1e54b565788b15b7a9d48411_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:cf87bc59b51519af1fb349291dc6e0e346c22db132ab8ed2b0efd49e2a1f9775_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:f626986471cf481e3101377242474d3904439fa12ed45b9dd49cb1d369390c65_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:072fc7738b1bd7fdfacc99eafc7fe55dfa3ebfb79466f255401b821391667971_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:495cfc1e0b1112d6d534baacda0d5591b67af1123b7099a65514365226b8874d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:b5ef707dee8e0098612e5117b8e5baaebb959c75a0416624d727dd44106c401b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:c89915b32d7812867b049c754480667c6218738d81fceb7012a615928508d62d_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:710f6fe3896177cae0d900643b7147d11410e5e58ee012e139fbeee308ee297b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:1fdc8378e3f67e274146571a566c49a99069964e167e7915fa078d508cedf388_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:4a9f42b315becd846787de8798c2bb85d3a2bf607dacd85a18976fa16c00302d_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:bc068cd4d0d2a6c9bae530b3343cfc31ff19e109b70021ef260bb87548a9c1b9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:c8cca109f73568bd4331ecab567ba39a5d016bfd249bc6e62c79eb903df7f77d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:809292e8911468c8b463736793bc42adb6e9d886d7a3a3452706668091f22b20_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:c8c274929641a8ddcbd8045daee04d1cc4f361acd4e9891b43718acef88ea842_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:d12e12f7aa0f40272033174000422448695ccaa5f5331624144be0506e3f2475_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:e7a5ca5641b9c72d42b39b087a9277183a2767e326914ea0441ce5904a77b44f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:3a7697e1f5e899b15e86d98c813857a5513055dbb8202f082ebcd1c1e91e7e2c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:8d10a7ccbb3ef67f3f5ad3f4dd77927a6ab15b7bdb78cf821ee764f967adcdc2_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:dab0ffcf048536d127483cce2042665a687086d72ce420ecca6dba3e3787f339_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:e76acb4eff779bd17f575e3535cf8be658205fe1e7bc14c67a4f26110c4f8c5f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/argoproj/argo-cd: Project API Token Exposes Repository Credentials"
},
{
"cve": "CVE-2025-58183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:50.573951+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:04a0309f1ea64b27a03d51ed435e3ba03b9b1c00f92ef1d136db7873be49bf6c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:42bcfb29916b6c0ed25625841c9dd483b1a36cd978c6815a2969a794417474b0_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:5cd9912e51ffea57bad97d8d725cd6210c0ba43d41d6a11c67b03d7e8807a1b4_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:c1061a246650fe9735d3c5b439fb81e859e5badcd69c4ea241204287e14ec802_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:309b422848a3c58a2f6716b2ae7891fae31a2bee824dddf2206d3ee4d9c0e3be_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:38252c3097bc6ac5971aff8ca9c9280a5569b8824a96034cddeff4a2feed9354_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:8a07b1dcc21b99093a21936da2959f4ff9dbe9b2a138609594ec1cbfab06d096_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a922ecfd9f8d0cbc42897871235789c5f60dfeef43487697152acd492da2ba52_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:221e413f5a21ae4a8eb3a92c88a0f901980fb022f43c5c9dd0b618cb8d94f12f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:6dbc097f05deedeb5a1242bcbbbd71a32f7280e60d65ba0773b36f83b98bcd31_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:752863bfda3f6021ffbb356696049b7983dec9556da06f2c5e653fa9244a2b25_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:95db3bb5baeea65a0304c1701ae7f84b9431fc1f13f7c18085abc82d5a7eace1_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:19ee8d67235801b83af21c52b92b0855e34f959700eb400d2db455a50b91f512_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2946fd417176936f3339cbbb3597d45f586357e68810d8449e716fb827f5debb_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:8019ec0d2ecc069941d771369cd072c656532aa7bff4a15ba0f62e4d0545992e_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:80f845196a254e186385aa8c0217bfd857a1832357bc309875b6b82a835eadee_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:54cf6dad43d830b530b6554c25f24b23be3bb51fc9436b20fc4c75fa03665b84_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:81f57cf09f298ba6436d9f3236d53210de456b8b1e54b565788b15b7a9d48411_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:cf87bc59b51519af1fb349291dc6e0e346c22db132ab8ed2b0efd49e2a1f9775_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:f626986471cf481e3101377242474d3904439fa12ed45b9dd49cb1d369390c65_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:710f6fe3896177cae0d900643b7147d11410e5e58ee012e139fbeee308ee297b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:1fdc8378e3f67e274146571a566c49a99069964e167e7915fa078d508cedf388_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:4a9f42b315becd846787de8798c2bb85d3a2bf607dacd85a18976fa16c00302d_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:bc068cd4d0d2a6c9bae530b3343cfc31ff19e109b70021ef260bb87548a9c1b9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:c8cca109f73568bd4331ecab567ba39a5d016bfd249bc6e62c79eb903df7f77d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:809292e8911468c8b463736793bc42adb6e9d886d7a3a3452706668091f22b20_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:c8c274929641a8ddcbd8045daee04d1cc4f361acd4e9891b43718acef88ea842_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:d12e12f7aa0f40272033174000422448695ccaa5f5331624144be0506e3f2475_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:e7a5ca5641b9c72d42b39b087a9277183a2767e326914ea0441ce5904a77b44f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:3a7697e1f5e899b15e86d98c813857a5513055dbb8202f082ebcd1c1e91e7e2c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:8d10a7ccbb3ef67f3f5ad3f4dd77927a6ab15b7bdb78cf821ee764f967adcdc2_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:dab0ffcf048536d127483cce2042665a687086d72ce420ecca6dba3e3787f339_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:e76acb4eff779bd17f575e3535cf8be658205fe1e7bc14c67a4f26110c4f8c5f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407258"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0afd39c2275c46025cee7518d62cc3a26441758f9315e864d25f8b78a5e464f4_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1f93ea9508e4f1a9c54158d8fa6a0dc7babb65fcbd606c3474fd953fc80e95c9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:7bec6ba526ade9f626672e69d9b4a22df5a4d5d6b65a3d7fd681055968e85db8_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f5b3f576f18c0687c5cb757d8c7420ca883033975b906cd2c6fabace582a7fdd_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:072fc7738b1bd7fdfacc99eafc7fe55dfa3ebfb79466f255401b821391667971_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:495cfc1e0b1112d6d534baacda0d5591b67af1123b7099a65514365226b8874d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:b5ef707dee8e0098612e5117b8e5baaebb959c75a0416624d727dd44106c401b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:c89915b32d7812867b049c754480667c6218738d81fceb7012a615928508d62d_arm64"
],
"known_not_affected": [
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:04a0309f1ea64b27a03d51ed435e3ba03b9b1c00f92ef1d136db7873be49bf6c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:42bcfb29916b6c0ed25625841c9dd483b1a36cd978c6815a2969a794417474b0_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:5cd9912e51ffea57bad97d8d725cd6210c0ba43d41d6a11c67b03d7e8807a1b4_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:c1061a246650fe9735d3c5b439fb81e859e5badcd69c4ea241204287e14ec802_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:309b422848a3c58a2f6716b2ae7891fae31a2bee824dddf2206d3ee4d9c0e3be_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:38252c3097bc6ac5971aff8ca9c9280a5569b8824a96034cddeff4a2feed9354_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:8a07b1dcc21b99093a21936da2959f4ff9dbe9b2a138609594ec1cbfab06d096_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a922ecfd9f8d0cbc42897871235789c5f60dfeef43487697152acd492da2ba52_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:221e413f5a21ae4a8eb3a92c88a0f901980fb022f43c5c9dd0b618cb8d94f12f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:6dbc097f05deedeb5a1242bcbbbd71a32f7280e60d65ba0773b36f83b98bcd31_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:752863bfda3f6021ffbb356696049b7983dec9556da06f2c5e653fa9244a2b25_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:95db3bb5baeea65a0304c1701ae7f84b9431fc1f13f7c18085abc82d5a7eace1_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:19ee8d67235801b83af21c52b92b0855e34f959700eb400d2db455a50b91f512_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2946fd417176936f3339cbbb3597d45f586357e68810d8449e716fb827f5debb_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:8019ec0d2ecc069941d771369cd072c656532aa7bff4a15ba0f62e4d0545992e_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:80f845196a254e186385aa8c0217bfd857a1832357bc309875b6b82a835eadee_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:54cf6dad43d830b530b6554c25f24b23be3bb51fc9436b20fc4c75fa03665b84_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:81f57cf09f298ba6436d9f3236d53210de456b8b1e54b565788b15b7a9d48411_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:cf87bc59b51519af1fb349291dc6e0e346c22db132ab8ed2b0efd49e2a1f9775_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:f626986471cf481e3101377242474d3904439fa12ed45b9dd49cb1d369390c65_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:710f6fe3896177cae0d900643b7147d11410e5e58ee012e139fbeee308ee297b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:1fdc8378e3f67e274146571a566c49a99069964e167e7915fa078d508cedf388_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:4a9f42b315becd846787de8798c2bb85d3a2bf607dacd85a18976fa16c00302d_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:bc068cd4d0d2a6c9bae530b3343cfc31ff19e109b70021ef260bb87548a9c1b9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:c8cca109f73568bd4331ecab567ba39a5d016bfd249bc6e62c79eb903df7f77d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:809292e8911468c8b463736793bc42adb6e9d886d7a3a3452706668091f22b20_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:c8c274929641a8ddcbd8045daee04d1cc4f361acd4e9891b43718acef88ea842_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:d12e12f7aa0f40272033174000422448695ccaa5f5331624144be0506e3f2475_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:e7a5ca5641b9c72d42b39b087a9277183a2767e326914ea0441ce5904a77b44f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:3a7697e1f5e899b15e86d98c813857a5513055dbb8202f082ebcd1c1e91e7e2c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:8d10a7ccbb3ef67f3f5ad3f4dd77927a6ab15b7bdb78cf821ee764f967adcdc2_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:dab0ffcf048536d127483cce2042665a687086d72ce420ecca6dba3e3787f339_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:e76acb4eff779bd17f575e3535cf8be658205fe1e7bc14c67a4f26110c4f8c5f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "RHBZ#2407258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://go.dev/cl/709861",
"url": "https://go.dev/cl/709861"
},
{
"category": "external",
"summary": "https://go.dev/issue/75677",
"url": "https://go.dev/issue/75677"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4014",
"url": "https://pkg.go.dev/vuln/GO-2025-4014"
}
],
"release_date": "2025-10-29T22:10:14.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T15:52:24+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0afd39c2275c46025cee7518d62cc3a26441758f9315e864d25f8b78a5e464f4_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1f93ea9508e4f1a9c54158d8fa6a0dc7babb65fcbd606c3474fd953fc80e95c9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:7bec6ba526ade9f626672e69d9b4a22df5a4d5d6b65a3d7fd681055968e85db8_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f5b3f576f18c0687c5cb757d8c7420ca883033975b906cd2c6fabace582a7fdd_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:072fc7738b1bd7fdfacc99eafc7fe55dfa3ebfb79466f255401b821391667971_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:495cfc1e0b1112d6d534baacda0d5591b67af1123b7099a65514365226b8874d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:b5ef707dee8e0098612e5117b8e5baaebb959c75a0416624d727dd44106c401b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:c89915b32d7812867b049c754480667c6218738d81fceb7012a615928508d62d_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1018"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:04a0309f1ea64b27a03d51ed435e3ba03b9b1c00f92ef1d136db7873be49bf6c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:42bcfb29916b6c0ed25625841c9dd483b1a36cd978c6815a2969a794417474b0_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:5cd9912e51ffea57bad97d8d725cd6210c0ba43d41d6a11c67b03d7e8807a1b4_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:c1061a246650fe9735d3c5b439fb81e859e5badcd69c4ea241204287e14ec802_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:309b422848a3c58a2f6716b2ae7891fae31a2bee824dddf2206d3ee4d9c0e3be_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:38252c3097bc6ac5971aff8ca9c9280a5569b8824a96034cddeff4a2feed9354_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:8a07b1dcc21b99093a21936da2959f4ff9dbe9b2a138609594ec1cbfab06d096_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a922ecfd9f8d0cbc42897871235789c5f60dfeef43487697152acd492da2ba52_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:221e413f5a21ae4a8eb3a92c88a0f901980fb022f43c5c9dd0b618cb8d94f12f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:6dbc097f05deedeb5a1242bcbbbd71a32f7280e60d65ba0773b36f83b98bcd31_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:752863bfda3f6021ffbb356696049b7983dec9556da06f2c5e653fa9244a2b25_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:95db3bb5baeea65a0304c1701ae7f84b9431fc1f13f7c18085abc82d5a7eace1_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0afd39c2275c46025cee7518d62cc3a26441758f9315e864d25f8b78a5e464f4_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1f93ea9508e4f1a9c54158d8fa6a0dc7babb65fcbd606c3474fd953fc80e95c9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:7bec6ba526ade9f626672e69d9b4a22df5a4d5d6b65a3d7fd681055968e85db8_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f5b3f576f18c0687c5cb757d8c7420ca883033975b906cd2c6fabace582a7fdd_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:19ee8d67235801b83af21c52b92b0855e34f959700eb400d2db455a50b91f512_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2946fd417176936f3339cbbb3597d45f586357e68810d8449e716fb827f5debb_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:8019ec0d2ecc069941d771369cd072c656532aa7bff4a15ba0f62e4d0545992e_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:80f845196a254e186385aa8c0217bfd857a1832357bc309875b6b82a835eadee_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:54cf6dad43d830b530b6554c25f24b23be3bb51fc9436b20fc4c75fa03665b84_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:81f57cf09f298ba6436d9f3236d53210de456b8b1e54b565788b15b7a9d48411_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:cf87bc59b51519af1fb349291dc6e0e346c22db132ab8ed2b0efd49e2a1f9775_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:f626986471cf481e3101377242474d3904439fa12ed45b9dd49cb1d369390c65_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:072fc7738b1bd7fdfacc99eafc7fe55dfa3ebfb79466f255401b821391667971_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:495cfc1e0b1112d6d534baacda0d5591b67af1123b7099a65514365226b8874d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:b5ef707dee8e0098612e5117b8e5baaebb959c75a0416624d727dd44106c401b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:c89915b32d7812867b049c754480667c6218738d81fceb7012a615928508d62d_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:710f6fe3896177cae0d900643b7147d11410e5e58ee012e139fbeee308ee297b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:1fdc8378e3f67e274146571a566c49a99069964e167e7915fa078d508cedf388_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:4a9f42b315becd846787de8798c2bb85d3a2bf607dacd85a18976fa16c00302d_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:bc068cd4d0d2a6c9bae530b3343cfc31ff19e109b70021ef260bb87548a9c1b9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:c8cca109f73568bd4331ecab567ba39a5d016bfd249bc6e62c79eb903df7f77d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:809292e8911468c8b463736793bc42adb6e9d886d7a3a3452706668091f22b20_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:c8c274929641a8ddcbd8045daee04d1cc4f361acd4e9891b43718acef88ea842_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:d12e12f7aa0f40272033174000422448695ccaa5f5331624144be0506e3f2475_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:e7a5ca5641b9c72d42b39b087a9277183a2767e326914ea0441ce5904a77b44f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:3a7697e1f5e899b15e86d98c813857a5513055dbb8202f082ebcd1c1e91e7e2c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:8d10a7ccbb3ef67f3f5ad3f4dd77927a6ab15b7bdb78cf821ee764f967adcdc2_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:dab0ffcf048536d127483cce2042665a687086d72ce420ecca6dba3e3787f339_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:e76acb4eff779bd17f575e3535cf8be658205fe1e7bc14c67a4f26110c4f8c5f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:04a0309f1ea64b27a03d51ed435e3ba03b9b1c00f92ef1d136db7873be49bf6c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:42bcfb29916b6c0ed25625841c9dd483b1a36cd978c6815a2969a794417474b0_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:5cd9912e51ffea57bad97d8d725cd6210c0ba43d41d6a11c67b03d7e8807a1b4_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:c1061a246650fe9735d3c5b439fb81e859e5badcd69c4ea241204287e14ec802_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:309b422848a3c58a2f6716b2ae7891fae31a2bee824dddf2206d3ee4d9c0e3be_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:38252c3097bc6ac5971aff8ca9c9280a5569b8824a96034cddeff4a2feed9354_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:8a07b1dcc21b99093a21936da2959f4ff9dbe9b2a138609594ec1cbfab06d096_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a922ecfd9f8d0cbc42897871235789c5f60dfeef43487697152acd492da2ba52_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:221e413f5a21ae4a8eb3a92c88a0f901980fb022f43c5c9dd0b618cb8d94f12f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:6dbc097f05deedeb5a1242bcbbbd71a32f7280e60d65ba0773b36f83b98bcd31_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:752863bfda3f6021ffbb356696049b7983dec9556da06f2c5e653fa9244a2b25_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:95db3bb5baeea65a0304c1701ae7f84b9431fc1f13f7c18085abc82d5a7eace1_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0afd39c2275c46025cee7518d62cc3a26441758f9315e864d25f8b78a5e464f4_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1f93ea9508e4f1a9c54158d8fa6a0dc7babb65fcbd606c3474fd953fc80e95c9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:7bec6ba526ade9f626672e69d9b4a22df5a4d5d6b65a3d7fd681055968e85db8_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f5b3f576f18c0687c5cb757d8c7420ca883033975b906cd2c6fabace582a7fdd_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:19ee8d67235801b83af21c52b92b0855e34f959700eb400d2db455a50b91f512_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2946fd417176936f3339cbbb3597d45f586357e68810d8449e716fb827f5debb_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:8019ec0d2ecc069941d771369cd072c656532aa7bff4a15ba0f62e4d0545992e_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:80f845196a254e186385aa8c0217bfd857a1832357bc309875b6b82a835eadee_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:54cf6dad43d830b530b6554c25f24b23be3bb51fc9436b20fc4c75fa03665b84_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:81f57cf09f298ba6436d9f3236d53210de456b8b1e54b565788b15b7a9d48411_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:cf87bc59b51519af1fb349291dc6e0e346c22db132ab8ed2b0efd49e2a1f9775_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:f626986471cf481e3101377242474d3904439fa12ed45b9dd49cb1d369390c65_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:072fc7738b1bd7fdfacc99eafc7fe55dfa3ebfb79466f255401b821391667971_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:495cfc1e0b1112d6d534baacda0d5591b67af1123b7099a65514365226b8874d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:b5ef707dee8e0098612e5117b8e5baaebb959c75a0416624d727dd44106c401b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:c89915b32d7812867b049c754480667c6218738d81fceb7012a615928508d62d_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:710f6fe3896177cae0d900643b7147d11410e5e58ee012e139fbeee308ee297b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:1fdc8378e3f67e274146571a566c49a99069964e167e7915fa078d508cedf388_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:4a9f42b315becd846787de8798c2bb85d3a2bf607dacd85a18976fa16c00302d_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:bc068cd4d0d2a6c9bae530b3343cfc31ff19e109b70021ef260bb87548a9c1b9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:c8cca109f73568bd4331ecab567ba39a5d016bfd249bc6e62c79eb903df7f77d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:809292e8911468c8b463736793bc42adb6e9d886d7a3a3452706668091f22b20_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:c8c274929641a8ddcbd8045daee04d1cc4f361acd4e9891b43718acef88ea842_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:d12e12f7aa0f40272033174000422448695ccaa5f5331624144be0506e3f2475_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:e7a5ca5641b9c72d42b39b087a9277183a2767e326914ea0441ce5904a77b44f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:3a7697e1f5e899b15e86d98c813857a5513055dbb8202f082ebcd1c1e91e7e2c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:8d10a7ccbb3ef67f3f5ad3f4dd77927a6ab15b7bdb78cf821ee764f967adcdc2_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:dab0ffcf048536d127483cce2042665a687086d72ce420ecca6dba3e3787f339_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:e76acb4eff779bd17f575e3535cf8be658205fe1e7bc14c67a4f26110c4f8c5f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
},
{
"cve": "CVE-2025-58754",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-12T02:00:53.897605+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:04a0309f1ea64b27a03d51ed435e3ba03b9b1c00f92ef1d136db7873be49bf6c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:42bcfb29916b6c0ed25625841c9dd483b1a36cd978c6815a2969a794417474b0_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:5cd9912e51ffea57bad97d8d725cd6210c0ba43d41d6a11c67b03d7e8807a1b4_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:c1061a246650fe9735d3c5b439fb81e859e5badcd69c4ea241204287e14ec802_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:309b422848a3c58a2f6716b2ae7891fae31a2bee824dddf2206d3ee4d9c0e3be_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:38252c3097bc6ac5971aff8ca9c9280a5569b8824a96034cddeff4a2feed9354_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:8a07b1dcc21b99093a21936da2959f4ff9dbe9b2a138609594ec1cbfab06d096_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a922ecfd9f8d0cbc42897871235789c5f60dfeef43487697152acd492da2ba52_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0afd39c2275c46025cee7518d62cc3a26441758f9315e864d25f8b78a5e464f4_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1f93ea9508e4f1a9c54158d8fa6a0dc7babb65fcbd606c3474fd953fc80e95c9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:7bec6ba526ade9f626672e69d9b4a22df5a4d5d6b65a3d7fd681055968e85db8_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f5b3f576f18c0687c5cb757d8c7420ca883033975b906cd2c6fabace582a7fdd_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:19ee8d67235801b83af21c52b92b0855e34f959700eb400d2db455a50b91f512_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2946fd417176936f3339cbbb3597d45f586357e68810d8449e716fb827f5debb_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:8019ec0d2ecc069941d771369cd072c656532aa7bff4a15ba0f62e4d0545992e_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:80f845196a254e186385aa8c0217bfd857a1832357bc309875b6b82a835eadee_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:54cf6dad43d830b530b6554c25f24b23be3bb51fc9436b20fc4c75fa03665b84_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:81f57cf09f298ba6436d9f3236d53210de456b8b1e54b565788b15b7a9d48411_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:cf87bc59b51519af1fb349291dc6e0e346c22db132ab8ed2b0efd49e2a1f9775_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:f626986471cf481e3101377242474d3904439fa12ed45b9dd49cb1d369390c65_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:072fc7738b1bd7fdfacc99eafc7fe55dfa3ebfb79466f255401b821391667971_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:495cfc1e0b1112d6d534baacda0d5591b67af1123b7099a65514365226b8874d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:b5ef707dee8e0098612e5117b8e5baaebb959c75a0416624d727dd44106c401b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:c89915b32d7812867b049c754480667c6218738d81fceb7012a615928508d62d_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:710f6fe3896177cae0d900643b7147d11410e5e58ee012e139fbeee308ee297b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:1fdc8378e3f67e274146571a566c49a99069964e167e7915fa078d508cedf388_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:4a9f42b315becd846787de8798c2bb85d3a2bf607dacd85a18976fa16c00302d_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:bc068cd4d0d2a6c9bae530b3343cfc31ff19e109b70021ef260bb87548a9c1b9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:c8cca109f73568bd4331ecab567ba39a5d016bfd249bc6e62c79eb903df7f77d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:809292e8911468c8b463736793bc42adb6e9d886d7a3a3452706668091f22b20_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:c8c274929641a8ddcbd8045daee04d1cc4f361acd4e9891b43718acef88ea842_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:d12e12f7aa0f40272033174000422448695ccaa5f5331624144be0506e3f2475_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:e7a5ca5641b9c72d42b39b087a9277183a2767e326914ea0441ce5904a77b44f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:3a7697e1f5e899b15e86d98c813857a5513055dbb8202f082ebcd1c1e91e7e2c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:8d10a7ccbb3ef67f3f5ad3f4dd77927a6ab15b7bdb78cf821ee764f967adcdc2_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:dab0ffcf048536d127483cce2042665a687086d72ce420ecca6dba3e3787f339_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:e76acb4eff779bd17f575e3535cf8be658205fe1e7bc14c67a4f26110c4f8c5f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2394735"
}
],
"notes": [
{
"category": "description",
"text": "Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response. This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested `responseType: \u0027stream\u0027`. Versions 0.30.2 and 1.12.0 contain a patch for the issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios DoS via lack of data size check",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Availability impact is limited to the application which bundles axios and not the host Red Hat system.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:221e413f5a21ae4a8eb3a92c88a0f901980fb022f43c5c9dd0b618cb8d94f12f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:6dbc097f05deedeb5a1242bcbbbd71a32f7280e60d65ba0773b36f83b98bcd31_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:752863bfda3f6021ffbb356696049b7983dec9556da06f2c5e653fa9244a2b25_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:95db3bb5baeea65a0304c1701ae7f84b9431fc1f13f7c18085abc82d5a7eace1_amd64"
],
"known_not_affected": [
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:04a0309f1ea64b27a03d51ed435e3ba03b9b1c00f92ef1d136db7873be49bf6c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:42bcfb29916b6c0ed25625841c9dd483b1a36cd978c6815a2969a794417474b0_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:5cd9912e51ffea57bad97d8d725cd6210c0ba43d41d6a11c67b03d7e8807a1b4_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:c1061a246650fe9735d3c5b439fb81e859e5badcd69c4ea241204287e14ec802_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:309b422848a3c58a2f6716b2ae7891fae31a2bee824dddf2206d3ee4d9c0e3be_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:38252c3097bc6ac5971aff8ca9c9280a5569b8824a96034cddeff4a2feed9354_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:8a07b1dcc21b99093a21936da2959f4ff9dbe9b2a138609594ec1cbfab06d096_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a922ecfd9f8d0cbc42897871235789c5f60dfeef43487697152acd492da2ba52_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0afd39c2275c46025cee7518d62cc3a26441758f9315e864d25f8b78a5e464f4_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1f93ea9508e4f1a9c54158d8fa6a0dc7babb65fcbd606c3474fd953fc80e95c9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:7bec6ba526ade9f626672e69d9b4a22df5a4d5d6b65a3d7fd681055968e85db8_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f5b3f576f18c0687c5cb757d8c7420ca883033975b906cd2c6fabace582a7fdd_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:19ee8d67235801b83af21c52b92b0855e34f959700eb400d2db455a50b91f512_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2946fd417176936f3339cbbb3597d45f586357e68810d8449e716fb827f5debb_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:8019ec0d2ecc069941d771369cd072c656532aa7bff4a15ba0f62e4d0545992e_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:80f845196a254e186385aa8c0217bfd857a1832357bc309875b6b82a835eadee_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:54cf6dad43d830b530b6554c25f24b23be3bb51fc9436b20fc4c75fa03665b84_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:81f57cf09f298ba6436d9f3236d53210de456b8b1e54b565788b15b7a9d48411_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:cf87bc59b51519af1fb349291dc6e0e346c22db132ab8ed2b0efd49e2a1f9775_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:f626986471cf481e3101377242474d3904439fa12ed45b9dd49cb1d369390c65_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:072fc7738b1bd7fdfacc99eafc7fe55dfa3ebfb79466f255401b821391667971_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:495cfc1e0b1112d6d534baacda0d5591b67af1123b7099a65514365226b8874d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:b5ef707dee8e0098612e5117b8e5baaebb959c75a0416624d727dd44106c401b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:c89915b32d7812867b049c754480667c6218738d81fceb7012a615928508d62d_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:710f6fe3896177cae0d900643b7147d11410e5e58ee012e139fbeee308ee297b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:1fdc8378e3f67e274146571a566c49a99069964e167e7915fa078d508cedf388_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:4a9f42b315becd846787de8798c2bb85d3a2bf607dacd85a18976fa16c00302d_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:bc068cd4d0d2a6c9bae530b3343cfc31ff19e109b70021ef260bb87548a9c1b9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:c8cca109f73568bd4331ecab567ba39a5d016bfd249bc6e62c79eb903df7f77d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:809292e8911468c8b463736793bc42adb6e9d886d7a3a3452706668091f22b20_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:c8c274929641a8ddcbd8045daee04d1cc4f361acd4e9891b43718acef88ea842_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:d12e12f7aa0f40272033174000422448695ccaa5f5331624144be0506e3f2475_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:e7a5ca5641b9c72d42b39b087a9277183a2767e326914ea0441ce5904a77b44f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:3a7697e1f5e899b15e86d98c813857a5513055dbb8202f082ebcd1c1e91e7e2c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:8d10a7ccbb3ef67f3f5ad3f4dd77927a6ab15b7bdb78cf821ee764f967adcdc2_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:dab0ffcf048536d127483cce2042665a687086d72ce420ecca6dba3e3787f339_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:e76acb4eff779bd17f575e3535cf8be658205fe1e7bc14c67a4f26110c4f8c5f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58754"
},
{
"category": "external",
"summary": "RHBZ#2394735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58754",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58754"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593",
"url": "https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/pull/7011",
"url": "https://github.com/axios/axios/pull/7011"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.12.0",
"url": "https://github.com/axios/axios/releases/tag/v1.12.0"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj",
"url": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj"
}
],
"release_date": "2025-09-12T01:16:40.513000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T15:52:24+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:221e413f5a21ae4a8eb3a92c88a0f901980fb022f43c5c9dd0b618cb8d94f12f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:6dbc097f05deedeb5a1242bcbbbd71a32f7280e60d65ba0773b36f83b98bcd31_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:752863bfda3f6021ffbb356696049b7983dec9556da06f2c5e653fa9244a2b25_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:95db3bb5baeea65a0304c1701ae7f84b9431fc1f13f7c18085abc82d5a7eace1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1018"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:04a0309f1ea64b27a03d51ed435e3ba03b9b1c00f92ef1d136db7873be49bf6c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:42bcfb29916b6c0ed25625841c9dd483b1a36cd978c6815a2969a794417474b0_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:5cd9912e51ffea57bad97d8d725cd6210c0ba43d41d6a11c67b03d7e8807a1b4_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:c1061a246650fe9735d3c5b439fb81e859e5badcd69c4ea241204287e14ec802_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:309b422848a3c58a2f6716b2ae7891fae31a2bee824dddf2206d3ee4d9c0e3be_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:38252c3097bc6ac5971aff8ca9c9280a5569b8824a96034cddeff4a2feed9354_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:8a07b1dcc21b99093a21936da2959f4ff9dbe9b2a138609594ec1cbfab06d096_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a922ecfd9f8d0cbc42897871235789c5f60dfeef43487697152acd492da2ba52_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:221e413f5a21ae4a8eb3a92c88a0f901980fb022f43c5c9dd0b618cb8d94f12f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:6dbc097f05deedeb5a1242bcbbbd71a32f7280e60d65ba0773b36f83b98bcd31_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:752863bfda3f6021ffbb356696049b7983dec9556da06f2c5e653fa9244a2b25_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:95db3bb5baeea65a0304c1701ae7f84b9431fc1f13f7c18085abc82d5a7eace1_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0afd39c2275c46025cee7518d62cc3a26441758f9315e864d25f8b78a5e464f4_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1f93ea9508e4f1a9c54158d8fa6a0dc7babb65fcbd606c3474fd953fc80e95c9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:7bec6ba526ade9f626672e69d9b4a22df5a4d5d6b65a3d7fd681055968e85db8_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f5b3f576f18c0687c5cb757d8c7420ca883033975b906cd2c6fabace582a7fdd_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:19ee8d67235801b83af21c52b92b0855e34f959700eb400d2db455a50b91f512_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2946fd417176936f3339cbbb3597d45f586357e68810d8449e716fb827f5debb_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:8019ec0d2ecc069941d771369cd072c656532aa7bff4a15ba0f62e4d0545992e_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:80f845196a254e186385aa8c0217bfd857a1832357bc309875b6b82a835eadee_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:54cf6dad43d830b530b6554c25f24b23be3bb51fc9436b20fc4c75fa03665b84_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:81f57cf09f298ba6436d9f3236d53210de456b8b1e54b565788b15b7a9d48411_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:cf87bc59b51519af1fb349291dc6e0e346c22db132ab8ed2b0efd49e2a1f9775_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:f626986471cf481e3101377242474d3904439fa12ed45b9dd49cb1d369390c65_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:072fc7738b1bd7fdfacc99eafc7fe55dfa3ebfb79466f255401b821391667971_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:495cfc1e0b1112d6d534baacda0d5591b67af1123b7099a65514365226b8874d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:b5ef707dee8e0098612e5117b8e5baaebb959c75a0416624d727dd44106c401b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:c89915b32d7812867b049c754480667c6218738d81fceb7012a615928508d62d_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:710f6fe3896177cae0d900643b7147d11410e5e58ee012e139fbeee308ee297b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:1fdc8378e3f67e274146571a566c49a99069964e167e7915fa078d508cedf388_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:4a9f42b315becd846787de8798c2bb85d3a2bf607dacd85a18976fa16c00302d_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:bc068cd4d0d2a6c9bae530b3343cfc31ff19e109b70021ef260bb87548a9c1b9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:c8cca109f73568bd4331ecab567ba39a5d016bfd249bc6e62c79eb903df7f77d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:809292e8911468c8b463736793bc42adb6e9d886d7a3a3452706668091f22b20_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:c8c274929641a8ddcbd8045daee04d1cc4f361acd4e9891b43718acef88ea842_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:d12e12f7aa0f40272033174000422448695ccaa5f5331624144be0506e3f2475_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:e7a5ca5641b9c72d42b39b087a9277183a2767e326914ea0441ce5904a77b44f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:3a7697e1f5e899b15e86d98c813857a5513055dbb8202f082ebcd1c1e91e7e2c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:8d10a7ccbb3ef67f3f5ad3f4dd77927a6ab15b7bdb78cf821ee764f967adcdc2_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:dab0ffcf048536d127483cce2042665a687086d72ce420ecca6dba3e3787f339_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:e76acb4eff779bd17f575e3535cf8be658205fe1e7bc14c67a4f26110c4f8c5f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:04a0309f1ea64b27a03d51ed435e3ba03b9b1c00f92ef1d136db7873be49bf6c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:42bcfb29916b6c0ed25625841c9dd483b1a36cd978c6815a2969a794417474b0_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:5cd9912e51ffea57bad97d8d725cd6210c0ba43d41d6a11c67b03d7e8807a1b4_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:c1061a246650fe9735d3c5b439fb81e859e5badcd69c4ea241204287e14ec802_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:309b422848a3c58a2f6716b2ae7891fae31a2bee824dddf2206d3ee4d9c0e3be_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:38252c3097bc6ac5971aff8ca9c9280a5569b8824a96034cddeff4a2feed9354_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:8a07b1dcc21b99093a21936da2959f4ff9dbe9b2a138609594ec1cbfab06d096_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a922ecfd9f8d0cbc42897871235789c5f60dfeef43487697152acd492da2ba52_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:221e413f5a21ae4a8eb3a92c88a0f901980fb022f43c5c9dd0b618cb8d94f12f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:6dbc097f05deedeb5a1242bcbbbd71a32f7280e60d65ba0773b36f83b98bcd31_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:752863bfda3f6021ffbb356696049b7983dec9556da06f2c5e653fa9244a2b25_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:95db3bb5baeea65a0304c1701ae7f84b9431fc1f13f7c18085abc82d5a7eace1_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0afd39c2275c46025cee7518d62cc3a26441758f9315e864d25f8b78a5e464f4_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1f93ea9508e4f1a9c54158d8fa6a0dc7babb65fcbd606c3474fd953fc80e95c9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:7bec6ba526ade9f626672e69d9b4a22df5a4d5d6b65a3d7fd681055968e85db8_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f5b3f576f18c0687c5cb757d8c7420ca883033975b906cd2c6fabace582a7fdd_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:19ee8d67235801b83af21c52b92b0855e34f959700eb400d2db455a50b91f512_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2946fd417176936f3339cbbb3597d45f586357e68810d8449e716fb827f5debb_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:8019ec0d2ecc069941d771369cd072c656532aa7bff4a15ba0f62e4d0545992e_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:80f845196a254e186385aa8c0217bfd857a1832357bc309875b6b82a835eadee_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:54cf6dad43d830b530b6554c25f24b23be3bb51fc9436b20fc4c75fa03665b84_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:81f57cf09f298ba6436d9f3236d53210de456b8b1e54b565788b15b7a9d48411_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:cf87bc59b51519af1fb349291dc6e0e346c22db132ab8ed2b0efd49e2a1f9775_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:f626986471cf481e3101377242474d3904439fa12ed45b9dd49cb1d369390c65_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:072fc7738b1bd7fdfacc99eafc7fe55dfa3ebfb79466f255401b821391667971_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:495cfc1e0b1112d6d534baacda0d5591b67af1123b7099a65514365226b8874d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:b5ef707dee8e0098612e5117b8e5baaebb959c75a0416624d727dd44106c401b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:c89915b32d7812867b049c754480667c6218738d81fceb7012a615928508d62d_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:710f6fe3896177cae0d900643b7147d11410e5e58ee012e139fbeee308ee297b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:1fdc8378e3f67e274146571a566c49a99069964e167e7915fa078d508cedf388_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:4a9f42b315becd846787de8798c2bb85d3a2bf607dacd85a18976fa16c00302d_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:bc068cd4d0d2a6c9bae530b3343cfc31ff19e109b70021ef260bb87548a9c1b9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:c8cca109f73568bd4331ecab567ba39a5d016bfd249bc6e62c79eb903df7f77d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:809292e8911468c8b463736793bc42adb6e9d886d7a3a3452706668091f22b20_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:c8c274929641a8ddcbd8045daee04d1cc4f361acd4e9891b43718acef88ea842_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:d12e12f7aa0f40272033174000422448695ccaa5f5331624144be0506e3f2475_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:e7a5ca5641b9c72d42b39b087a9277183a2767e326914ea0441ce5904a77b44f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:3a7697e1f5e899b15e86d98c813857a5513055dbb8202f082ebcd1c1e91e7e2c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:8d10a7ccbb3ef67f3f5ad3f4dd77927a6ab15b7bdb78cf821ee764f967adcdc2_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:dab0ffcf048536d127483cce2042665a687086d72ce420ecca6dba3e3787f339_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:e76acb4eff779bd17f575e3535cf8be658205fe1e7bc14c67a4f26110c4f8c5f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: Axios DoS via lack of data size check"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:04a0309f1ea64b27a03d51ed435e3ba03b9b1c00f92ef1d136db7873be49bf6c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:42bcfb29916b6c0ed25625841c9dd483b1a36cd978c6815a2969a794417474b0_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:5cd9912e51ffea57bad97d8d725cd6210c0ba43d41d6a11c67b03d7e8807a1b4_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:c1061a246650fe9735d3c5b439fb81e859e5badcd69c4ea241204287e14ec802_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:309b422848a3c58a2f6716b2ae7891fae31a2bee824dddf2206d3ee4d9c0e3be_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:38252c3097bc6ac5971aff8ca9c9280a5569b8824a96034cddeff4a2feed9354_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:8a07b1dcc21b99093a21936da2959f4ff9dbe9b2a138609594ec1cbfab06d096_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a922ecfd9f8d0cbc42897871235789c5f60dfeef43487697152acd492da2ba52_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:221e413f5a21ae4a8eb3a92c88a0f901980fb022f43c5c9dd0b618cb8d94f12f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:6dbc097f05deedeb5a1242bcbbbd71a32f7280e60d65ba0773b36f83b98bcd31_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:752863bfda3f6021ffbb356696049b7983dec9556da06f2c5e653fa9244a2b25_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:95db3bb5baeea65a0304c1701ae7f84b9431fc1f13f7c18085abc82d5a7eace1_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:54cf6dad43d830b530b6554c25f24b23be3bb51fc9436b20fc4c75fa03665b84_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:81f57cf09f298ba6436d9f3236d53210de456b8b1e54b565788b15b7a9d48411_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:cf87bc59b51519af1fb349291dc6e0e346c22db132ab8ed2b0efd49e2a1f9775_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:f626986471cf481e3101377242474d3904439fa12ed45b9dd49cb1d369390c65_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:710f6fe3896177cae0d900643b7147d11410e5e58ee012e139fbeee308ee297b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:3a7697e1f5e899b15e86d98c813857a5513055dbb8202f082ebcd1c1e91e7e2c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:8d10a7ccbb3ef67f3f5ad3f4dd77927a6ab15b7bdb78cf821ee764f967adcdc2_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:dab0ffcf048536d127483cce2042665a687086d72ce420ecca6dba3e3787f339_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:e76acb4eff779bd17f575e3535cf8be658205fe1e7bc14c67a4f26110c4f8c5f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0afd39c2275c46025cee7518d62cc3a26441758f9315e864d25f8b78a5e464f4_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1f93ea9508e4f1a9c54158d8fa6a0dc7babb65fcbd606c3474fd953fc80e95c9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:7bec6ba526ade9f626672e69d9b4a22df5a4d5d6b65a3d7fd681055968e85db8_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f5b3f576f18c0687c5cb757d8c7420ca883033975b906cd2c6fabace582a7fdd_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:19ee8d67235801b83af21c52b92b0855e34f959700eb400d2db455a50b91f512_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2946fd417176936f3339cbbb3597d45f586357e68810d8449e716fb827f5debb_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:8019ec0d2ecc069941d771369cd072c656532aa7bff4a15ba0f62e4d0545992e_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:80f845196a254e186385aa8c0217bfd857a1832357bc309875b6b82a835eadee_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:072fc7738b1bd7fdfacc99eafc7fe55dfa3ebfb79466f255401b821391667971_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:495cfc1e0b1112d6d534baacda0d5591b67af1123b7099a65514365226b8874d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:b5ef707dee8e0098612e5117b8e5baaebb959c75a0416624d727dd44106c401b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:c89915b32d7812867b049c754480667c6218738d81fceb7012a615928508d62d_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:1fdc8378e3f67e274146571a566c49a99069964e167e7915fa078d508cedf388_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:4a9f42b315becd846787de8798c2bb85d3a2bf607dacd85a18976fa16c00302d_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:bc068cd4d0d2a6c9bae530b3343cfc31ff19e109b70021ef260bb87548a9c1b9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:c8cca109f73568bd4331ecab567ba39a5d016bfd249bc6e62c79eb903df7f77d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:809292e8911468c8b463736793bc42adb6e9d886d7a3a3452706668091f22b20_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:c8c274929641a8ddcbd8045daee04d1cc4f361acd4e9891b43718acef88ea842_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:d12e12f7aa0f40272033174000422448695ccaa5f5331624144be0506e3f2475_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:e7a5ca5641b9c72d42b39b087a9277183a2767e326914ea0441ce5904a77b44f_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:04a0309f1ea64b27a03d51ed435e3ba03b9b1c00f92ef1d136db7873be49bf6c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:42bcfb29916b6c0ed25625841c9dd483b1a36cd978c6815a2969a794417474b0_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:5cd9912e51ffea57bad97d8d725cd6210c0ba43d41d6a11c67b03d7e8807a1b4_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:c1061a246650fe9735d3c5b439fb81e859e5badcd69c4ea241204287e14ec802_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:309b422848a3c58a2f6716b2ae7891fae31a2bee824dddf2206d3ee4d9c0e3be_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:38252c3097bc6ac5971aff8ca9c9280a5569b8824a96034cddeff4a2feed9354_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:8a07b1dcc21b99093a21936da2959f4ff9dbe9b2a138609594ec1cbfab06d096_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a922ecfd9f8d0cbc42897871235789c5f60dfeef43487697152acd492da2ba52_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:221e413f5a21ae4a8eb3a92c88a0f901980fb022f43c5c9dd0b618cb8d94f12f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:6dbc097f05deedeb5a1242bcbbbd71a32f7280e60d65ba0773b36f83b98bcd31_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:752863bfda3f6021ffbb356696049b7983dec9556da06f2c5e653fa9244a2b25_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:95db3bb5baeea65a0304c1701ae7f84b9431fc1f13f7c18085abc82d5a7eace1_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:54cf6dad43d830b530b6554c25f24b23be3bb51fc9436b20fc4c75fa03665b84_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:81f57cf09f298ba6436d9f3236d53210de456b8b1e54b565788b15b7a9d48411_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:cf87bc59b51519af1fb349291dc6e0e346c22db132ab8ed2b0efd49e2a1f9775_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:f626986471cf481e3101377242474d3904439fa12ed45b9dd49cb1d369390c65_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:710f6fe3896177cae0d900643b7147d11410e5e58ee012e139fbeee308ee297b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:3a7697e1f5e899b15e86d98c813857a5513055dbb8202f082ebcd1c1e91e7e2c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:8d10a7ccbb3ef67f3f5ad3f4dd77927a6ab15b7bdb78cf821ee764f967adcdc2_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:dab0ffcf048536d127483cce2042665a687086d72ce420ecca6dba3e3787f339_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:e76acb4eff779bd17f575e3535cf8be658205fe1e7bc14c67a4f26110c4f8c5f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T15:52:24+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0afd39c2275c46025cee7518d62cc3a26441758f9315e864d25f8b78a5e464f4_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1f93ea9508e4f1a9c54158d8fa6a0dc7babb65fcbd606c3474fd953fc80e95c9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:7bec6ba526ade9f626672e69d9b4a22df5a4d5d6b65a3d7fd681055968e85db8_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f5b3f576f18c0687c5cb757d8c7420ca883033975b906cd2c6fabace582a7fdd_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:19ee8d67235801b83af21c52b92b0855e34f959700eb400d2db455a50b91f512_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2946fd417176936f3339cbbb3597d45f586357e68810d8449e716fb827f5debb_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:8019ec0d2ecc069941d771369cd072c656532aa7bff4a15ba0f62e4d0545992e_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:80f845196a254e186385aa8c0217bfd857a1832357bc309875b6b82a835eadee_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:072fc7738b1bd7fdfacc99eafc7fe55dfa3ebfb79466f255401b821391667971_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:495cfc1e0b1112d6d534baacda0d5591b67af1123b7099a65514365226b8874d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:b5ef707dee8e0098612e5117b8e5baaebb959c75a0416624d727dd44106c401b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:c89915b32d7812867b049c754480667c6218738d81fceb7012a615928508d62d_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:1fdc8378e3f67e274146571a566c49a99069964e167e7915fa078d508cedf388_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:4a9f42b315becd846787de8798c2bb85d3a2bf607dacd85a18976fa16c00302d_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:bc068cd4d0d2a6c9bae530b3343cfc31ff19e109b70021ef260bb87548a9c1b9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:c8cca109f73568bd4331ecab567ba39a5d016bfd249bc6e62c79eb903df7f77d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:809292e8911468c8b463736793bc42adb6e9d886d7a3a3452706668091f22b20_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:c8c274929641a8ddcbd8045daee04d1cc4f361acd4e9891b43718acef88ea842_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:d12e12f7aa0f40272033174000422448695ccaa5f5331624144be0506e3f2475_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:e7a5ca5641b9c72d42b39b087a9277183a2767e326914ea0441ce5904a77b44f_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1018"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:04a0309f1ea64b27a03d51ed435e3ba03b9b1c00f92ef1d136db7873be49bf6c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:42bcfb29916b6c0ed25625841c9dd483b1a36cd978c6815a2969a794417474b0_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:5cd9912e51ffea57bad97d8d725cd6210c0ba43d41d6a11c67b03d7e8807a1b4_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:c1061a246650fe9735d3c5b439fb81e859e5badcd69c4ea241204287e14ec802_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:309b422848a3c58a2f6716b2ae7891fae31a2bee824dddf2206d3ee4d9c0e3be_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:38252c3097bc6ac5971aff8ca9c9280a5569b8824a96034cddeff4a2feed9354_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:8a07b1dcc21b99093a21936da2959f4ff9dbe9b2a138609594ec1cbfab06d096_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a922ecfd9f8d0cbc42897871235789c5f60dfeef43487697152acd492da2ba52_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:221e413f5a21ae4a8eb3a92c88a0f901980fb022f43c5c9dd0b618cb8d94f12f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:6dbc097f05deedeb5a1242bcbbbd71a32f7280e60d65ba0773b36f83b98bcd31_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:752863bfda3f6021ffbb356696049b7983dec9556da06f2c5e653fa9244a2b25_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:95db3bb5baeea65a0304c1701ae7f84b9431fc1f13f7c18085abc82d5a7eace1_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0afd39c2275c46025cee7518d62cc3a26441758f9315e864d25f8b78a5e464f4_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1f93ea9508e4f1a9c54158d8fa6a0dc7babb65fcbd606c3474fd953fc80e95c9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:7bec6ba526ade9f626672e69d9b4a22df5a4d5d6b65a3d7fd681055968e85db8_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f5b3f576f18c0687c5cb757d8c7420ca883033975b906cd2c6fabace582a7fdd_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:19ee8d67235801b83af21c52b92b0855e34f959700eb400d2db455a50b91f512_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2946fd417176936f3339cbbb3597d45f586357e68810d8449e716fb827f5debb_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:8019ec0d2ecc069941d771369cd072c656532aa7bff4a15ba0f62e4d0545992e_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:80f845196a254e186385aa8c0217bfd857a1832357bc309875b6b82a835eadee_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:54cf6dad43d830b530b6554c25f24b23be3bb51fc9436b20fc4c75fa03665b84_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:81f57cf09f298ba6436d9f3236d53210de456b8b1e54b565788b15b7a9d48411_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:cf87bc59b51519af1fb349291dc6e0e346c22db132ab8ed2b0efd49e2a1f9775_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:f626986471cf481e3101377242474d3904439fa12ed45b9dd49cb1d369390c65_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:072fc7738b1bd7fdfacc99eafc7fe55dfa3ebfb79466f255401b821391667971_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:495cfc1e0b1112d6d534baacda0d5591b67af1123b7099a65514365226b8874d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:b5ef707dee8e0098612e5117b8e5baaebb959c75a0416624d727dd44106c401b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:c89915b32d7812867b049c754480667c6218738d81fceb7012a615928508d62d_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:710f6fe3896177cae0d900643b7147d11410e5e58ee012e139fbeee308ee297b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:1fdc8378e3f67e274146571a566c49a99069964e167e7915fa078d508cedf388_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:4a9f42b315becd846787de8798c2bb85d3a2bf607dacd85a18976fa16c00302d_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:bc068cd4d0d2a6c9bae530b3343cfc31ff19e109b70021ef260bb87548a9c1b9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:c8cca109f73568bd4331ecab567ba39a5d016bfd249bc6e62c79eb903df7f77d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:809292e8911468c8b463736793bc42adb6e9d886d7a3a3452706668091f22b20_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:c8c274929641a8ddcbd8045daee04d1cc4f361acd4e9891b43718acef88ea842_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:d12e12f7aa0f40272033174000422448695ccaa5f5331624144be0506e3f2475_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:e7a5ca5641b9c72d42b39b087a9277183a2767e326914ea0441ce5904a77b44f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:3a7697e1f5e899b15e86d98c813857a5513055dbb8202f082ebcd1c1e91e7e2c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:8d10a7ccbb3ef67f3f5ad3f4dd77927a6ab15b7bdb78cf821ee764f967adcdc2_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:dab0ffcf048536d127483cce2042665a687086d72ce420ecca6dba3e3787f339_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:e76acb4eff779bd17f575e3535cf8be658205fe1e7bc14c67a4f26110c4f8c5f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68156",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-16T19:01:42.049157+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:04a0309f1ea64b27a03d51ed435e3ba03b9b1c00f92ef1d136db7873be49bf6c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:42bcfb29916b6c0ed25625841c9dd483b1a36cd978c6815a2969a794417474b0_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:5cd9912e51ffea57bad97d8d725cd6210c0ba43d41d6a11c67b03d7e8807a1b4_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:c1061a246650fe9735d3c5b439fb81e859e5badcd69c4ea241204287e14ec802_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:309b422848a3c58a2f6716b2ae7891fae31a2bee824dddf2206d3ee4d9c0e3be_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:38252c3097bc6ac5971aff8ca9c9280a5569b8824a96034cddeff4a2feed9354_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:8a07b1dcc21b99093a21936da2959f4ff9dbe9b2a138609594ec1cbfab06d096_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a922ecfd9f8d0cbc42897871235789c5f60dfeef43487697152acd492da2ba52_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:221e413f5a21ae4a8eb3a92c88a0f901980fb022f43c5c9dd0b618cb8d94f12f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:6dbc097f05deedeb5a1242bcbbbd71a32f7280e60d65ba0773b36f83b98bcd31_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:752863bfda3f6021ffbb356696049b7983dec9556da06f2c5e653fa9244a2b25_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:95db3bb5baeea65a0304c1701ae7f84b9431fc1f13f7c18085abc82d5a7eace1_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:54cf6dad43d830b530b6554c25f24b23be3bb51fc9436b20fc4c75fa03665b84_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:81f57cf09f298ba6436d9f3236d53210de456b8b1e54b565788b15b7a9d48411_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:cf87bc59b51519af1fb349291dc6e0e346c22db132ab8ed2b0efd49e2a1f9775_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:f626986471cf481e3101377242474d3904439fa12ed45b9dd49cb1d369390c65_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:072fc7738b1bd7fdfacc99eafc7fe55dfa3ebfb79466f255401b821391667971_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:495cfc1e0b1112d6d534baacda0d5591b67af1123b7099a65514365226b8874d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:b5ef707dee8e0098612e5117b8e5baaebb959c75a0416624d727dd44106c401b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:c89915b32d7812867b049c754480667c6218738d81fceb7012a615928508d62d_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:710f6fe3896177cae0d900643b7147d11410e5e58ee012e139fbeee308ee297b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:1fdc8378e3f67e274146571a566c49a99069964e167e7915fa078d508cedf388_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:4a9f42b315becd846787de8798c2bb85d3a2bf607dacd85a18976fa16c00302d_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:bc068cd4d0d2a6c9bae530b3343cfc31ff19e109b70021ef260bb87548a9c1b9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:c8cca109f73568bd4331ecab567ba39a5d016bfd249bc6e62c79eb903df7f77d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:809292e8911468c8b463736793bc42adb6e9d886d7a3a3452706668091f22b20_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:c8c274929641a8ddcbd8045daee04d1cc4f361acd4e9891b43718acef88ea842_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:d12e12f7aa0f40272033174000422448695ccaa5f5331624144be0506e3f2475_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:e7a5ca5641b9c72d42b39b087a9277183a2767e326914ea0441ce5904a77b44f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:3a7697e1f5e899b15e86d98c813857a5513055dbb8202f082ebcd1c1e91e7e2c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:8d10a7ccbb3ef67f3f5ad3f4dd77927a6ab15b7bdb78cf821ee764f967adcdc2_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:dab0ffcf048536d127483cce2042665a687086d72ce420ecca6dba3e3787f339_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:e76acb4eff779bd17f575e3535cf8be658205fe1e7bc14c67a4f26110c4f8c5f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2422891"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service (DoS) via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic and application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products utilizing the `Expr` Go library because it can lead to a denial-of-service. Exploitation requires an application to evaluate expressions against untrusted or insufficiently validated data structures containing deeply nested or cyclic references, which can cause a stack overflow and application crash. Products that do not process untrusted input with `Expr` are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0afd39c2275c46025cee7518d62cc3a26441758f9315e864d25f8b78a5e464f4_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1f93ea9508e4f1a9c54158d8fa6a0dc7babb65fcbd606c3474fd953fc80e95c9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:7bec6ba526ade9f626672e69d9b4a22df5a4d5d6b65a3d7fd681055968e85db8_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f5b3f576f18c0687c5cb757d8c7420ca883033975b906cd2c6fabace582a7fdd_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:19ee8d67235801b83af21c52b92b0855e34f959700eb400d2db455a50b91f512_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2946fd417176936f3339cbbb3597d45f586357e68810d8449e716fb827f5debb_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:8019ec0d2ecc069941d771369cd072c656532aa7bff4a15ba0f62e4d0545992e_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:80f845196a254e186385aa8c0217bfd857a1832357bc309875b6b82a835eadee_s390x"
],
"known_not_affected": [
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:04a0309f1ea64b27a03d51ed435e3ba03b9b1c00f92ef1d136db7873be49bf6c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:42bcfb29916b6c0ed25625841c9dd483b1a36cd978c6815a2969a794417474b0_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:5cd9912e51ffea57bad97d8d725cd6210c0ba43d41d6a11c67b03d7e8807a1b4_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:c1061a246650fe9735d3c5b439fb81e859e5badcd69c4ea241204287e14ec802_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:309b422848a3c58a2f6716b2ae7891fae31a2bee824dddf2206d3ee4d9c0e3be_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:38252c3097bc6ac5971aff8ca9c9280a5569b8824a96034cddeff4a2feed9354_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:8a07b1dcc21b99093a21936da2959f4ff9dbe9b2a138609594ec1cbfab06d096_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a922ecfd9f8d0cbc42897871235789c5f60dfeef43487697152acd492da2ba52_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:221e413f5a21ae4a8eb3a92c88a0f901980fb022f43c5c9dd0b618cb8d94f12f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:6dbc097f05deedeb5a1242bcbbbd71a32f7280e60d65ba0773b36f83b98bcd31_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:752863bfda3f6021ffbb356696049b7983dec9556da06f2c5e653fa9244a2b25_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:95db3bb5baeea65a0304c1701ae7f84b9431fc1f13f7c18085abc82d5a7eace1_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:54cf6dad43d830b530b6554c25f24b23be3bb51fc9436b20fc4c75fa03665b84_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:81f57cf09f298ba6436d9f3236d53210de456b8b1e54b565788b15b7a9d48411_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:cf87bc59b51519af1fb349291dc6e0e346c22db132ab8ed2b0efd49e2a1f9775_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:f626986471cf481e3101377242474d3904439fa12ed45b9dd49cb1d369390c65_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:072fc7738b1bd7fdfacc99eafc7fe55dfa3ebfb79466f255401b821391667971_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:495cfc1e0b1112d6d534baacda0d5591b67af1123b7099a65514365226b8874d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:b5ef707dee8e0098612e5117b8e5baaebb959c75a0416624d727dd44106c401b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:c89915b32d7812867b049c754480667c6218738d81fceb7012a615928508d62d_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:710f6fe3896177cae0d900643b7147d11410e5e58ee012e139fbeee308ee297b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:1fdc8378e3f67e274146571a566c49a99069964e167e7915fa078d508cedf388_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:4a9f42b315becd846787de8798c2bb85d3a2bf607dacd85a18976fa16c00302d_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:bc068cd4d0d2a6c9bae530b3343cfc31ff19e109b70021ef260bb87548a9c1b9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:c8cca109f73568bd4331ecab567ba39a5d016bfd249bc6e62c79eb903df7f77d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:809292e8911468c8b463736793bc42adb6e9d886d7a3a3452706668091f22b20_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:c8c274929641a8ddcbd8045daee04d1cc4f361acd4e9891b43718acef88ea842_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:d12e12f7aa0f40272033174000422448695ccaa5f5331624144be0506e3f2475_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:e7a5ca5641b9c72d42b39b087a9277183a2767e326914ea0441ce5904a77b44f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:3a7697e1f5e899b15e86d98c813857a5513055dbb8202f082ebcd1c1e91e7e2c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:8d10a7ccbb3ef67f3f5ad3f4dd77927a6ab15b7bdb78cf821ee764f967adcdc2_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:dab0ffcf048536d127483cce2042665a687086d72ce420ecca6dba3e3787f339_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:e76acb4eff779bd17f575e3535cf8be658205fe1e7bc14c67a4f26110c4f8c5f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68156"
},
{
"category": "external",
"summary": "RHBZ#2422891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422891"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68156",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68156"
},
{
"category": "external",
"summary": "https://github.com/expr-lang/expr/pull/870",
"url": "https://github.com/expr-lang/expr/pull/870"
},
{
"category": "external",
"summary": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6",
"url": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6"
}
],
"release_date": "2025-12-16T18:24:11.648000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T15:52:24+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0afd39c2275c46025cee7518d62cc3a26441758f9315e864d25f8b78a5e464f4_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1f93ea9508e4f1a9c54158d8fa6a0dc7babb65fcbd606c3474fd953fc80e95c9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:7bec6ba526ade9f626672e69d9b4a22df5a4d5d6b65a3d7fd681055968e85db8_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f5b3f576f18c0687c5cb757d8c7420ca883033975b906cd2c6fabace582a7fdd_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:19ee8d67235801b83af21c52b92b0855e34f959700eb400d2db455a50b91f512_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2946fd417176936f3339cbbb3597d45f586357e68810d8449e716fb827f5debb_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:8019ec0d2ecc069941d771369cd072c656532aa7bff4a15ba0f62e4d0545992e_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:80f845196a254e186385aa8c0217bfd857a1832357bc309875b6b82a835eadee_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1018"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications using the `Expr` library should ensure that evaluation environments do not contain cyclic references. Additionally, externally supplied data structures must be validated or sanitized before being passed to `Expr` for evaluation. As a last-resort defensive measure, expression evaluation can be wrapped with panic recovery to prevent a full process crash.",
"product_ids": [
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:04a0309f1ea64b27a03d51ed435e3ba03b9b1c00f92ef1d136db7873be49bf6c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:42bcfb29916b6c0ed25625841c9dd483b1a36cd978c6815a2969a794417474b0_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:5cd9912e51ffea57bad97d8d725cd6210c0ba43d41d6a11c67b03d7e8807a1b4_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:c1061a246650fe9735d3c5b439fb81e859e5badcd69c4ea241204287e14ec802_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:309b422848a3c58a2f6716b2ae7891fae31a2bee824dddf2206d3ee4d9c0e3be_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:38252c3097bc6ac5971aff8ca9c9280a5569b8824a96034cddeff4a2feed9354_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:8a07b1dcc21b99093a21936da2959f4ff9dbe9b2a138609594ec1cbfab06d096_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a922ecfd9f8d0cbc42897871235789c5f60dfeef43487697152acd492da2ba52_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:221e413f5a21ae4a8eb3a92c88a0f901980fb022f43c5c9dd0b618cb8d94f12f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:6dbc097f05deedeb5a1242bcbbbd71a32f7280e60d65ba0773b36f83b98bcd31_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:752863bfda3f6021ffbb356696049b7983dec9556da06f2c5e653fa9244a2b25_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:95db3bb5baeea65a0304c1701ae7f84b9431fc1f13f7c18085abc82d5a7eace1_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0afd39c2275c46025cee7518d62cc3a26441758f9315e864d25f8b78a5e464f4_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1f93ea9508e4f1a9c54158d8fa6a0dc7babb65fcbd606c3474fd953fc80e95c9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:7bec6ba526ade9f626672e69d9b4a22df5a4d5d6b65a3d7fd681055968e85db8_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f5b3f576f18c0687c5cb757d8c7420ca883033975b906cd2c6fabace582a7fdd_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:19ee8d67235801b83af21c52b92b0855e34f959700eb400d2db455a50b91f512_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2946fd417176936f3339cbbb3597d45f586357e68810d8449e716fb827f5debb_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:8019ec0d2ecc069941d771369cd072c656532aa7bff4a15ba0f62e4d0545992e_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:80f845196a254e186385aa8c0217bfd857a1832357bc309875b6b82a835eadee_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:54cf6dad43d830b530b6554c25f24b23be3bb51fc9436b20fc4c75fa03665b84_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:81f57cf09f298ba6436d9f3236d53210de456b8b1e54b565788b15b7a9d48411_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:cf87bc59b51519af1fb349291dc6e0e346c22db132ab8ed2b0efd49e2a1f9775_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:f626986471cf481e3101377242474d3904439fa12ed45b9dd49cb1d369390c65_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:072fc7738b1bd7fdfacc99eafc7fe55dfa3ebfb79466f255401b821391667971_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:495cfc1e0b1112d6d534baacda0d5591b67af1123b7099a65514365226b8874d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:b5ef707dee8e0098612e5117b8e5baaebb959c75a0416624d727dd44106c401b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:c89915b32d7812867b049c754480667c6218738d81fceb7012a615928508d62d_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:710f6fe3896177cae0d900643b7147d11410e5e58ee012e139fbeee308ee297b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:1fdc8378e3f67e274146571a566c49a99069964e167e7915fa078d508cedf388_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:4a9f42b315becd846787de8798c2bb85d3a2bf607dacd85a18976fa16c00302d_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:bc068cd4d0d2a6c9bae530b3343cfc31ff19e109b70021ef260bb87548a9c1b9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:c8cca109f73568bd4331ecab567ba39a5d016bfd249bc6e62c79eb903df7f77d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:809292e8911468c8b463736793bc42adb6e9d886d7a3a3452706668091f22b20_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:c8c274929641a8ddcbd8045daee04d1cc4f361acd4e9891b43718acef88ea842_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:d12e12f7aa0f40272033174000422448695ccaa5f5331624144be0506e3f2475_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:e7a5ca5641b9c72d42b39b087a9277183a2767e326914ea0441ce5904a77b44f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:3a7697e1f5e899b15e86d98c813857a5513055dbb8202f082ebcd1c1e91e7e2c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:8d10a7ccbb3ef67f3f5ad3f4dd77927a6ab15b7bdb78cf821ee764f967adcdc2_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:dab0ffcf048536d127483cce2042665a687086d72ce420ecca6dba3e3787f339_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:e76acb4eff779bd17f575e3535cf8be658205fe1e7bc14c67a4f26110c4f8c5f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:04a0309f1ea64b27a03d51ed435e3ba03b9b1c00f92ef1d136db7873be49bf6c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:42bcfb29916b6c0ed25625841c9dd483b1a36cd978c6815a2969a794417474b0_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:5cd9912e51ffea57bad97d8d725cd6210c0ba43d41d6a11c67b03d7e8807a1b4_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:c1061a246650fe9735d3c5b439fb81e859e5badcd69c4ea241204287e14ec802_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:309b422848a3c58a2f6716b2ae7891fae31a2bee824dddf2206d3ee4d9c0e3be_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:38252c3097bc6ac5971aff8ca9c9280a5569b8824a96034cddeff4a2feed9354_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:8a07b1dcc21b99093a21936da2959f4ff9dbe9b2a138609594ec1cbfab06d096_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a922ecfd9f8d0cbc42897871235789c5f60dfeef43487697152acd492da2ba52_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:221e413f5a21ae4a8eb3a92c88a0f901980fb022f43c5c9dd0b618cb8d94f12f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:6dbc097f05deedeb5a1242bcbbbd71a32f7280e60d65ba0773b36f83b98bcd31_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:752863bfda3f6021ffbb356696049b7983dec9556da06f2c5e653fa9244a2b25_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:95db3bb5baeea65a0304c1701ae7f84b9431fc1f13f7c18085abc82d5a7eace1_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0afd39c2275c46025cee7518d62cc3a26441758f9315e864d25f8b78a5e464f4_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1f93ea9508e4f1a9c54158d8fa6a0dc7babb65fcbd606c3474fd953fc80e95c9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:7bec6ba526ade9f626672e69d9b4a22df5a4d5d6b65a3d7fd681055968e85db8_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f5b3f576f18c0687c5cb757d8c7420ca883033975b906cd2c6fabace582a7fdd_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:19ee8d67235801b83af21c52b92b0855e34f959700eb400d2db455a50b91f512_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2946fd417176936f3339cbbb3597d45f586357e68810d8449e716fb827f5debb_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:8019ec0d2ecc069941d771369cd072c656532aa7bff4a15ba0f62e4d0545992e_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:80f845196a254e186385aa8c0217bfd857a1832357bc309875b6b82a835eadee_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:54cf6dad43d830b530b6554c25f24b23be3bb51fc9436b20fc4c75fa03665b84_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:81f57cf09f298ba6436d9f3236d53210de456b8b1e54b565788b15b7a9d48411_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:cf87bc59b51519af1fb349291dc6e0e346c22db132ab8ed2b0efd49e2a1f9775_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:f626986471cf481e3101377242474d3904439fa12ed45b9dd49cb1d369390c65_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:072fc7738b1bd7fdfacc99eafc7fe55dfa3ebfb79466f255401b821391667971_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:495cfc1e0b1112d6d534baacda0d5591b67af1123b7099a65514365226b8874d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:b5ef707dee8e0098612e5117b8e5baaebb959c75a0416624d727dd44106c401b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:c89915b32d7812867b049c754480667c6218738d81fceb7012a615928508d62d_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:710f6fe3896177cae0d900643b7147d11410e5e58ee012e139fbeee308ee297b_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:1fdc8378e3f67e274146571a566c49a99069964e167e7915fa078d508cedf388_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:4a9f42b315becd846787de8798c2bb85d3a2bf607dacd85a18976fa16c00302d_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:bc068cd4d0d2a6c9bae530b3343cfc31ff19e109b70021ef260bb87548a9c1b9_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:c8cca109f73568bd4331ecab567ba39a5d016bfd249bc6e62c79eb903df7f77d_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:809292e8911468c8b463736793bc42adb6e9d886d7a3a3452706668091f22b20_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:c8c274929641a8ddcbd8045daee04d1cc4f361acd4e9891b43718acef88ea842_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:d12e12f7aa0f40272033174000422448695ccaa5f5331624144be0506e3f2475_amd64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:e7a5ca5641b9c72d42b39b087a9277183a2767e326914ea0441ce5904a77b44f_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:3a7697e1f5e899b15e86d98c813857a5513055dbb8202f082ebcd1c1e91e7e2c_ppc64le",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:8d10a7ccbb3ef67f3f5ad3f4dd77927a6ab15b7bdb78cf821ee764f967adcdc2_arm64",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:dab0ffcf048536d127483cce2042665a687086d72ce420ecca6dba3e3787f339_s390x",
"Red Hat OpenShift GitOps 1.17:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:e76acb4eff779bd17f575e3535cf8be658205fe1e7bc14c67a4f26110c4f8c5f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation"
}
]
}
RHSA-2025:23729
Vulnerability from csaf_redhat - Published: 2025-12-22 00:22 - Updated: 2026-01-22 22:23Summary
Red Hat Security Advisory: opentelemetry-collector security update
Notes
Topic
An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Collector with the supported components for a Red Hat build of OpenTelemetry
Security Fix(es):
* github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation (CVE-2025-68156)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Collector with the supported components for a Red Hat build of OpenTelemetry\n\nSecurity Fix(es):\n\n* github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation (CVE-2025-68156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23729",
"url": "https://access.redhat.com/errata/RHSA-2025:23729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2422891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422891"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23729.json"
}
],
"title": "Red Hat Security Advisory: opentelemetry-collector security update",
"tracking": {
"current_release_date": "2026-01-22T22:23:29+00:00",
"generator": {
"date": "2026-01-22T22:23:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2025:23729",
"initial_release_date": "2025-12-22T00:22:42+00:00",
"revision_history": [
{
"date": "2025-12-22T00:22:42+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-22T00:22:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-22T22:23:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "opentelemetry-collector-0:0.135.0-2.el9_7.src",
"product": {
"name": "opentelemetry-collector-0:0.135.0-2.el9_7.src",
"product_id": "opentelemetry-collector-0:0.135.0-2.el9_7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opentelemetry-collector@0.135.0-2.el9_7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "opentelemetry-collector-0:0.135.0-2.el9_7.aarch64",
"product": {
"name": "opentelemetry-collector-0:0.135.0-2.el9_7.aarch64",
"product_id": "opentelemetry-collector-0:0.135.0-2.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opentelemetry-collector@0.135.0-2.el9_7?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "opentelemetry-collector-0:0.135.0-2.el9_7.ppc64le",
"product": {
"name": "opentelemetry-collector-0:0.135.0-2.el9_7.ppc64le",
"product_id": "opentelemetry-collector-0:0.135.0-2.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opentelemetry-collector@0.135.0-2.el9_7?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "opentelemetry-collector-0:0.135.0-2.el9_7.x86_64",
"product": {
"name": "opentelemetry-collector-0:0.135.0-2.el9_7.x86_64",
"product_id": "opentelemetry-collector-0:0.135.0-2.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opentelemetry-collector@0.135.0-2.el9_7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "opentelemetry-collector-0:0.135.0-2.el9_7.s390x",
"product": {
"name": "opentelemetry-collector-0:0.135.0-2.el9_7.s390x",
"product_id": "opentelemetry-collector-0:0.135.0-2.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opentelemetry-collector@0.135.0-2.el9_7?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "opentelemetry-collector-0:0.135.0-2.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:opentelemetry-collector-0:0.135.0-2.el9_7.aarch64"
},
"product_reference": "opentelemetry-collector-0:0.135.0-2.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opentelemetry-collector-0:0.135.0-2.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:opentelemetry-collector-0:0.135.0-2.el9_7.ppc64le"
},
"product_reference": "opentelemetry-collector-0:0.135.0-2.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opentelemetry-collector-0:0.135.0-2.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:opentelemetry-collector-0:0.135.0-2.el9_7.s390x"
},
"product_reference": "opentelemetry-collector-0:0.135.0-2.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opentelemetry-collector-0:0.135.0-2.el9_7.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:opentelemetry-collector-0:0.135.0-2.el9_7.src"
},
"product_reference": "opentelemetry-collector-0:0.135.0-2.el9_7.src",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opentelemetry-collector-0:0.135.0-2.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:opentelemetry-collector-0:0.135.0-2.el9_7.x86_64"
},
"product_reference": "opentelemetry-collector-0:0.135.0-2.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-68156",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-16T19:01:42.049157+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2422891"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service (DoS) via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic and application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products utilizing the `Expr` Go library because it can lead to a denial-of-service. Exploitation requires an application to evaluate expressions against untrusted or insufficiently validated data structures containing deeply nested or cyclic references, which can cause a stack overflow and application crash. Products that do not process untrusted input with `Expr` are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:opentelemetry-collector-0:0.135.0-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:opentelemetry-collector-0:0.135.0-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:opentelemetry-collector-0:0.135.0-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:opentelemetry-collector-0:0.135.0-2.el9_7.src",
"AppStream-9.7.0.Z.MAIN:opentelemetry-collector-0:0.135.0-2.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68156"
},
{
"category": "external",
"summary": "RHBZ#2422891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422891"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68156",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68156"
},
{
"category": "external",
"summary": "https://github.com/expr-lang/expr/pull/870",
"url": "https://github.com/expr-lang/expr/pull/870"
},
{
"category": "external",
"summary": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6",
"url": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6"
}
],
"release_date": "2025-12-16T18:24:11.648000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-22T00:22:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:opentelemetry-collector-0:0.135.0-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:opentelemetry-collector-0:0.135.0-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:opentelemetry-collector-0:0.135.0-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:opentelemetry-collector-0:0.135.0-2.el9_7.src",
"AppStream-9.7.0.Z.MAIN:opentelemetry-collector-0:0.135.0-2.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23729"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications using the `Expr` library should ensure that evaluation environments do not contain cyclic references. Additionally, externally supplied data structures must be validated or sanitized before being passed to `Expr` for evaluation. As a last-resort defensive measure, expression evaluation can be wrapped with panic recovery to prevent a full process crash.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:opentelemetry-collector-0:0.135.0-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:opentelemetry-collector-0:0.135.0-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:opentelemetry-collector-0:0.135.0-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:opentelemetry-collector-0:0.135.0-2.el9_7.src",
"AppStream-9.7.0.Z.MAIN:opentelemetry-collector-0:0.135.0-2.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:opentelemetry-collector-0:0.135.0-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:opentelemetry-collector-0:0.135.0-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:opentelemetry-collector-0:0.135.0-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:opentelemetry-collector-0:0.135.0-2.el9_7.src",
"AppStream-9.7.0.Z.MAIN:opentelemetry-collector-0:0.135.0-2.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation"
}
]
}
RHSA-2026:1017
Vulnerability from csaf_redhat - Published: 2026-01-22 15:47 - Updated: 2026-01-23 14:04Summary
Red Hat Security Advisory: Red Hat OpenShift GitOps v1.18.3 security update
Notes
Topic
Important: Red Hat OpenShift GitOps v1.18.3 security update
Details
An update is now available for Red Hat OpenShift GitOps.
Bug Fix(es) and Enhancement(s):
* GITOPS-8239 (CVE-2025-47913 openshift-gitops-1/gitops-rhel8: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS [gitops-1.18])
* GITOPS-8079 (CVE-2025-58183 openshift-gitops-1/argocd-rhel8: Unbounded allocation when parsing GNU sparse map [gitops-1.18])
* GITOPS-8082 (CVE-2025-58183 openshift-gitops-1/dex-rhel8: Unbounded allocation when parsing GNU sparse map [gitops-1.18])
* GITOPS-8522 (CVE-2025-68156 openshift-gitops-1/argocd-rhel8: Expr: Denial of Service via uncontrolled recursion in expression evaluation [gitops-1.18])
* GITOPS-8523 (CVE-2025-68156 openshift-gitops-1/argocd-rhel9: Expr: Denial of Service via uncontrolled recursion in expression evaluation [gitops-1.18])
* GITOPS-7849 (Cherry pick Repo Type Fix to Argo CD 3.1 stream)
* GITOPS-7992 (openshift-gitops-operator-metrics-monitor ServiceMonitor is attempting to use a bearerTokenFile configuration in its endpoints definition)
* GITOPS-8225 (RC 1.19.0-2 : haproxy replica remains 1 with HA upgrade)
* GITOPS-8249 (Prevent argoCD from automatically refreshing to gitops repository )
* GITOPS-8411 (CVE-2025-55190 still blocking due to github.com/argoproj/argo-cd/v2@v2.14.11 in gitops-rhel8:v1.18.1)
* GITOPS-8535 (Show All Namespaces or Current Namespace Only option)
* GITOPS-8591 (Reciving TargetDown after upgrading GitOps )
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Important: Red Hat OpenShift GitOps v1.18.3 security update",
"title": "Topic"
},
{
"category": "general",
"text": "An update is now available for Red Hat OpenShift GitOps.\nBug Fix(es) and Enhancement(s):\n* GITOPS-8239 (CVE-2025-47913 openshift-gitops-1/gitops-rhel8: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS [gitops-1.18])\n* GITOPS-8079 (CVE-2025-58183 openshift-gitops-1/argocd-rhel8: Unbounded allocation when parsing GNU sparse map [gitops-1.18])\n* GITOPS-8082 (CVE-2025-58183 openshift-gitops-1/dex-rhel8: Unbounded allocation when parsing GNU sparse map [gitops-1.18])\n* GITOPS-8522 (CVE-2025-68156 openshift-gitops-1/argocd-rhel8: Expr: Denial of Service via uncontrolled recursion in expression evaluation [gitops-1.18])\n* GITOPS-8523 (CVE-2025-68156 openshift-gitops-1/argocd-rhel9: Expr: Denial of Service via uncontrolled recursion in expression evaluation [gitops-1.18])\n* GITOPS-7849 (Cherry pick Repo Type Fix to Argo CD 3.1 stream)\n* GITOPS-7992 (openshift-gitops-operator-metrics-monitor ServiceMonitor is attempting to use a bearerTokenFile configuration in its endpoints definition)\n* GITOPS-8225 (RC 1.19.0-2 : haproxy replica remains 1 with HA upgrade)\n* GITOPS-8249 (Prevent argoCD from automatically refreshing to gitops repository )\n* GITOPS-8411 (CVE-2025-55190 still blocking due to github.com/argoproj/argo-cd/v2@v2.14.11 in gitops-rhel8:v1.18.1)\n* GITOPS-8535 (Show All Namespaces or Current Namespace Only option)\n* GITOPS-8591 (Reciving TargetDown after upgrading GitOps )",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:1017",
"url": "https://access.redhat.com/errata/RHSA-2026:1017"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-13888",
"url": "https://access.redhat.com/security/cve/CVE-2025-13888"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47913",
"url": "https://access.redhat.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-55190",
"url": "https://access.redhat.com/security/cve/CVE-2025-55190"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58183",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68156",
"url": "https://access.redhat.com/security/cve/CVE-2025-68156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_openshift_gitops/1.18/",
"url": "https://docs.redhat.com/en/documentation/red_hat_openshift_gitops/1.18/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1017.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift GitOps v1.18.3 security update",
"tracking": {
"current_release_date": "2026-01-23T14:04:08+00:00",
"generator": {
"date": "2026-01-23T14:04:08+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.16"
}
},
"id": "RHSA-2026:1017",
"initial_release_date": "2026-01-22T15:47:03+00:00",
"revision_history": [
{
"date": "2026-01-22T15:47:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-23T04:51:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-23T14:04:08+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.18",
"product": {
"name": "Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_gitops:1.18::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift GitOps"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:ddc27dbea59c611ffb5394114a6c754397cc0032ba3487a3f03041ed34cfce30_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:ddc27dbea59c611ffb5394114a6c754397cc0032ba3487a3f03041ed34cfce30_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:ddc27dbea59c611ffb5394114a6c754397cc0032ba3487a3f03041ed34cfce30_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256%3Addc27dbea59c611ffb5394114a6c754397cc0032ba3487a3f03041ed34cfce30?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768881087"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1438757fd131c12d8ae3a1edb5757bc63114b882d00563be2857917611008418_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1438757fd131c12d8ae3a1edb5757bc63114b882d00563be2857917611008418_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1438757fd131c12d8ae3a1edb5757bc63114b882d00563be2857917611008418_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256%3A1438757fd131c12d8ae3a1edb5757bc63114b882d00563be2857917611008418?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768881232"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:32ae33eb3d84b30020cb6732e5c84f76cbd2de6abdd7b42e72be887015c49d35_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:32ae33eb3d84b30020cb6732e5c84f76cbd2de6abdd7b42e72be887015c49d35_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:32ae33eb3d84b30020cb6732e5c84f76cbd2de6abdd7b42e72be887015c49d35_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-agent-rhel8@sha256%3A32ae33eb3d84b30020cb6732e5c84f76cbd2de6abdd7b42e72be887015c49d35?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768881701"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:8286093133d109fe0d852491fda66c66d893527f3364c587b6d09823088bcba6_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:8286093133d109fe0d852491fda66c66d893527f3364c587b6d09823088bcba6_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:8286093133d109fe0d852491fda66c66d893527f3364c587b6d09823088bcba6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-extensions-rhel8@sha256%3A8286093133d109fe0d852491fda66c66d893527f3364c587b6d09823088bcba6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768880997"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:779c33c3679e47ebca0af343ba6e26d2723cfc9affdcee4df54078ef68278016_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:779c33c3679e47ebca0af343ba6e26d2723cfc9affdcee4df54078ef68278016_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:779c33c3679e47ebca0af343ba6e26d2723cfc9affdcee4df54078ef68278016_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel9@sha256%3A779c33c3679e47ebca0af343ba6e26d2723cfc9affdcee4df54078ef68278016?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768881228"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:ae7a2d5c703f6caa7d4facffe3c141bed9739b88967f5a832cf9005b2f815561_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:ae7a2d5c703f6caa7d4facffe3c141bed9739b88967f5a832cf9005b2f815561_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:ae7a2d5c703f6caa7d4facffe3c141bed9739b88967f5a832cf9005b2f815561_amd64",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256%3Aae7a2d5c703f6caa7d4facffe3c141bed9739b88967f5a832cf9005b2f815561?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768882111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ed37ac2ef10a9107672556fe62e19020d470745a0ec04378ed840949c49a6234_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ed37ac2ef10a9107672556fe62e19020d470745a0ec04378ed840949c49a6234_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ed37ac2ef10a9107672556fe62e19020d470745a0ec04378ed840949c49a6234_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256%3Aed37ac2ef10a9107672556fe62e19020d470745a0ec04378ed840949c49a6234?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768882258"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1cbde70be8f1035b0f45b02e0663c28aa444ea5bc2c8bca580ff164dcfff4196_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1cbde70be8f1035b0f45b02e0663c28aa444ea5bc2c8bca580ff164dcfff4196_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1cbde70be8f1035b0f45b02e0663c28aa444ea5bc2c8bca580ff164dcfff4196_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256%3A1cbde70be8f1035b0f45b02e0663c28aa444ea5bc2c8bca580ff164dcfff4196?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768881034"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:3cde1fe9926ec2d6d7618cee7a053b1f66c8ebe1a5f6d9e097914b3d3d6f8ca1_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:3cde1fe9926ec2d6d7618cee7a053b1f66c8ebe1a5f6d9e097914b3d3d6f8ca1_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:3cde1fe9926ec2d6d7618cee7a053b1f66c8ebe1a5f6d9e097914b3d3d6f8ca1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256%3A3cde1fe9926ec2d6d7618cee7a053b1f66c8ebe1a5f6d9e097914b3d3d6f8ca1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768881033"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:a4e9887db8647c4e958df4725f08340a9c6a462cd18fd2bf9c9f1fc939649740_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:a4e9887db8647c4e958df4725f08340a9c6a462cd18fd2bf9c9f1fc939649740_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:a4e9887db8647c4e958df4725f08340a9c6a462cd18fd2bf9c9f1fc939649740_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-operator-bundle@sha256%3Aa4e9887db8647c4e958df4725f08340a9c6a462cd18fd2bf9c9f1fc939649740?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768883693"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:4bb1a9bd246dac5d17ea6bb1556d7ebb87e794369f75913d3d197d2c55a48015_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:4bb1a9bd246dac5d17ea6bb1556d7ebb87e794369f75913d3d197d2c55a48015_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:4bb1a9bd246dac5d17ea6bb1556d7ebb87e794369f75913d3d197d2c55a48015_amd64",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256%3A4bb1a9bd246dac5d17ea6bb1556d7ebb87e794369f75913d3d197d2c55a48015?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768880947"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:d529b4bbae3cfcf25ea91a29d3c9eb701ef6a3a54e6e0c0117c649f3e4dbe2dc_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:d529b4bbae3cfcf25ea91a29d3c9eb701ef6a3a54e6e0c0117c649f3e4dbe2dc_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:d529b4bbae3cfcf25ea91a29d3c9eb701ef6a3a54e6e0c0117c649f3e4dbe2dc_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256%3Ad529b4bbae3cfcf25ea91a29d3c9eb701ef6a3a54e6e0c0117c649f3e4dbe2dc?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768881087"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0eb572fc96ae2e1973ce43515f03121965600bb09ef0b995eb467f5965c2246c_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0eb572fc96ae2e1973ce43515f03121965600bb09ef0b995eb467f5965c2246c_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0eb572fc96ae2e1973ce43515f03121965600bb09ef0b995eb467f5965c2246c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256%3A0eb572fc96ae2e1973ce43515f03121965600bb09ef0b995eb467f5965c2246c?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768881232"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:1ac33bdd539b1bf2033e27f3127badf1afd2d5fdeef9fd51f00feeffdd936f32_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:1ac33bdd539b1bf2033e27f3127badf1afd2d5fdeef9fd51f00feeffdd936f32_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:1ac33bdd539b1bf2033e27f3127badf1afd2d5fdeef9fd51f00feeffdd936f32_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-agent-rhel8@sha256%3A1ac33bdd539b1bf2033e27f3127badf1afd2d5fdeef9fd51f00feeffdd936f32?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768881701"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:571c6d9d4e84c6fcd278e13f15e71b527b618ac7d98c477c516d91e0097ba40c_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:571c6d9d4e84c6fcd278e13f15e71b527b618ac7d98c477c516d91e0097ba40c_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:571c6d9d4e84c6fcd278e13f15e71b527b618ac7d98c477c516d91e0097ba40c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-extensions-rhel8@sha256%3A571c6d9d4e84c6fcd278e13f15e71b527b618ac7d98c477c516d91e0097ba40c?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768880997"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:0f883371ffee9d87547a4dc9524a35c5e6cce840a722bf3a01b1be3c1396fdb1_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:0f883371ffee9d87547a4dc9524a35c5e6cce840a722bf3a01b1be3c1396fdb1_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:0f883371ffee9d87547a4dc9524a35c5e6cce840a722bf3a01b1be3c1396fdb1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel9@sha256%3A0f883371ffee9d87547a4dc9524a35c5e6cce840a722bf3a01b1be3c1396fdb1?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768881228"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:6f16630ff37a5e18b5f8eee782edd6ada351a60b41fdab1bbfda27ebb297135a_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:6f16630ff37a5e18b5f8eee782edd6ada351a60b41fdab1bbfda27ebb297135a_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:6f16630ff37a5e18b5f8eee782edd6ada351a60b41fdab1bbfda27ebb297135a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256%3A6f16630ff37a5e18b5f8eee782edd6ada351a60b41fdab1bbfda27ebb297135a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768882111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:a0236e0cf364d15553a77f0c12f8f8c0bb12ebf2c49c43c68da4f3f28b93e781_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:a0236e0cf364d15553a77f0c12f8f8c0bb12ebf2c49c43c68da4f3f28b93e781_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:a0236e0cf364d15553a77f0c12f8f8c0bb12ebf2c49c43c68da4f3f28b93e781_arm64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256%3Aa0236e0cf364d15553a77f0c12f8f8c0bb12ebf2c49c43c68da4f3f28b93e781?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768882258"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:7fbb7d98b130e1dc6c9f5f440244a05bff22e34ab70f5e57e45d4b70e4e3f8da_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:7fbb7d98b130e1dc6c9f5f440244a05bff22e34ab70f5e57e45d4b70e4e3f8da_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:7fbb7d98b130e1dc6c9f5f440244a05bff22e34ab70f5e57e45d4b70e4e3f8da_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256%3A7fbb7d98b130e1dc6c9f5f440244a05bff22e34ab70f5e57e45d4b70e4e3f8da?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768881034"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:10aa721d5a3c55fad979603898fa3b5d504c4911559b8615edfce9a5d0653ff0_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:10aa721d5a3c55fad979603898fa3b5d504c4911559b8615edfce9a5d0653ff0_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:10aa721d5a3c55fad979603898fa3b5d504c4911559b8615edfce9a5d0653ff0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256%3A10aa721d5a3c55fad979603898fa3b5d504c4911559b8615edfce9a5d0653ff0?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768881033"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:54a92917be83722915ce05181652988342015eeb3e54fa3b4dd226d6fd493ccd_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:54a92917be83722915ce05181652988342015eeb3e54fa3b4dd226d6fd493ccd_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:54a92917be83722915ce05181652988342015eeb3e54fa3b4dd226d6fd493ccd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256%3A54a92917be83722915ce05181652988342015eeb3e54fa3b4dd226d6fd493ccd?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768880947"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:f87ac5bb84230c4c34f5404adbc45347a295fb1e60095c2e4ad1e0ea126382b5_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:f87ac5bb84230c4c34f5404adbc45347a295fb1e60095c2e4ad1e0ea126382b5_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:f87ac5bb84230c4c34f5404adbc45347a295fb1e60095c2e4ad1e0ea126382b5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256%3Af87ac5bb84230c4c34f5404adbc45347a295fb1e60095c2e4ad1e0ea126382b5?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768881087"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f8d8f51bd4aeba9dcfd4edad0720410d289ac0e7a2642c90128d506d69d42c77_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f8d8f51bd4aeba9dcfd4edad0720410d289ac0e7a2642c90128d506d69d42c77_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f8d8f51bd4aeba9dcfd4edad0720410d289ac0e7a2642c90128d506d69d42c77_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256%3Af8d8f51bd4aeba9dcfd4edad0720410d289ac0e7a2642c90128d506d69d42c77?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768881232"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a621f4cfd83907d57317ce941f470ba4b0fb5d599aab38db936e591dde426404_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a621f4cfd83907d57317ce941f470ba4b0fb5d599aab38db936e591dde426404_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a621f4cfd83907d57317ce941f470ba4b0fb5d599aab38db936e591dde426404_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-agent-rhel8@sha256%3Aa621f4cfd83907d57317ce941f470ba4b0fb5d599aab38db936e591dde426404?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768881701"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:0330e4aab6eb9d7c54417d2a6c5aaf959319eb1c811ab91085570295dc19b258_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:0330e4aab6eb9d7c54417d2a6c5aaf959319eb1c811ab91085570295dc19b258_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:0330e4aab6eb9d7c54417d2a6c5aaf959319eb1c811ab91085570295dc19b258_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-extensions-rhel8@sha256%3A0330e4aab6eb9d7c54417d2a6c5aaf959319eb1c811ab91085570295dc19b258?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768880997"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:88d55cc7ec87db114cc60c9c7a67e9c6a69aae69c30a6c076bd94f239a84498c_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:88d55cc7ec87db114cc60c9c7a67e9c6a69aae69c30a6c076bd94f239a84498c_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:88d55cc7ec87db114cc60c9c7a67e9c6a69aae69c30a6c076bd94f239a84498c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel9@sha256%3A88d55cc7ec87db114cc60c9c7a67e9c6a69aae69c30a6c076bd94f239a84498c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768881228"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:b6c961fab1178fcc25126ac214d0a7e15bf5738291e2e16c4e05ec320e54fcca_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:b6c961fab1178fcc25126ac214d0a7e15bf5738291e2e16c4e05ec320e54fcca_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:b6c961fab1178fcc25126ac214d0a7e15bf5738291e2e16c4e05ec320e54fcca_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256%3Ab6c961fab1178fcc25126ac214d0a7e15bf5738291e2e16c4e05ec320e54fcca?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768882111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ab7de39ebdcc363fe61d919ebf430d6e533ddc108075c19f9c9e6d71938bfd6e_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ab7de39ebdcc363fe61d919ebf430d6e533ddc108075c19f9c9e6d71938bfd6e_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ab7de39ebdcc363fe61d919ebf430d6e533ddc108075c19f9c9e6d71938bfd6e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256%3Aab7de39ebdcc363fe61d919ebf430d6e533ddc108075c19f9c9e6d71938bfd6e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768882258"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:853107e7329e189ded3fc5ca657366e27010f468b1be813264efd9e2cf90c906_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:853107e7329e189ded3fc5ca657366e27010f468b1be813264efd9e2cf90c906_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:853107e7329e189ded3fc5ca657366e27010f468b1be813264efd9e2cf90c906_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256%3A853107e7329e189ded3fc5ca657366e27010f468b1be813264efd9e2cf90c906?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768881034"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:43ba408b8ed58259bf338fd29260d936fbde9846f772d0580b3e7486ef8ea300_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:43ba408b8ed58259bf338fd29260d936fbde9846f772d0580b3e7486ef8ea300_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:43ba408b8ed58259bf338fd29260d936fbde9846f772d0580b3e7486ef8ea300_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256%3A43ba408b8ed58259bf338fd29260d936fbde9846f772d0580b3e7486ef8ea300?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768881033"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:376ef09554debe6042424f2b4464922cf1aeb14d801fea5c81900d24ce028a39_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:376ef09554debe6042424f2b4464922cf1aeb14d801fea5c81900d24ce028a39_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:376ef09554debe6042424f2b4464922cf1aeb14d801fea5c81900d24ce028a39_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256%3A376ef09554debe6042424f2b4464922cf1aeb14d801fea5c81900d24ce028a39?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768880947"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:58b596569b8de68d7474d949fd30d9a1666f1f08ea81e8264b9132263b61377b_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:58b596569b8de68d7474d949fd30d9a1666f1f08ea81e8264b9132263b61377b_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:58b596569b8de68d7474d949fd30d9a1666f1f08ea81e8264b9132263b61377b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256%3A58b596569b8de68d7474d949fd30d9a1666f1f08ea81e8264b9132263b61377b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768881087"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a333f6b8ae405b22c746a02bd38a125753a347e7e2c352ec690fa97388b3a40b_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a333f6b8ae405b22c746a02bd38a125753a347e7e2c352ec690fa97388b3a40b_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a333f6b8ae405b22c746a02bd38a125753a347e7e2c352ec690fa97388b3a40b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256%3Aa333f6b8ae405b22c746a02bd38a125753a347e7e2c352ec690fa97388b3a40b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768881232"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a6141b3b5508dc9690ae15ebc3efd33a3fc71382a7dd449a954ffe181f8cd138_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a6141b3b5508dc9690ae15ebc3efd33a3fc71382a7dd449a954ffe181f8cd138_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a6141b3b5508dc9690ae15ebc3efd33a3fc71382a7dd449a954ffe181f8cd138_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-agent-rhel8@sha256%3Aa6141b3b5508dc9690ae15ebc3efd33a3fc71382a7dd449a954ffe181f8cd138?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768881701"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:259bb75abc6b464d9badf8b110ab239232152010ada0c407241fab47ecbbae6e_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:259bb75abc6b464d9badf8b110ab239232152010ada0c407241fab47ecbbae6e_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:259bb75abc6b464d9badf8b110ab239232152010ada0c407241fab47ecbbae6e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-extensions-rhel8@sha256%3A259bb75abc6b464d9badf8b110ab239232152010ada0c407241fab47ecbbae6e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768880997"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:6e8d1e3c7bee9c2c2bee357af24bae34510fe6b87075b98f5be34e41dd70d152_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:6e8d1e3c7bee9c2c2bee357af24bae34510fe6b87075b98f5be34e41dd70d152_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:6e8d1e3c7bee9c2c2bee357af24bae34510fe6b87075b98f5be34e41dd70d152_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel9@sha256%3A6e8d1e3c7bee9c2c2bee357af24bae34510fe6b87075b98f5be34e41dd70d152?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768881228"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bca47a6bb7edb70b24927ea02484c91bc4ce35cc8ebb24f5d68cb28193e77fda_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bca47a6bb7edb70b24927ea02484c91bc4ce35cc8ebb24f5d68cb28193e77fda_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bca47a6bb7edb70b24927ea02484c91bc4ce35cc8ebb24f5d68cb28193e77fda_s390x",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256%3Abca47a6bb7edb70b24927ea02484c91bc4ce35cc8ebb24f5d68cb28193e77fda?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768882111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:792cbe51a6e0f80d9a97b5a6a538a36f756467624144ad3af2c2da53f85db68c_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:792cbe51a6e0f80d9a97b5a6a538a36f756467624144ad3af2c2da53f85db68c_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:792cbe51a6e0f80d9a97b5a6a538a36f756467624144ad3af2c2da53f85db68c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256%3A792cbe51a6e0f80d9a97b5a6a538a36f756467624144ad3af2c2da53f85db68c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768882258"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1992f4b3414b6955295827e06e8e5e635f754eb3e0b52ca181e80add613d1ba4_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1992f4b3414b6955295827e06e8e5e635f754eb3e0b52ca181e80add613d1ba4_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1992f4b3414b6955295827e06e8e5e635f754eb3e0b52ca181e80add613d1ba4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256%3A1992f4b3414b6955295827e06e8e5e635f754eb3e0b52ca181e80add613d1ba4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768881034"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e73fa4b644e17e520cc9836d4b235a5ae02e10a6a21addc2ae959832d4e08143_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e73fa4b644e17e520cc9836d4b235a5ae02e10a6a21addc2ae959832d4e08143_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e73fa4b644e17e520cc9836d4b235a5ae02e10a6a21addc2ae959832d4e08143_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256%3Ae73fa4b644e17e520cc9836d4b235a5ae02e10a6a21addc2ae959832d4e08143?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768881033"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:de7cde72fcb72eccc9f5ea89eed7094e4c976c3e331c48ef450339323a326da1_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:de7cde72fcb72eccc9f5ea89eed7094e4c976c3e331c48ef450339323a326da1_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:de7cde72fcb72eccc9f5ea89eed7094e4c976c3e331c48ef450339323a326da1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256%3Ade7cde72fcb72eccc9f5ea89eed7094e4c976c3e331c48ef450339323a326da1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1\u0026tag=1768880947"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:58b596569b8de68d7474d949fd30d9a1666f1f08ea81e8264b9132263b61377b_s390x as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:58b596569b8de68d7474d949fd30d9a1666f1f08ea81e8264b9132263b61377b_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:58b596569b8de68d7474d949fd30d9a1666f1f08ea81e8264b9132263b61377b_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:d529b4bbae3cfcf25ea91a29d3c9eb701ef6a3a54e6e0c0117c649f3e4dbe2dc_arm64 as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:d529b4bbae3cfcf25ea91a29d3c9eb701ef6a3a54e6e0c0117c649f3e4dbe2dc_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:d529b4bbae3cfcf25ea91a29d3c9eb701ef6a3a54e6e0c0117c649f3e4dbe2dc_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:ddc27dbea59c611ffb5394114a6c754397cc0032ba3487a3f03041ed34cfce30_amd64 as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:ddc27dbea59c611ffb5394114a6c754397cc0032ba3487a3f03041ed34cfce30_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:ddc27dbea59c611ffb5394114a6c754397cc0032ba3487a3f03041ed34cfce30_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:f87ac5bb84230c4c34f5404adbc45347a295fb1e60095c2e4ad1e0ea126382b5_ppc64le as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:f87ac5bb84230c4c34f5404adbc45347a295fb1e60095c2e4ad1e0ea126382b5_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:f87ac5bb84230c4c34f5404adbc45347a295fb1e60095c2e4ad1e0ea126382b5_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:1ac33bdd539b1bf2033e27f3127badf1afd2d5fdeef9fd51f00feeffdd936f32_arm64 as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:1ac33bdd539b1bf2033e27f3127badf1afd2d5fdeef9fd51f00feeffdd936f32_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:1ac33bdd539b1bf2033e27f3127badf1afd2d5fdeef9fd51f00feeffdd936f32_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:32ae33eb3d84b30020cb6732e5c84f76cbd2de6abdd7b42e72be887015c49d35_amd64 as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:32ae33eb3d84b30020cb6732e5c84f76cbd2de6abdd7b42e72be887015c49d35_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:32ae33eb3d84b30020cb6732e5c84f76cbd2de6abdd7b42e72be887015c49d35_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a6141b3b5508dc9690ae15ebc3efd33a3fc71382a7dd449a954ffe181f8cd138_s390x as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a6141b3b5508dc9690ae15ebc3efd33a3fc71382a7dd449a954ffe181f8cd138_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a6141b3b5508dc9690ae15ebc3efd33a3fc71382a7dd449a954ffe181f8cd138_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a621f4cfd83907d57317ce941f470ba4b0fb5d599aab38db936e591dde426404_ppc64le as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a621f4cfd83907d57317ce941f470ba4b0fb5d599aab38db936e591dde426404_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a621f4cfd83907d57317ce941f470ba4b0fb5d599aab38db936e591dde426404_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:0330e4aab6eb9d7c54417d2a6c5aaf959319eb1c811ab91085570295dc19b258_ppc64le as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:0330e4aab6eb9d7c54417d2a6c5aaf959319eb1c811ab91085570295dc19b258_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:0330e4aab6eb9d7c54417d2a6c5aaf959319eb1c811ab91085570295dc19b258_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:259bb75abc6b464d9badf8b110ab239232152010ada0c407241fab47ecbbae6e_s390x as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:259bb75abc6b464d9badf8b110ab239232152010ada0c407241fab47ecbbae6e_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:259bb75abc6b464d9badf8b110ab239232152010ada0c407241fab47ecbbae6e_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:571c6d9d4e84c6fcd278e13f15e71b527b618ac7d98c477c516d91e0097ba40c_arm64 as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:571c6d9d4e84c6fcd278e13f15e71b527b618ac7d98c477c516d91e0097ba40c_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:571c6d9d4e84c6fcd278e13f15e71b527b618ac7d98c477c516d91e0097ba40c_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:8286093133d109fe0d852491fda66c66d893527f3364c587b6d09823088bcba6_amd64 as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:8286093133d109fe0d852491fda66c66d893527f3364c587b6d09823088bcba6_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:8286093133d109fe0d852491fda66c66d893527f3364c587b6d09823088bcba6_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0eb572fc96ae2e1973ce43515f03121965600bb09ef0b995eb467f5965c2246c_arm64 as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0eb572fc96ae2e1973ce43515f03121965600bb09ef0b995eb467f5965c2246c_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0eb572fc96ae2e1973ce43515f03121965600bb09ef0b995eb467f5965c2246c_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1438757fd131c12d8ae3a1edb5757bc63114b882d00563be2857917611008418_amd64 as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1438757fd131c12d8ae3a1edb5757bc63114b882d00563be2857917611008418_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1438757fd131c12d8ae3a1edb5757bc63114b882d00563be2857917611008418_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a333f6b8ae405b22c746a02bd38a125753a347e7e2c352ec690fa97388b3a40b_s390x as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a333f6b8ae405b22c746a02bd38a125753a347e7e2c352ec690fa97388b3a40b_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a333f6b8ae405b22c746a02bd38a125753a347e7e2c352ec690fa97388b3a40b_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f8d8f51bd4aeba9dcfd4edad0720410d289ac0e7a2642c90128d506d69d42c77_ppc64le as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f8d8f51bd4aeba9dcfd4edad0720410d289ac0e7a2642c90128d506d69d42c77_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f8d8f51bd4aeba9dcfd4edad0720410d289ac0e7a2642c90128d506d69d42c77_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:0f883371ffee9d87547a4dc9524a35c5e6cce840a722bf3a01b1be3c1396fdb1_arm64 as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:0f883371ffee9d87547a4dc9524a35c5e6cce840a722bf3a01b1be3c1396fdb1_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:0f883371ffee9d87547a4dc9524a35c5e6cce840a722bf3a01b1be3c1396fdb1_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:6e8d1e3c7bee9c2c2bee357af24bae34510fe6b87075b98f5be34e41dd70d152_s390x as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:6e8d1e3c7bee9c2c2bee357af24bae34510fe6b87075b98f5be34e41dd70d152_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:6e8d1e3c7bee9c2c2bee357af24bae34510fe6b87075b98f5be34e41dd70d152_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:779c33c3679e47ebca0af343ba6e26d2723cfc9affdcee4df54078ef68278016_amd64 as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:779c33c3679e47ebca0af343ba6e26d2723cfc9affdcee4df54078ef68278016_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:779c33c3679e47ebca0af343ba6e26d2723cfc9affdcee4df54078ef68278016_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:88d55cc7ec87db114cc60c9c7a67e9c6a69aae69c30a6c076bd94f239a84498c_ppc64le as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:88d55cc7ec87db114cc60c9c7a67e9c6a69aae69c30a6c076bd94f239a84498c_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:88d55cc7ec87db114cc60c9c7a67e9c6a69aae69c30a6c076bd94f239a84498c_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:6f16630ff37a5e18b5f8eee782edd6ada351a60b41fdab1bbfda27ebb297135a_arm64 as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:6f16630ff37a5e18b5f8eee782edd6ada351a60b41fdab1bbfda27ebb297135a_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:6f16630ff37a5e18b5f8eee782edd6ada351a60b41fdab1bbfda27ebb297135a_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:ae7a2d5c703f6caa7d4facffe3c141bed9739b88967f5a832cf9005b2f815561_amd64 as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:ae7a2d5c703f6caa7d4facffe3c141bed9739b88967f5a832cf9005b2f815561_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:ae7a2d5c703f6caa7d4facffe3c141bed9739b88967f5a832cf9005b2f815561_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:b6c961fab1178fcc25126ac214d0a7e15bf5738291e2e16c4e05ec320e54fcca_ppc64le as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:b6c961fab1178fcc25126ac214d0a7e15bf5738291e2e16c4e05ec320e54fcca_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:b6c961fab1178fcc25126ac214d0a7e15bf5738291e2e16c4e05ec320e54fcca_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bca47a6bb7edb70b24927ea02484c91bc4ce35cc8ebb24f5d68cb28193e77fda_s390x as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bca47a6bb7edb70b24927ea02484c91bc4ce35cc8ebb24f5d68cb28193e77fda_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bca47a6bb7edb70b24927ea02484c91bc4ce35cc8ebb24f5d68cb28193e77fda_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:792cbe51a6e0f80d9a97b5a6a538a36f756467624144ad3af2c2da53f85db68c_s390x as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:792cbe51a6e0f80d9a97b5a6a538a36f756467624144ad3af2c2da53f85db68c_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:792cbe51a6e0f80d9a97b5a6a538a36f756467624144ad3af2c2da53f85db68c_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:a0236e0cf364d15553a77f0c12f8f8c0bb12ebf2c49c43c68da4f3f28b93e781_arm64 as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:a0236e0cf364d15553a77f0c12f8f8c0bb12ebf2c49c43c68da4f3f28b93e781_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:a0236e0cf364d15553a77f0c12f8f8c0bb12ebf2c49c43c68da4f3f28b93e781_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ab7de39ebdcc363fe61d919ebf430d6e533ddc108075c19f9c9e6d71938bfd6e_ppc64le as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ab7de39ebdcc363fe61d919ebf430d6e533ddc108075c19f9c9e6d71938bfd6e_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ab7de39ebdcc363fe61d919ebf430d6e533ddc108075c19f9c9e6d71938bfd6e_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ed37ac2ef10a9107672556fe62e19020d470745a0ec04378ed840949c49a6234_amd64 as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ed37ac2ef10a9107672556fe62e19020d470745a0ec04378ed840949c49a6234_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ed37ac2ef10a9107672556fe62e19020d470745a0ec04378ed840949c49a6234_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:a4e9887db8647c4e958df4725f08340a9c6a462cd18fd2bf9c9f1fc939649740_amd64 as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:a4e9887db8647c4e958df4725f08340a9c6a462cd18fd2bf9c9f1fc939649740_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:a4e9887db8647c4e958df4725f08340a9c6a462cd18fd2bf9c9f1fc939649740_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:10aa721d5a3c55fad979603898fa3b5d504c4911559b8615edfce9a5d0653ff0_arm64 as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:10aa721d5a3c55fad979603898fa3b5d504c4911559b8615edfce9a5d0653ff0_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:10aa721d5a3c55fad979603898fa3b5d504c4911559b8615edfce9a5d0653ff0_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:3cde1fe9926ec2d6d7618cee7a053b1f66c8ebe1a5f6d9e097914b3d3d6f8ca1_amd64 as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:3cde1fe9926ec2d6d7618cee7a053b1f66c8ebe1a5f6d9e097914b3d3d6f8ca1_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:3cde1fe9926ec2d6d7618cee7a053b1f66c8ebe1a5f6d9e097914b3d3d6f8ca1_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:43ba408b8ed58259bf338fd29260d936fbde9846f772d0580b3e7486ef8ea300_ppc64le as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:43ba408b8ed58259bf338fd29260d936fbde9846f772d0580b3e7486ef8ea300_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:43ba408b8ed58259bf338fd29260d936fbde9846f772d0580b3e7486ef8ea300_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e73fa4b644e17e520cc9836d4b235a5ae02e10a6a21addc2ae959832d4e08143_s390x as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e73fa4b644e17e520cc9836d4b235a5ae02e10a6a21addc2ae959832d4e08143_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e73fa4b644e17e520cc9836d4b235a5ae02e10a6a21addc2ae959832d4e08143_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1992f4b3414b6955295827e06e8e5e635f754eb3e0b52ca181e80add613d1ba4_s390x as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1992f4b3414b6955295827e06e8e5e635f754eb3e0b52ca181e80add613d1ba4_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1992f4b3414b6955295827e06e8e5e635f754eb3e0b52ca181e80add613d1ba4_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1cbde70be8f1035b0f45b02e0663c28aa444ea5bc2c8bca580ff164dcfff4196_amd64 as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1cbde70be8f1035b0f45b02e0663c28aa444ea5bc2c8bca580ff164dcfff4196_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1cbde70be8f1035b0f45b02e0663c28aa444ea5bc2c8bca580ff164dcfff4196_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:7fbb7d98b130e1dc6c9f5f440244a05bff22e34ab70f5e57e45d4b70e4e3f8da_arm64 as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:7fbb7d98b130e1dc6c9f5f440244a05bff22e34ab70f5e57e45d4b70e4e3f8da_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:7fbb7d98b130e1dc6c9f5f440244a05bff22e34ab70f5e57e45d4b70e4e3f8da_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:853107e7329e189ded3fc5ca657366e27010f468b1be813264efd9e2cf90c906_ppc64le as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:853107e7329e189ded3fc5ca657366e27010f468b1be813264efd9e2cf90c906_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:853107e7329e189ded3fc5ca657366e27010f468b1be813264efd9e2cf90c906_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:376ef09554debe6042424f2b4464922cf1aeb14d801fea5c81900d24ce028a39_ppc64le as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:376ef09554debe6042424f2b4464922cf1aeb14d801fea5c81900d24ce028a39_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:376ef09554debe6042424f2b4464922cf1aeb14d801fea5c81900d24ce028a39_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:4bb1a9bd246dac5d17ea6bb1556d7ebb87e794369f75913d3d197d2c55a48015_amd64 as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:4bb1a9bd246dac5d17ea6bb1556d7ebb87e794369f75913d3d197d2c55a48015_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:4bb1a9bd246dac5d17ea6bb1556d7ebb87e794369f75913d3d197d2c55a48015_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:54a92917be83722915ce05181652988342015eeb3e54fa3b4dd226d6fd493ccd_arm64 as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:54a92917be83722915ce05181652988342015eeb3e54fa3b4dd226d6fd493ccd_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:54a92917be83722915ce05181652988342015eeb3e54fa3b4dd226d6fd493ccd_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:de7cde72fcb72eccc9f5ea89eed7094e4c976c3e331c48ef450339323a326da1_s390x as a component of Red Hat OpenShift GitOps 1.18",
"product_id": "Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:de7cde72fcb72eccc9f5ea89eed7094e4c976c3e331c48ef450339323a326da1_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:de7cde72fcb72eccc9f5ea89eed7094e4c976c3e331c48ef450339323a326da1_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.18"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-13888",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"discovery_date": "2025-12-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:58b596569b8de68d7474d949fd30d9a1666f1f08ea81e8264b9132263b61377b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:d529b4bbae3cfcf25ea91a29d3c9eb701ef6a3a54e6e0c0117c649f3e4dbe2dc_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:ddc27dbea59c611ffb5394114a6c754397cc0032ba3487a3f03041ed34cfce30_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:f87ac5bb84230c4c34f5404adbc45347a295fb1e60095c2e4ad1e0ea126382b5_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:1ac33bdd539b1bf2033e27f3127badf1afd2d5fdeef9fd51f00feeffdd936f32_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:32ae33eb3d84b30020cb6732e5c84f76cbd2de6abdd7b42e72be887015c49d35_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a6141b3b5508dc9690ae15ebc3efd33a3fc71382a7dd449a954ffe181f8cd138_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a621f4cfd83907d57317ce941f470ba4b0fb5d599aab38db936e591dde426404_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:0330e4aab6eb9d7c54417d2a6c5aaf959319eb1c811ab91085570295dc19b258_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:259bb75abc6b464d9badf8b110ab239232152010ada0c407241fab47ecbbae6e_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:571c6d9d4e84c6fcd278e13f15e71b527b618ac7d98c477c516d91e0097ba40c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:8286093133d109fe0d852491fda66c66d893527f3364c587b6d09823088bcba6_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0eb572fc96ae2e1973ce43515f03121965600bb09ef0b995eb467f5965c2246c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1438757fd131c12d8ae3a1edb5757bc63114b882d00563be2857917611008418_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a333f6b8ae405b22c746a02bd38a125753a347e7e2c352ec690fa97388b3a40b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f8d8f51bd4aeba9dcfd4edad0720410d289ac0e7a2642c90128d506d69d42c77_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:0f883371ffee9d87547a4dc9524a35c5e6cce840a722bf3a01b1be3c1396fdb1_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:6e8d1e3c7bee9c2c2bee357af24bae34510fe6b87075b98f5be34e41dd70d152_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:779c33c3679e47ebca0af343ba6e26d2723cfc9affdcee4df54078ef68278016_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:88d55cc7ec87db114cc60c9c7a67e9c6a69aae69c30a6c076bd94f239a84498c_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:6f16630ff37a5e18b5f8eee782edd6ada351a60b41fdab1bbfda27ebb297135a_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:ae7a2d5c703f6caa7d4facffe3c141bed9739b88967f5a832cf9005b2f815561_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:b6c961fab1178fcc25126ac214d0a7e15bf5738291e2e16c4e05ec320e54fcca_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bca47a6bb7edb70b24927ea02484c91bc4ce35cc8ebb24f5d68cb28193e77fda_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:792cbe51a6e0f80d9a97b5a6a538a36f756467624144ad3af2c2da53f85db68c_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:a0236e0cf364d15553a77f0c12f8f8c0bb12ebf2c49c43c68da4f3f28b93e781_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ab7de39ebdcc363fe61d919ebf430d6e533ddc108075c19f9c9e6d71938bfd6e_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ed37ac2ef10a9107672556fe62e19020d470745a0ec04378ed840949c49a6234_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:a4e9887db8647c4e958df4725f08340a9c6a462cd18fd2bf9c9f1fc939649740_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1992f4b3414b6955295827e06e8e5e635f754eb3e0b52ca181e80add613d1ba4_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1cbde70be8f1035b0f45b02e0663c28aa444ea5bc2c8bca580ff164dcfff4196_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:7fbb7d98b130e1dc6c9f5f440244a05bff22e34ab70f5e57e45d4b70e4e3f8da_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:853107e7329e189ded3fc5ca657366e27010f468b1be813264efd9e2cf90c906_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:376ef09554debe6042424f2b4464922cf1aeb14d801fea5c81900d24ce028a39_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:4bb1a9bd246dac5d17ea6bb1556d7ebb87e794369f75913d3d197d2c55a48015_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:54a92917be83722915ce05181652988342015eeb3e54fa3b4dd226d6fd493ccd_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:de7cde72fcb72eccc9f5ea89eed7094e4c976c3e331c48ef450339323a326da1_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418361"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources (CRs) that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged workloads that run on master nodes, effectively giving them root access to the entire cluster.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openshift-gitops-operator: OpenShift GitOps: Namespace Admin Cluster Takeover via Privileged Jobs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this vulnerability as Important instead of Critical. While full cluster compromise is possible, it requires the attacker to already possess authenticated namespace administrator credentials, reducing the attack surface to authorized internal users rather than external attackers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:10aa721d5a3c55fad979603898fa3b5d504c4911559b8615edfce9a5d0653ff0_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:3cde1fe9926ec2d6d7618cee7a053b1f66c8ebe1a5f6d9e097914b3d3d6f8ca1_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:43ba408b8ed58259bf338fd29260d936fbde9846f772d0580b3e7486ef8ea300_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e73fa4b644e17e520cc9836d4b235a5ae02e10a6a21addc2ae959832d4e08143_s390x"
],
"known_not_affected": [
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:58b596569b8de68d7474d949fd30d9a1666f1f08ea81e8264b9132263b61377b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:d529b4bbae3cfcf25ea91a29d3c9eb701ef6a3a54e6e0c0117c649f3e4dbe2dc_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:ddc27dbea59c611ffb5394114a6c754397cc0032ba3487a3f03041ed34cfce30_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:f87ac5bb84230c4c34f5404adbc45347a295fb1e60095c2e4ad1e0ea126382b5_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:1ac33bdd539b1bf2033e27f3127badf1afd2d5fdeef9fd51f00feeffdd936f32_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:32ae33eb3d84b30020cb6732e5c84f76cbd2de6abdd7b42e72be887015c49d35_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a6141b3b5508dc9690ae15ebc3efd33a3fc71382a7dd449a954ffe181f8cd138_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a621f4cfd83907d57317ce941f470ba4b0fb5d599aab38db936e591dde426404_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:0330e4aab6eb9d7c54417d2a6c5aaf959319eb1c811ab91085570295dc19b258_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:259bb75abc6b464d9badf8b110ab239232152010ada0c407241fab47ecbbae6e_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:571c6d9d4e84c6fcd278e13f15e71b527b618ac7d98c477c516d91e0097ba40c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:8286093133d109fe0d852491fda66c66d893527f3364c587b6d09823088bcba6_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0eb572fc96ae2e1973ce43515f03121965600bb09ef0b995eb467f5965c2246c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1438757fd131c12d8ae3a1edb5757bc63114b882d00563be2857917611008418_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a333f6b8ae405b22c746a02bd38a125753a347e7e2c352ec690fa97388b3a40b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f8d8f51bd4aeba9dcfd4edad0720410d289ac0e7a2642c90128d506d69d42c77_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:0f883371ffee9d87547a4dc9524a35c5e6cce840a722bf3a01b1be3c1396fdb1_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:6e8d1e3c7bee9c2c2bee357af24bae34510fe6b87075b98f5be34e41dd70d152_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:779c33c3679e47ebca0af343ba6e26d2723cfc9affdcee4df54078ef68278016_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:88d55cc7ec87db114cc60c9c7a67e9c6a69aae69c30a6c076bd94f239a84498c_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:6f16630ff37a5e18b5f8eee782edd6ada351a60b41fdab1bbfda27ebb297135a_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:ae7a2d5c703f6caa7d4facffe3c141bed9739b88967f5a832cf9005b2f815561_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:b6c961fab1178fcc25126ac214d0a7e15bf5738291e2e16c4e05ec320e54fcca_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bca47a6bb7edb70b24927ea02484c91bc4ce35cc8ebb24f5d68cb28193e77fda_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:792cbe51a6e0f80d9a97b5a6a538a36f756467624144ad3af2c2da53f85db68c_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:a0236e0cf364d15553a77f0c12f8f8c0bb12ebf2c49c43c68da4f3f28b93e781_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ab7de39ebdcc363fe61d919ebf430d6e533ddc108075c19f9c9e6d71938bfd6e_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ed37ac2ef10a9107672556fe62e19020d470745a0ec04378ed840949c49a6234_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:a4e9887db8647c4e958df4725f08340a9c6a462cd18fd2bf9c9f1fc939649740_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1992f4b3414b6955295827e06e8e5e635f754eb3e0b52ca181e80add613d1ba4_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1cbde70be8f1035b0f45b02e0663c28aa444ea5bc2c8bca580ff164dcfff4196_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:7fbb7d98b130e1dc6c9f5f440244a05bff22e34ab70f5e57e45d4b70e4e3f8da_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:853107e7329e189ded3fc5ca657366e27010f468b1be813264efd9e2cf90c906_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:376ef09554debe6042424f2b4464922cf1aeb14d801fea5c81900d24ce028a39_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:4bb1a9bd246dac5d17ea6bb1556d7ebb87e794369f75913d3d197d2c55a48015_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:54a92917be83722915ce05181652988342015eeb3e54fa3b4dd226d6fd493ccd_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:de7cde72fcb72eccc9f5ea89eed7094e4c976c3e331c48ef450339323a326da1_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13888"
},
{
"category": "external",
"summary": "RHBZ#2418361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418361"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13888",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13888"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13888",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13888"
},
{
"category": "external",
"summary": "https://github.com/redhat-developer/gitops-operator/commit/bc6ac3e03d7c8b3db5d8f1770c868396a4c2dcef",
"url": "https://github.com/redhat-developer/gitops-operator/commit/bc6ac3e03d7c8b3db5d8f1770c868396a4c2dcef"
},
{
"category": "external",
"summary": "https://github.com/redhat-developer/gitops-operator/pull/897",
"url": "https://github.com/redhat-developer/gitops-operator/pull/897"
},
{
"category": "external",
"summary": "https://github.com/redhat-developer/gitops-operator/releases/tag/v1.16.2",
"url": "https://github.com/redhat-developer/gitops-operator/releases/tag/v1.16.2"
}
],
"release_date": "2025-12-15T13:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T15:47:03+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:10aa721d5a3c55fad979603898fa3b5d504c4911559b8615edfce9a5d0653ff0_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:3cde1fe9926ec2d6d7618cee7a053b1f66c8ebe1a5f6d9e097914b3d3d6f8ca1_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:43ba408b8ed58259bf338fd29260d936fbde9846f772d0580b3e7486ef8ea300_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e73fa4b644e17e520cc9836d4b235a5ae02e10a6a21addc2ae959832d4e08143_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:58b596569b8de68d7474d949fd30d9a1666f1f08ea81e8264b9132263b61377b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:d529b4bbae3cfcf25ea91a29d3c9eb701ef6a3a54e6e0c0117c649f3e4dbe2dc_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:ddc27dbea59c611ffb5394114a6c754397cc0032ba3487a3f03041ed34cfce30_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:f87ac5bb84230c4c34f5404adbc45347a295fb1e60095c2e4ad1e0ea126382b5_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:1ac33bdd539b1bf2033e27f3127badf1afd2d5fdeef9fd51f00feeffdd936f32_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:32ae33eb3d84b30020cb6732e5c84f76cbd2de6abdd7b42e72be887015c49d35_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a6141b3b5508dc9690ae15ebc3efd33a3fc71382a7dd449a954ffe181f8cd138_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a621f4cfd83907d57317ce941f470ba4b0fb5d599aab38db936e591dde426404_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:0330e4aab6eb9d7c54417d2a6c5aaf959319eb1c811ab91085570295dc19b258_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:259bb75abc6b464d9badf8b110ab239232152010ada0c407241fab47ecbbae6e_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:571c6d9d4e84c6fcd278e13f15e71b527b618ac7d98c477c516d91e0097ba40c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:8286093133d109fe0d852491fda66c66d893527f3364c587b6d09823088bcba6_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0eb572fc96ae2e1973ce43515f03121965600bb09ef0b995eb467f5965c2246c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1438757fd131c12d8ae3a1edb5757bc63114b882d00563be2857917611008418_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a333f6b8ae405b22c746a02bd38a125753a347e7e2c352ec690fa97388b3a40b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f8d8f51bd4aeba9dcfd4edad0720410d289ac0e7a2642c90128d506d69d42c77_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:0f883371ffee9d87547a4dc9524a35c5e6cce840a722bf3a01b1be3c1396fdb1_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:6e8d1e3c7bee9c2c2bee357af24bae34510fe6b87075b98f5be34e41dd70d152_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:779c33c3679e47ebca0af343ba6e26d2723cfc9affdcee4df54078ef68278016_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:88d55cc7ec87db114cc60c9c7a67e9c6a69aae69c30a6c076bd94f239a84498c_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:6f16630ff37a5e18b5f8eee782edd6ada351a60b41fdab1bbfda27ebb297135a_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:ae7a2d5c703f6caa7d4facffe3c141bed9739b88967f5a832cf9005b2f815561_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:b6c961fab1178fcc25126ac214d0a7e15bf5738291e2e16c4e05ec320e54fcca_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bca47a6bb7edb70b24927ea02484c91bc4ce35cc8ebb24f5d68cb28193e77fda_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:792cbe51a6e0f80d9a97b5a6a538a36f756467624144ad3af2c2da53f85db68c_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:a0236e0cf364d15553a77f0c12f8f8c0bb12ebf2c49c43c68da4f3f28b93e781_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ab7de39ebdcc363fe61d919ebf430d6e533ddc108075c19f9c9e6d71938bfd6e_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ed37ac2ef10a9107672556fe62e19020d470745a0ec04378ed840949c49a6234_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:a4e9887db8647c4e958df4725f08340a9c6a462cd18fd2bf9c9f1fc939649740_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:10aa721d5a3c55fad979603898fa3b5d504c4911559b8615edfce9a5d0653ff0_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:3cde1fe9926ec2d6d7618cee7a053b1f66c8ebe1a5f6d9e097914b3d3d6f8ca1_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:43ba408b8ed58259bf338fd29260d936fbde9846f772d0580b3e7486ef8ea300_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e73fa4b644e17e520cc9836d4b235a5ae02e10a6a21addc2ae959832d4e08143_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1992f4b3414b6955295827e06e8e5e635f754eb3e0b52ca181e80add613d1ba4_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1cbde70be8f1035b0f45b02e0663c28aa444ea5bc2c8bca580ff164dcfff4196_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:7fbb7d98b130e1dc6c9f5f440244a05bff22e34ab70f5e57e45d4b70e4e3f8da_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:853107e7329e189ded3fc5ca657366e27010f468b1be813264efd9e2cf90c906_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:376ef09554debe6042424f2b4464922cf1aeb14d801fea5c81900d24ce028a39_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:4bb1a9bd246dac5d17ea6bb1556d7ebb87e794369f75913d3d197d2c55a48015_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:54a92917be83722915ce05181652988342015eeb3e54fa3b4dd226d6fd493ccd_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:de7cde72fcb72eccc9f5ea89eed7094e4c976c3e331c48ef450339323a326da1_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openshift-gitops-operator: OpenShift GitOps: Namespace Admin Cluster Takeover via Privileged Jobs"
},
{
"cve": "CVE-2025-47913",
"discovery_date": "2025-11-13T22:01:26.092452+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:58b596569b8de68d7474d949fd30d9a1666f1f08ea81e8264b9132263b61377b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:d529b4bbae3cfcf25ea91a29d3c9eb701ef6a3a54e6e0c0117c649f3e4dbe2dc_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:ddc27dbea59c611ffb5394114a6c754397cc0032ba3487a3f03041ed34cfce30_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:f87ac5bb84230c4c34f5404adbc45347a295fb1e60095c2e4ad1e0ea126382b5_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:0330e4aab6eb9d7c54417d2a6c5aaf959319eb1c811ab91085570295dc19b258_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:259bb75abc6b464d9badf8b110ab239232152010ada0c407241fab47ecbbae6e_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:571c6d9d4e84c6fcd278e13f15e71b527b618ac7d98c477c516d91e0097ba40c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:8286093133d109fe0d852491fda66c66d893527f3364c587b6d09823088bcba6_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0eb572fc96ae2e1973ce43515f03121965600bb09ef0b995eb467f5965c2246c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1438757fd131c12d8ae3a1edb5757bc63114b882d00563be2857917611008418_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a333f6b8ae405b22c746a02bd38a125753a347e7e2c352ec690fa97388b3a40b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f8d8f51bd4aeba9dcfd4edad0720410d289ac0e7a2642c90128d506d69d42c77_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:0f883371ffee9d87547a4dc9524a35c5e6cce840a722bf3a01b1be3c1396fdb1_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:6e8d1e3c7bee9c2c2bee357af24bae34510fe6b87075b98f5be34e41dd70d152_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:779c33c3679e47ebca0af343ba6e26d2723cfc9affdcee4df54078ef68278016_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:88d55cc7ec87db114cc60c9c7a67e9c6a69aae69c30a6c076bd94f239a84498c_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:6f16630ff37a5e18b5f8eee782edd6ada351a60b41fdab1bbfda27ebb297135a_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:ae7a2d5c703f6caa7d4facffe3c141bed9739b88967f5a832cf9005b2f815561_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:b6c961fab1178fcc25126ac214d0a7e15bf5738291e2e16c4e05ec320e54fcca_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bca47a6bb7edb70b24927ea02484c91bc4ce35cc8ebb24f5d68cb28193e77fda_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:792cbe51a6e0f80d9a97b5a6a538a36f756467624144ad3af2c2da53f85db68c_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:a0236e0cf364d15553a77f0c12f8f8c0bb12ebf2c49c43c68da4f3f28b93e781_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ab7de39ebdcc363fe61d919ebf430d6e533ddc108075c19f9c9e6d71938bfd6e_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ed37ac2ef10a9107672556fe62e19020d470745a0ec04378ed840949c49a6234_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:a4e9887db8647c4e958df4725f08340a9c6a462cd18fd2bf9c9f1fc939649740_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:10aa721d5a3c55fad979603898fa3b5d504c4911559b8615edfce9a5d0653ff0_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:3cde1fe9926ec2d6d7618cee7a053b1f66c8ebe1a5f6d9e097914b3d3d6f8ca1_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:43ba408b8ed58259bf338fd29260d936fbde9846f772d0580b3e7486ef8ea300_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e73fa4b644e17e520cc9836d4b235a5ae02e10a6a21addc2ae959832d4e08143_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1992f4b3414b6955295827e06e8e5e635f754eb3e0b52ca181e80add613d1ba4_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1cbde70be8f1035b0f45b02e0663c28aa444ea5bc2c8bca580ff164dcfff4196_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:7fbb7d98b130e1dc6c9f5f440244a05bff22e34ab70f5e57e45d4b70e4e3f8da_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:853107e7329e189ded3fc5ca657366e27010f468b1be813264efd9e2cf90c906_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:376ef09554debe6042424f2b4464922cf1aeb14d801fea5c81900d24ce028a39_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:4bb1a9bd246dac5d17ea6bb1556d7ebb87e794369f75913d3d197d2c55a48015_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:54a92917be83722915ce05181652988342015eeb3e54fa3b4dd226d6fd493ccd_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:de7cde72fcb72eccc9f5ea89eed7094e4c976c3e331c48ef450339323a326da1_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2414943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSH_AGENT_SUCCESS (0x06) message to requests expecting typed replies (e.g., List, Sign). The unmarshal layer produces an unexpected message type, which the client code does not handle, leading to panic(\"unreachable\") or a nil-pointer dereference. A malicious agent or forwarded connection can exploit this to terminate the client process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability was marked as Important because it allows any malicious or misbehaving SSH agent to force a crash in the client process using a single valid protocol byte. The panic occurs before the client has a chance to validate message structure or recover, which means an attacker controlling\u2014or intercepting\u2014SSH agent traffic can reliably terminate processes that rely on agent interactions. In environments where SSH agents operate over forwarded sockets, shared workspaces, or CI/CD runners, this turns into a reliable, unauthenticated remote denial of service against critical automation or developer tooling. The flaw also stems from unsafe assumptions in the unmarshalling logic, where unexpected but protocol-legal message types drop into \u201cunreachable\u201d code paths instead of being handled gracefully\u2014making it a design-level reliability break rather than a simple error-handling bug. For this reason, it is rated as an important availability-impacting vulnerability rather than a moderate issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:1ac33bdd539b1bf2033e27f3127badf1afd2d5fdeef9fd51f00feeffdd936f32_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:32ae33eb3d84b30020cb6732e5c84f76cbd2de6abdd7b42e72be887015c49d35_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a6141b3b5508dc9690ae15ebc3efd33a3fc71382a7dd449a954ffe181f8cd138_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a621f4cfd83907d57317ce941f470ba4b0fb5d599aab38db936e591dde426404_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:58b596569b8de68d7474d949fd30d9a1666f1f08ea81e8264b9132263b61377b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:d529b4bbae3cfcf25ea91a29d3c9eb701ef6a3a54e6e0c0117c649f3e4dbe2dc_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:ddc27dbea59c611ffb5394114a6c754397cc0032ba3487a3f03041ed34cfce30_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:f87ac5bb84230c4c34f5404adbc45347a295fb1e60095c2e4ad1e0ea126382b5_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:0330e4aab6eb9d7c54417d2a6c5aaf959319eb1c811ab91085570295dc19b258_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:259bb75abc6b464d9badf8b110ab239232152010ada0c407241fab47ecbbae6e_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:571c6d9d4e84c6fcd278e13f15e71b527b618ac7d98c477c516d91e0097ba40c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:8286093133d109fe0d852491fda66c66d893527f3364c587b6d09823088bcba6_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0eb572fc96ae2e1973ce43515f03121965600bb09ef0b995eb467f5965c2246c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1438757fd131c12d8ae3a1edb5757bc63114b882d00563be2857917611008418_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a333f6b8ae405b22c746a02bd38a125753a347e7e2c352ec690fa97388b3a40b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f8d8f51bd4aeba9dcfd4edad0720410d289ac0e7a2642c90128d506d69d42c77_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:0f883371ffee9d87547a4dc9524a35c5e6cce840a722bf3a01b1be3c1396fdb1_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:6e8d1e3c7bee9c2c2bee357af24bae34510fe6b87075b98f5be34e41dd70d152_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:779c33c3679e47ebca0af343ba6e26d2723cfc9affdcee4df54078ef68278016_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:88d55cc7ec87db114cc60c9c7a67e9c6a69aae69c30a6c076bd94f239a84498c_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:6f16630ff37a5e18b5f8eee782edd6ada351a60b41fdab1bbfda27ebb297135a_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:ae7a2d5c703f6caa7d4facffe3c141bed9739b88967f5a832cf9005b2f815561_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:b6c961fab1178fcc25126ac214d0a7e15bf5738291e2e16c4e05ec320e54fcca_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bca47a6bb7edb70b24927ea02484c91bc4ce35cc8ebb24f5d68cb28193e77fda_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:792cbe51a6e0f80d9a97b5a6a538a36f756467624144ad3af2c2da53f85db68c_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:a0236e0cf364d15553a77f0c12f8f8c0bb12ebf2c49c43c68da4f3f28b93e781_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ab7de39ebdcc363fe61d919ebf430d6e533ddc108075c19f9c9e6d71938bfd6e_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ed37ac2ef10a9107672556fe62e19020d470745a0ec04378ed840949c49a6234_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:a4e9887db8647c4e958df4725f08340a9c6a462cd18fd2bf9c9f1fc939649740_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:10aa721d5a3c55fad979603898fa3b5d504c4911559b8615edfce9a5d0653ff0_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:3cde1fe9926ec2d6d7618cee7a053b1f66c8ebe1a5f6d9e097914b3d3d6f8ca1_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:43ba408b8ed58259bf338fd29260d936fbde9846f772d0580b3e7486ef8ea300_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e73fa4b644e17e520cc9836d4b235a5ae02e10a6a21addc2ae959832d4e08143_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1992f4b3414b6955295827e06e8e5e635f754eb3e0b52ca181e80add613d1ba4_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1cbde70be8f1035b0f45b02e0663c28aa444ea5bc2c8bca580ff164dcfff4196_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:7fbb7d98b130e1dc6c9f5f440244a05bff22e34ab70f5e57e45d4b70e4e3f8da_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:853107e7329e189ded3fc5ca657366e27010f468b1be813264efd9e2cf90c906_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:376ef09554debe6042424f2b4464922cf1aeb14d801fea5c81900d24ce028a39_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:4bb1a9bd246dac5d17ea6bb1556d7ebb87e794369f75913d3d197d2c55a48015_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:54a92917be83722915ce05181652988342015eeb3e54fa3b4dd226d6fd493ccd_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:de7cde72fcb72eccc9f5ea89eed7094e4c976c3e331c48ef450339323a326da1_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "RHBZ#2414943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-hcg3-q754-cr77",
"url": "https://github.com/advisories/GHSA-hcg3-q754-cr77"
},
{
"category": "external",
"summary": "https://go.dev/cl/700295",
"url": "https://go.dev/cl/700295"
},
{
"category": "external",
"summary": "https://go.dev/issue/75178",
"url": "https://go.dev/issue/75178"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4116",
"url": "https://pkg.go.dev/vuln/GO-2025-4116"
}
],
"release_date": "2025-11-13T21:29:39.907000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T15:47:03+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:1ac33bdd539b1bf2033e27f3127badf1afd2d5fdeef9fd51f00feeffdd936f32_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:32ae33eb3d84b30020cb6732e5c84f76cbd2de6abdd7b42e72be887015c49d35_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a6141b3b5508dc9690ae15ebc3efd33a3fc71382a7dd449a954ffe181f8cd138_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a621f4cfd83907d57317ce941f470ba4b0fb5d599aab38db936e591dde426404_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1017"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:58b596569b8de68d7474d949fd30d9a1666f1f08ea81e8264b9132263b61377b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:d529b4bbae3cfcf25ea91a29d3c9eb701ef6a3a54e6e0c0117c649f3e4dbe2dc_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:ddc27dbea59c611ffb5394114a6c754397cc0032ba3487a3f03041ed34cfce30_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:f87ac5bb84230c4c34f5404adbc45347a295fb1e60095c2e4ad1e0ea126382b5_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:1ac33bdd539b1bf2033e27f3127badf1afd2d5fdeef9fd51f00feeffdd936f32_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:32ae33eb3d84b30020cb6732e5c84f76cbd2de6abdd7b42e72be887015c49d35_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a6141b3b5508dc9690ae15ebc3efd33a3fc71382a7dd449a954ffe181f8cd138_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a621f4cfd83907d57317ce941f470ba4b0fb5d599aab38db936e591dde426404_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:0330e4aab6eb9d7c54417d2a6c5aaf959319eb1c811ab91085570295dc19b258_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:259bb75abc6b464d9badf8b110ab239232152010ada0c407241fab47ecbbae6e_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:571c6d9d4e84c6fcd278e13f15e71b527b618ac7d98c477c516d91e0097ba40c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:8286093133d109fe0d852491fda66c66d893527f3364c587b6d09823088bcba6_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0eb572fc96ae2e1973ce43515f03121965600bb09ef0b995eb467f5965c2246c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1438757fd131c12d8ae3a1edb5757bc63114b882d00563be2857917611008418_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a333f6b8ae405b22c746a02bd38a125753a347e7e2c352ec690fa97388b3a40b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f8d8f51bd4aeba9dcfd4edad0720410d289ac0e7a2642c90128d506d69d42c77_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:0f883371ffee9d87547a4dc9524a35c5e6cce840a722bf3a01b1be3c1396fdb1_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:6e8d1e3c7bee9c2c2bee357af24bae34510fe6b87075b98f5be34e41dd70d152_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:779c33c3679e47ebca0af343ba6e26d2723cfc9affdcee4df54078ef68278016_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:88d55cc7ec87db114cc60c9c7a67e9c6a69aae69c30a6c076bd94f239a84498c_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:6f16630ff37a5e18b5f8eee782edd6ada351a60b41fdab1bbfda27ebb297135a_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:ae7a2d5c703f6caa7d4facffe3c141bed9739b88967f5a832cf9005b2f815561_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:b6c961fab1178fcc25126ac214d0a7e15bf5738291e2e16c4e05ec320e54fcca_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bca47a6bb7edb70b24927ea02484c91bc4ce35cc8ebb24f5d68cb28193e77fda_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:792cbe51a6e0f80d9a97b5a6a538a36f756467624144ad3af2c2da53f85db68c_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:a0236e0cf364d15553a77f0c12f8f8c0bb12ebf2c49c43c68da4f3f28b93e781_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ab7de39ebdcc363fe61d919ebf430d6e533ddc108075c19f9c9e6d71938bfd6e_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ed37ac2ef10a9107672556fe62e19020d470745a0ec04378ed840949c49a6234_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:a4e9887db8647c4e958df4725f08340a9c6a462cd18fd2bf9c9f1fc939649740_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:10aa721d5a3c55fad979603898fa3b5d504c4911559b8615edfce9a5d0653ff0_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:3cde1fe9926ec2d6d7618cee7a053b1f66c8ebe1a5f6d9e097914b3d3d6f8ca1_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:43ba408b8ed58259bf338fd29260d936fbde9846f772d0580b3e7486ef8ea300_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e73fa4b644e17e520cc9836d4b235a5ae02e10a6a21addc2ae959832d4e08143_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1992f4b3414b6955295827e06e8e5e635f754eb3e0b52ca181e80add613d1ba4_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1cbde70be8f1035b0f45b02e0663c28aa444ea5bc2c8bca580ff164dcfff4196_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:7fbb7d98b130e1dc6c9f5f440244a05bff22e34ab70f5e57e45d4b70e4e3f8da_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:853107e7329e189ded3fc5ca657366e27010f468b1be813264efd9e2cf90c906_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:376ef09554debe6042424f2b4464922cf1aeb14d801fea5c81900d24ce028a39_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:4bb1a9bd246dac5d17ea6bb1556d7ebb87e794369f75913d3d197d2c55a48015_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:54a92917be83722915ce05181652988342015eeb3e54fa3b4dd226d6fd493ccd_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:de7cde72fcb72eccc9f5ea89eed7094e4c976c3e331c48ef450339323a326da1_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:58b596569b8de68d7474d949fd30d9a1666f1f08ea81e8264b9132263b61377b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:d529b4bbae3cfcf25ea91a29d3c9eb701ef6a3a54e6e0c0117c649f3e4dbe2dc_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:ddc27dbea59c611ffb5394114a6c754397cc0032ba3487a3f03041ed34cfce30_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:f87ac5bb84230c4c34f5404adbc45347a295fb1e60095c2e4ad1e0ea126382b5_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:1ac33bdd539b1bf2033e27f3127badf1afd2d5fdeef9fd51f00feeffdd936f32_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:32ae33eb3d84b30020cb6732e5c84f76cbd2de6abdd7b42e72be887015c49d35_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a6141b3b5508dc9690ae15ebc3efd33a3fc71382a7dd449a954ffe181f8cd138_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a621f4cfd83907d57317ce941f470ba4b0fb5d599aab38db936e591dde426404_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:0330e4aab6eb9d7c54417d2a6c5aaf959319eb1c811ab91085570295dc19b258_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:259bb75abc6b464d9badf8b110ab239232152010ada0c407241fab47ecbbae6e_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:571c6d9d4e84c6fcd278e13f15e71b527b618ac7d98c477c516d91e0097ba40c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:8286093133d109fe0d852491fda66c66d893527f3364c587b6d09823088bcba6_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0eb572fc96ae2e1973ce43515f03121965600bb09ef0b995eb467f5965c2246c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1438757fd131c12d8ae3a1edb5757bc63114b882d00563be2857917611008418_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a333f6b8ae405b22c746a02bd38a125753a347e7e2c352ec690fa97388b3a40b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f8d8f51bd4aeba9dcfd4edad0720410d289ac0e7a2642c90128d506d69d42c77_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:0f883371ffee9d87547a4dc9524a35c5e6cce840a722bf3a01b1be3c1396fdb1_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:6e8d1e3c7bee9c2c2bee357af24bae34510fe6b87075b98f5be34e41dd70d152_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:779c33c3679e47ebca0af343ba6e26d2723cfc9affdcee4df54078ef68278016_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:88d55cc7ec87db114cc60c9c7a67e9c6a69aae69c30a6c076bd94f239a84498c_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:6f16630ff37a5e18b5f8eee782edd6ada351a60b41fdab1bbfda27ebb297135a_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:ae7a2d5c703f6caa7d4facffe3c141bed9739b88967f5a832cf9005b2f815561_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:b6c961fab1178fcc25126ac214d0a7e15bf5738291e2e16c4e05ec320e54fcca_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bca47a6bb7edb70b24927ea02484c91bc4ce35cc8ebb24f5d68cb28193e77fda_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:792cbe51a6e0f80d9a97b5a6a538a36f756467624144ad3af2c2da53f85db68c_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:a0236e0cf364d15553a77f0c12f8f8c0bb12ebf2c49c43c68da4f3f28b93e781_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ab7de39ebdcc363fe61d919ebf430d6e533ddc108075c19f9c9e6d71938bfd6e_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ed37ac2ef10a9107672556fe62e19020d470745a0ec04378ed840949c49a6234_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:a4e9887db8647c4e958df4725f08340a9c6a462cd18fd2bf9c9f1fc939649740_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:10aa721d5a3c55fad979603898fa3b5d504c4911559b8615edfce9a5d0653ff0_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:3cde1fe9926ec2d6d7618cee7a053b1f66c8ebe1a5f6d9e097914b3d3d6f8ca1_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:43ba408b8ed58259bf338fd29260d936fbde9846f772d0580b3e7486ef8ea300_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e73fa4b644e17e520cc9836d4b235a5ae02e10a6a21addc2ae959832d4e08143_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1992f4b3414b6955295827e06e8e5e635f754eb3e0b52ca181e80add613d1ba4_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1cbde70be8f1035b0f45b02e0663c28aa444ea5bc2c8bca580ff164dcfff4196_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:7fbb7d98b130e1dc6c9f5f440244a05bff22e34ab70f5e57e45d4b70e4e3f8da_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:853107e7329e189ded3fc5ca657366e27010f468b1be813264efd9e2cf90c906_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:376ef09554debe6042424f2b4464922cf1aeb14d801fea5c81900d24ce028a39_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:4bb1a9bd246dac5d17ea6bb1556d7ebb87e794369f75913d3d197d2c55a48015_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:54a92917be83722915ce05181652988342015eeb3e54fa3b4dd226d6fd493ccd_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:de7cde72fcb72eccc9f5ea89eed7094e4c976c3e331c48ef450339323a326da1_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS"
},
{
"cve": "CVE-2025-55190",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"discovery_date": "2025-08-21T07:09:49.658000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:58b596569b8de68d7474d949fd30d9a1666f1f08ea81e8264b9132263b61377b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:d529b4bbae3cfcf25ea91a29d3c9eb701ef6a3a54e6e0c0117c649f3e4dbe2dc_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:ddc27dbea59c611ffb5394114a6c754397cc0032ba3487a3f03041ed34cfce30_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:f87ac5bb84230c4c34f5404adbc45347a295fb1e60095c2e4ad1e0ea126382b5_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:1ac33bdd539b1bf2033e27f3127badf1afd2d5fdeef9fd51f00feeffdd936f32_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:32ae33eb3d84b30020cb6732e5c84f76cbd2de6abdd7b42e72be887015c49d35_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a6141b3b5508dc9690ae15ebc3efd33a3fc71382a7dd449a954ffe181f8cd138_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a621f4cfd83907d57317ce941f470ba4b0fb5d599aab38db936e591dde426404_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:0330e4aab6eb9d7c54417d2a6c5aaf959319eb1c811ab91085570295dc19b258_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:259bb75abc6b464d9badf8b110ab239232152010ada0c407241fab47ecbbae6e_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:571c6d9d4e84c6fcd278e13f15e71b527b618ac7d98c477c516d91e0097ba40c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:8286093133d109fe0d852491fda66c66d893527f3364c587b6d09823088bcba6_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0eb572fc96ae2e1973ce43515f03121965600bb09ef0b995eb467f5965c2246c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1438757fd131c12d8ae3a1edb5757bc63114b882d00563be2857917611008418_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a333f6b8ae405b22c746a02bd38a125753a347e7e2c352ec690fa97388b3a40b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f8d8f51bd4aeba9dcfd4edad0720410d289ac0e7a2642c90128d506d69d42c77_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:0f883371ffee9d87547a4dc9524a35c5e6cce840a722bf3a01b1be3c1396fdb1_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:6e8d1e3c7bee9c2c2bee357af24bae34510fe6b87075b98f5be34e41dd70d152_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:779c33c3679e47ebca0af343ba6e26d2723cfc9affdcee4df54078ef68278016_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:88d55cc7ec87db114cc60c9c7a67e9c6a69aae69c30a6c076bd94f239a84498c_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:6f16630ff37a5e18b5f8eee782edd6ada351a60b41fdab1bbfda27ebb297135a_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:ae7a2d5c703f6caa7d4facffe3c141bed9739b88967f5a832cf9005b2f815561_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:b6c961fab1178fcc25126ac214d0a7e15bf5738291e2e16c4e05ec320e54fcca_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bca47a6bb7edb70b24927ea02484c91bc4ce35cc8ebb24f5d68cb28193e77fda_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:792cbe51a6e0f80d9a97b5a6a538a36f756467624144ad3af2c2da53f85db68c_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:a0236e0cf364d15553a77f0c12f8f8c0bb12ebf2c49c43c68da4f3f28b93e781_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ab7de39ebdcc363fe61d919ebf430d6e533ddc108075c19f9c9e6d71938bfd6e_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ed37ac2ef10a9107672556fe62e19020d470745a0ec04378ed840949c49a6234_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:a4e9887db8647c4e958df4725f08340a9c6a462cd18fd2bf9c9f1fc939649740_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:10aa721d5a3c55fad979603898fa3b5d504c4911559b8615edfce9a5d0653ff0_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:3cde1fe9926ec2d6d7618cee7a053b1f66c8ebe1a5f6d9e097914b3d3d6f8ca1_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:43ba408b8ed58259bf338fd29260d936fbde9846f772d0580b3e7486ef8ea300_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e73fa4b644e17e520cc9836d4b235a5ae02e10a6a21addc2ae959832d4e08143_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:376ef09554debe6042424f2b4464922cf1aeb14d801fea5c81900d24ce028a39_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:4bb1a9bd246dac5d17ea6bb1556d7ebb87e794369f75913d3d197d2c55a48015_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:54a92917be83722915ce05181652988342015eeb3e54fa3b4dd226d6fd493ccd_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:de7cde72fcb72eccc9f5ea89eed7094e4c976c3e331c48ef450339323a326da1_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2390026"
}
],
"notes": [
{
"category": "description",
"text": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive repository credentials (usernames, passwords) through the project details API endpoint, even when the token only has standard application management permissions and no explicit access to secrets. This vulnerability does not only affect project-level permissions. Any token with project get permissions is also vulnerable, including global permissions such as: `p, role/user, projects, get, *, allow`. This issue is fixed in versions 2.13.9, 2.14.16, 3.0.14 and 3.1.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/argoproj/argo-cd: Project API Token Exposes Repository Credentials",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has Important impact as exploitation requires some privileges granted by the system. An attacker would either need the ability to create an API token (via having valid login credentials) or to have stolen an API token from a legitimate user. It does not grant full control over the system, attackers can only tamper with the project(s) associated with an API token.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1992f4b3414b6955295827e06e8e5e635f754eb3e0b52ca181e80add613d1ba4_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1cbde70be8f1035b0f45b02e0663c28aa444ea5bc2c8bca580ff164dcfff4196_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:7fbb7d98b130e1dc6c9f5f440244a05bff22e34ab70f5e57e45d4b70e4e3f8da_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:853107e7329e189ded3fc5ca657366e27010f468b1be813264efd9e2cf90c906_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:58b596569b8de68d7474d949fd30d9a1666f1f08ea81e8264b9132263b61377b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:d529b4bbae3cfcf25ea91a29d3c9eb701ef6a3a54e6e0c0117c649f3e4dbe2dc_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:ddc27dbea59c611ffb5394114a6c754397cc0032ba3487a3f03041ed34cfce30_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:f87ac5bb84230c4c34f5404adbc45347a295fb1e60095c2e4ad1e0ea126382b5_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:1ac33bdd539b1bf2033e27f3127badf1afd2d5fdeef9fd51f00feeffdd936f32_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:32ae33eb3d84b30020cb6732e5c84f76cbd2de6abdd7b42e72be887015c49d35_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a6141b3b5508dc9690ae15ebc3efd33a3fc71382a7dd449a954ffe181f8cd138_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a621f4cfd83907d57317ce941f470ba4b0fb5d599aab38db936e591dde426404_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:0330e4aab6eb9d7c54417d2a6c5aaf959319eb1c811ab91085570295dc19b258_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:259bb75abc6b464d9badf8b110ab239232152010ada0c407241fab47ecbbae6e_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:571c6d9d4e84c6fcd278e13f15e71b527b618ac7d98c477c516d91e0097ba40c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:8286093133d109fe0d852491fda66c66d893527f3364c587b6d09823088bcba6_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0eb572fc96ae2e1973ce43515f03121965600bb09ef0b995eb467f5965c2246c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1438757fd131c12d8ae3a1edb5757bc63114b882d00563be2857917611008418_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a333f6b8ae405b22c746a02bd38a125753a347e7e2c352ec690fa97388b3a40b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f8d8f51bd4aeba9dcfd4edad0720410d289ac0e7a2642c90128d506d69d42c77_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:0f883371ffee9d87547a4dc9524a35c5e6cce840a722bf3a01b1be3c1396fdb1_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:6e8d1e3c7bee9c2c2bee357af24bae34510fe6b87075b98f5be34e41dd70d152_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:779c33c3679e47ebca0af343ba6e26d2723cfc9affdcee4df54078ef68278016_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:88d55cc7ec87db114cc60c9c7a67e9c6a69aae69c30a6c076bd94f239a84498c_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:6f16630ff37a5e18b5f8eee782edd6ada351a60b41fdab1bbfda27ebb297135a_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:ae7a2d5c703f6caa7d4facffe3c141bed9739b88967f5a832cf9005b2f815561_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:b6c961fab1178fcc25126ac214d0a7e15bf5738291e2e16c4e05ec320e54fcca_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bca47a6bb7edb70b24927ea02484c91bc4ce35cc8ebb24f5d68cb28193e77fda_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:792cbe51a6e0f80d9a97b5a6a538a36f756467624144ad3af2c2da53f85db68c_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:a0236e0cf364d15553a77f0c12f8f8c0bb12ebf2c49c43c68da4f3f28b93e781_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ab7de39ebdcc363fe61d919ebf430d6e533ddc108075c19f9c9e6d71938bfd6e_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ed37ac2ef10a9107672556fe62e19020d470745a0ec04378ed840949c49a6234_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:a4e9887db8647c4e958df4725f08340a9c6a462cd18fd2bf9c9f1fc939649740_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:10aa721d5a3c55fad979603898fa3b5d504c4911559b8615edfce9a5d0653ff0_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:3cde1fe9926ec2d6d7618cee7a053b1f66c8ebe1a5f6d9e097914b3d3d6f8ca1_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:43ba408b8ed58259bf338fd29260d936fbde9846f772d0580b3e7486ef8ea300_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e73fa4b644e17e520cc9836d4b235a5ae02e10a6a21addc2ae959832d4e08143_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:376ef09554debe6042424f2b4464922cf1aeb14d801fea5c81900d24ce028a39_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:4bb1a9bd246dac5d17ea6bb1556d7ebb87e794369f75913d3d197d2c55a48015_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:54a92917be83722915ce05181652988342015eeb3e54fa3b4dd226d6fd493ccd_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:de7cde72fcb72eccc9f5ea89eed7094e4c976c3e331c48ef450339323a326da1_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55190"
},
{
"category": "external",
"summary": "RHBZ#2390026",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2390026"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55190"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55190",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55190"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-786q-9hcg-v9ff",
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-786q-9hcg-v9ff"
}
],
"release_date": "2025-09-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T15:47:03+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1992f4b3414b6955295827e06e8e5e635f754eb3e0b52ca181e80add613d1ba4_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1cbde70be8f1035b0f45b02e0663c28aa444ea5bc2c8bca580ff164dcfff4196_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:7fbb7d98b130e1dc6c9f5f440244a05bff22e34ab70f5e57e45d4b70e4e3f8da_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:853107e7329e189ded3fc5ca657366e27010f468b1be813264efd9e2cf90c906_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1017"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:58b596569b8de68d7474d949fd30d9a1666f1f08ea81e8264b9132263b61377b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:d529b4bbae3cfcf25ea91a29d3c9eb701ef6a3a54e6e0c0117c649f3e4dbe2dc_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:ddc27dbea59c611ffb5394114a6c754397cc0032ba3487a3f03041ed34cfce30_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:f87ac5bb84230c4c34f5404adbc45347a295fb1e60095c2e4ad1e0ea126382b5_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:1ac33bdd539b1bf2033e27f3127badf1afd2d5fdeef9fd51f00feeffdd936f32_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:32ae33eb3d84b30020cb6732e5c84f76cbd2de6abdd7b42e72be887015c49d35_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a6141b3b5508dc9690ae15ebc3efd33a3fc71382a7dd449a954ffe181f8cd138_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a621f4cfd83907d57317ce941f470ba4b0fb5d599aab38db936e591dde426404_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:0330e4aab6eb9d7c54417d2a6c5aaf959319eb1c811ab91085570295dc19b258_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:259bb75abc6b464d9badf8b110ab239232152010ada0c407241fab47ecbbae6e_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:571c6d9d4e84c6fcd278e13f15e71b527b618ac7d98c477c516d91e0097ba40c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:8286093133d109fe0d852491fda66c66d893527f3364c587b6d09823088bcba6_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0eb572fc96ae2e1973ce43515f03121965600bb09ef0b995eb467f5965c2246c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1438757fd131c12d8ae3a1edb5757bc63114b882d00563be2857917611008418_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a333f6b8ae405b22c746a02bd38a125753a347e7e2c352ec690fa97388b3a40b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f8d8f51bd4aeba9dcfd4edad0720410d289ac0e7a2642c90128d506d69d42c77_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:0f883371ffee9d87547a4dc9524a35c5e6cce840a722bf3a01b1be3c1396fdb1_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:6e8d1e3c7bee9c2c2bee357af24bae34510fe6b87075b98f5be34e41dd70d152_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:779c33c3679e47ebca0af343ba6e26d2723cfc9affdcee4df54078ef68278016_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:88d55cc7ec87db114cc60c9c7a67e9c6a69aae69c30a6c076bd94f239a84498c_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:6f16630ff37a5e18b5f8eee782edd6ada351a60b41fdab1bbfda27ebb297135a_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:ae7a2d5c703f6caa7d4facffe3c141bed9739b88967f5a832cf9005b2f815561_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:b6c961fab1178fcc25126ac214d0a7e15bf5738291e2e16c4e05ec320e54fcca_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bca47a6bb7edb70b24927ea02484c91bc4ce35cc8ebb24f5d68cb28193e77fda_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:792cbe51a6e0f80d9a97b5a6a538a36f756467624144ad3af2c2da53f85db68c_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:a0236e0cf364d15553a77f0c12f8f8c0bb12ebf2c49c43c68da4f3f28b93e781_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ab7de39ebdcc363fe61d919ebf430d6e533ddc108075c19f9c9e6d71938bfd6e_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ed37ac2ef10a9107672556fe62e19020d470745a0ec04378ed840949c49a6234_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:a4e9887db8647c4e958df4725f08340a9c6a462cd18fd2bf9c9f1fc939649740_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:10aa721d5a3c55fad979603898fa3b5d504c4911559b8615edfce9a5d0653ff0_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:3cde1fe9926ec2d6d7618cee7a053b1f66c8ebe1a5f6d9e097914b3d3d6f8ca1_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:43ba408b8ed58259bf338fd29260d936fbde9846f772d0580b3e7486ef8ea300_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e73fa4b644e17e520cc9836d4b235a5ae02e10a6a21addc2ae959832d4e08143_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1992f4b3414b6955295827e06e8e5e635f754eb3e0b52ca181e80add613d1ba4_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1cbde70be8f1035b0f45b02e0663c28aa444ea5bc2c8bca580ff164dcfff4196_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:7fbb7d98b130e1dc6c9f5f440244a05bff22e34ab70f5e57e45d4b70e4e3f8da_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:853107e7329e189ded3fc5ca657366e27010f468b1be813264efd9e2cf90c906_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:376ef09554debe6042424f2b4464922cf1aeb14d801fea5c81900d24ce028a39_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:4bb1a9bd246dac5d17ea6bb1556d7ebb87e794369f75913d3d197d2c55a48015_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:54a92917be83722915ce05181652988342015eeb3e54fa3b4dd226d6fd493ccd_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:de7cde72fcb72eccc9f5ea89eed7094e4c976c3e331c48ef450339323a326da1_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:58b596569b8de68d7474d949fd30d9a1666f1f08ea81e8264b9132263b61377b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:d529b4bbae3cfcf25ea91a29d3c9eb701ef6a3a54e6e0c0117c649f3e4dbe2dc_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:ddc27dbea59c611ffb5394114a6c754397cc0032ba3487a3f03041ed34cfce30_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:f87ac5bb84230c4c34f5404adbc45347a295fb1e60095c2e4ad1e0ea126382b5_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:1ac33bdd539b1bf2033e27f3127badf1afd2d5fdeef9fd51f00feeffdd936f32_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:32ae33eb3d84b30020cb6732e5c84f76cbd2de6abdd7b42e72be887015c49d35_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a6141b3b5508dc9690ae15ebc3efd33a3fc71382a7dd449a954ffe181f8cd138_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a621f4cfd83907d57317ce941f470ba4b0fb5d599aab38db936e591dde426404_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:0330e4aab6eb9d7c54417d2a6c5aaf959319eb1c811ab91085570295dc19b258_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:259bb75abc6b464d9badf8b110ab239232152010ada0c407241fab47ecbbae6e_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:571c6d9d4e84c6fcd278e13f15e71b527b618ac7d98c477c516d91e0097ba40c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:8286093133d109fe0d852491fda66c66d893527f3364c587b6d09823088bcba6_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0eb572fc96ae2e1973ce43515f03121965600bb09ef0b995eb467f5965c2246c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1438757fd131c12d8ae3a1edb5757bc63114b882d00563be2857917611008418_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a333f6b8ae405b22c746a02bd38a125753a347e7e2c352ec690fa97388b3a40b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f8d8f51bd4aeba9dcfd4edad0720410d289ac0e7a2642c90128d506d69d42c77_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:0f883371ffee9d87547a4dc9524a35c5e6cce840a722bf3a01b1be3c1396fdb1_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:6e8d1e3c7bee9c2c2bee357af24bae34510fe6b87075b98f5be34e41dd70d152_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:779c33c3679e47ebca0af343ba6e26d2723cfc9affdcee4df54078ef68278016_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:88d55cc7ec87db114cc60c9c7a67e9c6a69aae69c30a6c076bd94f239a84498c_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:6f16630ff37a5e18b5f8eee782edd6ada351a60b41fdab1bbfda27ebb297135a_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:ae7a2d5c703f6caa7d4facffe3c141bed9739b88967f5a832cf9005b2f815561_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:b6c961fab1178fcc25126ac214d0a7e15bf5738291e2e16c4e05ec320e54fcca_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bca47a6bb7edb70b24927ea02484c91bc4ce35cc8ebb24f5d68cb28193e77fda_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:792cbe51a6e0f80d9a97b5a6a538a36f756467624144ad3af2c2da53f85db68c_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:a0236e0cf364d15553a77f0c12f8f8c0bb12ebf2c49c43c68da4f3f28b93e781_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ab7de39ebdcc363fe61d919ebf430d6e533ddc108075c19f9c9e6d71938bfd6e_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ed37ac2ef10a9107672556fe62e19020d470745a0ec04378ed840949c49a6234_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:a4e9887db8647c4e958df4725f08340a9c6a462cd18fd2bf9c9f1fc939649740_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:10aa721d5a3c55fad979603898fa3b5d504c4911559b8615edfce9a5d0653ff0_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:3cde1fe9926ec2d6d7618cee7a053b1f66c8ebe1a5f6d9e097914b3d3d6f8ca1_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:43ba408b8ed58259bf338fd29260d936fbde9846f772d0580b3e7486ef8ea300_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e73fa4b644e17e520cc9836d4b235a5ae02e10a6a21addc2ae959832d4e08143_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1992f4b3414b6955295827e06e8e5e635f754eb3e0b52ca181e80add613d1ba4_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1cbde70be8f1035b0f45b02e0663c28aa444ea5bc2c8bca580ff164dcfff4196_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:7fbb7d98b130e1dc6c9f5f440244a05bff22e34ab70f5e57e45d4b70e4e3f8da_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:853107e7329e189ded3fc5ca657366e27010f468b1be813264efd9e2cf90c906_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:376ef09554debe6042424f2b4464922cf1aeb14d801fea5c81900d24ce028a39_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:4bb1a9bd246dac5d17ea6bb1556d7ebb87e794369f75913d3d197d2c55a48015_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:54a92917be83722915ce05181652988342015eeb3e54fa3b4dd226d6fd493ccd_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:de7cde72fcb72eccc9f5ea89eed7094e4c976c3e331c48ef450339323a326da1_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/argoproj/argo-cd: Project API Token Exposes Repository Credentials"
},
{
"cve": "CVE-2025-58183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:50.573951+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:58b596569b8de68d7474d949fd30d9a1666f1f08ea81e8264b9132263b61377b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:d529b4bbae3cfcf25ea91a29d3c9eb701ef6a3a54e6e0c0117c649f3e4dbe2dc_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:ddc27dbea59c611ffb5394114a6c754397cc0032ba3487a3f03041ed34cfce30_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:f87ac5bb84230c4c34f5404adbc45347a295fb1e60095c2e4ad1e0ea126382b5_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:1ac33bdd539b1bf2033e27f3127badf1afd2d5fdeef9fd51f00feeffdd936f32_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:32ae33eb3d84b30020cb6732e5c84f76cbd2de6abdd7b42e72be887015c49d35_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a6141b3b5508dc9690ae15ebc3efd33a3fc71382a7dd449a954ffe181f8cd138_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a621f4cfd83907d57317ce941f470ba4b0fb5d599aab38db936e591dde426404_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:0330e4aab6eb9d7c54417d2a6c5aaf959319eb1c811ab91085570295dc19b258_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:259bb75abc6b464d9badf8b110ab239232152010ada0c407241fab47ecbbae6e_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:571c6d9d4e84c6fcd278e13f15e71b527b618ac7d98c477c516d91e0097ba40c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:8286093133d109fe0d852491fda66c66d893527f3364c587b6d09823088bcba6_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:0f883371ffee9d87547a4dc9524a35c5e6cce840a722bf3a01b1be3c1396fdb1_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:6e8d1e3c7bee9c2c2bee357af24bae34510fe6b87075b98f5be34e41dd70d152_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:779c33c3679e47ebca0af343ba6e26d2723cfc9affdcee4df54078ef68278016_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:88d55cc7ec87db114cc60c9c7a67e9c6a69aae69c30a6c076bd94f239a84498c_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:6f16630ff37a5e18b5f8eee782edd6ada351a60b41fdab1bbfda27ebb297135a_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:ae7a2d5c703f6caa7d4facffe3c141bed9739b88967f5a832cf9005b2f815561_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:b6c961fab1178fcc25126ac214d0a7e15bf5738291e2e16c4e05ec320e54fcca_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bca47a6bb7edb70b24927ea02484c91bc4ce35cc8ebb24f5d68cb28193e77fda_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:a4e9887db8647c4e958df4725f08340a9c6a462cd18fd2bf9c9f1fc939649740_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:10aa721d5a3c55fad979603898fa3b5d504c4911559b8615edfce9a5d0653ff0_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:3cde1fe9926ec2d6d7618cee7a053b1f66c8ebe1a5f6d9e097914b3d3d6f8ca1_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:43ba408b8ed58259bf338fd29260d936fbde9846f772d0580b3e7486ef8ea300_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e73fa4b644e17e520cc9836d4b235a5ae02e10a6a21addc2ae959832d4e08143_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1992f4b3414b6955295827e06e8e5e635f754eb3e0b52ca181e80add613d1ba4_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1cbde70be8f1035b0f45b02e0663c28aa444ea5bc2c8bca580ff164dcfff4196_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:7fbb7d98b130e1dc6c9f5f440244a05bff22e34ab70f5e57e45d4b70e4e3f8da_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:853107e7329e189ded3fc5ca657366e27010f468b1be813264efd9e2cf90c906_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:376ef09554debe6042424f2b4464922cf1aeb14d801fea5c81900d24ce028a39_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:4bb1a9bd246dac5d17ea6bb1556d7ebb87e794369f75913d3d197d2c55a48015_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:54a92917be83722915ce05181652988342015eeb3e54fa3b4dd226d6fd493ccd_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:de7cde72fcb72eccc9f5ea89eed7094e4c976c3e331c48ef450339323a326da1_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407258"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0eb572fc96ae2e1973ce43515f03121965600bb09ef0b995eb467f5965c2246c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1438757fd131c12d8ae3a1edb5757bc63114b882d00563be2857917611008418_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a333f6b8ae405b22c746a02bd38a125753a347e7e2c352ec690fa97388b3a40b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f8d8f51bd4aeba9dcfd4edad0720410d289ac0e7a2642c90128d506d69d42c77_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:792cbe51a6e0f80d9a97b5a6a538a36f756467624144ad3af2c2da53f85db68c_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:a0236e0cf364d15553a77f0c12f8f8c0bb12ebf2c49c43c68da4f3f28b93e781_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ab7de39ebdcc363fe61d919ebf430d6e533ddc108075c19f9c9e6d71938bfd6e_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ed37ac2ef10a9107672556fe62e19020d470745a0ec04378ed840949c49a6234_amd64"
],
"known_not_affected": [
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:58b596569b8de68d7474d949fd30d9a1666f1f08ea81e8264b9132263b61377b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:d529b4bbae3cfcf25ea91a29d3c9eb701ef6a3a54e6e0c0117c649f3e4dbe2dc_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:ddc27dbea59c611ffb5394114a6c754397cc0032ba3487a3f03041ed34cfce30_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:f87ac5bb84230c4c34f5404adbc45347a295fb1e60095c2e4ad1e0ea126382b5_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:1ac33bdd539b1bf2033e27f3127badf1afd2d5fdeef9fd51f00feeffdd936f32_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:32ae33eb3d84b30020cb6732e5c84f76cbd2de6abdd7b42e72be887015c49d35_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a6141b3b5508dc9690ae15ebc3efd33a3fc71382a7dd449a954ffe181f8cd138_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a621f4cfd83907d57317ce941f470ba4b0fb5d599aab38db936e591dde426404_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:0330e4aab6eb9d7c54417d2a6c5aaf959319eb1c811ab91085570295dc19b258_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:259bb75abc6b464d9badf8b110ab239232152010ada0c407241fab47ecbbae6e_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:571c6d9d4e84c6fcd278e13f15e71b527b618ac7d98c477c516d91e0097ba40c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:8286093133d109fe0d852491fda66c66d893527f3364c587b6d09823088bcba6_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:0f883371ffee9d87547a4dc9524a35c5e6cce840a722bf3a01b1be3c1396fdb1_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:6e8d1e3c7bee9c2c2bee357af24bae34510fe6b87075b98f5be34e41dd70d152_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:779c33c3679e47ebca0af343ba6e26d2723cfc9affdcee4df54078ef68278016_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:88d55cc7ec87db114cc60c9c7a67e9c6a69aae69c30a6c076bd94f239a84498c_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:6f16630ff37a5e18b5f8eee782edd6ada351a60b41fdab1bbfda27ebb297135a_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:ae7a2d5c703f6caa7d4facffe3c141bed9739b88967f5a832cf9005b2f815561_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:b6c961fab1178fcc25126ac214d0a7e15bf5738291e2e16c4e05ec320e54fcca_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bca47a6bb7edb70b24927ea02484c91bc4ce35cc8ebb24f5d68cb28193e77fda_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:a4e9887db8647c4e958df4725f08340a9c6a462cd18fd2bf9c9f1fc939649740_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:10aa721d5a3c55fad979603898fa3b5d504c4911559b8615edfce9a5d0653ff0_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:3cde1fe9926ec2d6d7618cee7a053b1f66c8ebe1a5f6d9e097914b3d3d6f8ca1_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:43ba408b8ed58259bf338fd29260d936fbde9846f772d0580b3e7486ef8ea300_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e73fa4b644e17e520cc9836d4b235a5ae02e10a6a21addc2ae959832d4e08143_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1992f4b3414b6955295827e06e8e5e635f754eb3e0b52ca181e80add613d1ba4_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1cbde70be8f1035b0f45b02e0663c28aa444ea5bc2c8bca580ff164dcfff4196_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:7fbb7d98b130e1dc6c9f5f440244a05bff22e34ab70f5e57e45d4b70e4e3f8da_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:853107e7329e189ded3fc5ca657366e27010f468b1be813264efd9e2cf90c906_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:376ef09554debe6042424f2b4464922cf1aeb14d801fea5c81900d24ce028a39_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:4bb1a9bd246dac5d17ea6bb1556d7ebb87e794369f75913d3d197d2c55a48015_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:54a92917be83722915ce05181652988342015eeb3e54fa3b4dd226d6fd493ccd_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:de7cde72fcb72eccc9f5ea89eed7094e4c976c3e331c48ef450339323a326da1_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "RHBZ#2407258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://go.dev/cl/709861",
"url": "https://go.dev/cl/709861"
},
{
"category": "external",
"summary": "https://go.dev/issue/75677",
"url": "https://go.dev/issue/75677"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4014",
"url": "https://pkg.go.dev/vuln/GO-2025-4014"
}
],
"release_date": "2025-10-29T22:10:14.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T15:47:03+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0eb572fc96ae2e1973ce43515f03121965600bb09ef0b995eb467f5965c2246c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1438757fd131c12d8ae3a1edb5757bc63114b882d00563be2857917611008418_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a333f6b8ae405b22c746a02bd38a125753a347e7e2c352ec690fa97388b3a40b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f8d8f51bd4aeba9dcfd4edad0720410d289ac0e7a2642c90128d506d69d42c77_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:792cbe51a6e0f80d9a97b5a6a538a36f756467624144ad3af2c2da53f85db68c_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:a0236e0cf364d15553a77f0c12f8f8c0bb12ebf2c49c43c68da4f3f28b93e781_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ab7de39ebdcc363fe61d919ebf430d6e533ddc108075c19f9c9e6d71938bfd6e_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ed37ac2ef10a9107672556fe62e19020d470745a0ec04378ed840949c49a6234_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1017"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:58b596569b8de68d7474d949fd30d9a1666f1f08ea81e8264b9132263b61377b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:d529b4bbae3cfcf25ea91a29d3c9eb701ef6a3a54e6e0c0117c649f3e4dbe2dc_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:ddc27dbea59c611ffb5394114a6c754397cc0032ba3487a3f03041ed34cfce30_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:f87ac5bb84230c4c34f5404adbc45347a295fb1e60095c2e4ad1e0ea126382b5_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:1ac33bdd539b1bf2033e27f3127badf1afd2d5fdeef9fd51f00feeffdd936f32_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:32ae33eb3d84b30020cb6732e5c84f76cbd2de6abdd7b42e72be887015c49d35_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a6141b3b5508dc9690ae15ebc3efd33a3fc71382a7dd449a954ffe181f8cd138_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a621f4cfd83907d57317ce941f470ba4b0fb5d599aab38db936e591dde426404_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:0330e4aab6eb9d7c54417d2a6c5aaf959319eb1c811ab91085570295dc19b258_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:259bb75abc6b464d9badf8b110ab239232152010ada0c407241fab47ecbbae6e_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:571c6d9d4e84c6fcd278e13f15e71b527b618ac7d98c477c516d91e0097ba40c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:8286093133d109fe0d852491fda66c66d893527f3364c587b6d09823088bcba6_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0eb572fc96ae2e1973ce43515f03121965600bb09ef0b995eb467f5965c2246c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1438757fd131c12d8ae3a1edb5757bc63114b882d00563be2857917611008418_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a333f6b8ae405b22c746a02bd38a125753a347e7e2c352ec690fa97388b3a40b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f8d8f51bd4aeba9dcfd4edad0720410d289ac0e7a2642c90128d506d69d42c77_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:0f883371ffee9d87547a4dc9524a35c5e6cce840a722bf3a01b1be3c1396fdb1_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:6e8d1e3c7bee9c2c2bee357af24bae34510fe6b87075b98f5be34e41dd70d152_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:779c33c3679e47ebca0af343ba6e26d2723cfc9affdcee4df54078ef68278016_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:88d55cc7ec87db114cc60c9c7a67e9c6a69aae69c30a6c076bd94f239a84498c_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:6f16630ff37a5e18b5f8eee782edd6ada351a60b41fdab1bbfda27ebb297135a_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:ae7a2d5c703f6caa7d4facffe3c141bed9739b88967f5a832cf9005b2f815561_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:b6c961fab1178fcc25126ac214d0a7e15bf5738291e2e16c4e05ec320e54fcca_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bca47a6bb7edb70b24927ea02484c91bc4ce35cc8ebb24f5d68cb28193e77fda_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:792cbe51a6e0f80d9a97b5a6a538a36f756467624144ad3af2c2da53f85db68c_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:a0236e0cf364d15553a77f0c12f8f8c0bb12ebf2c49c43c68da4f3f28b93e781_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ab7de39ebdcc363fe61d919ebf430d6e533ddc108075c19f9c9e6d71938bfd6e_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ed37ac2ef10a9107672556fe62e19020d470745a0ec04378ed840949c49a6234_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:a4e9887db8647c4e958df4725f08340a9c6a462cd18fd2bf9c9f1fc939649740_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:10aa721d5a3c55fad979603898fa3b5d504c4911559b8615edfce9a5d0653ff0_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:3cde1fe9926ec2d6d7618cee7a053b1f66c8ebe1a5f6d9e097914b3d3d6f8ca1_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:43ba408b8ed58259bf338fd29260d936fbde9846f772d0580b3e7486ef8ea300_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e73fa4b644e17e520cc9836d4b235a5ae02e10a6a21addc2ae959832d4e08143_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1992f4b3414b6955295827e06e8e5e635f754eb3e0b52ca181e80add613d1ba4_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1cbde70be8f1035b0f45b02e0663c28aa444ea5bc2c8bca580ff164dcfff4196_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:7fbb7d98b130e1dc6c9f5f440244a05bff22e34ab70f5e57e45d4b70e4e3f8da_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:853107e7329e189ded3fc5ca657366e27010f468b1be813264efd9e2cf90c906_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:376ef09554debe6042424f2b4464922cf1aeb14d801fea5c81900d24ce028a39_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:4bb1a9bd246dac5d17ea6bb1556d7ebb87e794369f75913d3d197d2c55a48015_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:54a92917be83722915ce05181652988342015eeb3e54fa3b4dd226d6fd493ccd_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:de7cde72fcb72eccc9f5ea89eed7094e4c976c3e331c48ef450339323a326da1_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:58b596569b8de68d7474d949fd30d9a1666f1f08ea81e8264b9132263b61377b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:d529b4bbae3cfcf25ea91a29d3c9eb701ef6a3a54e6e0c0117c649f3e4dbe2dc_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:ddc27dbea59c611ffb5394114a6c754397cc0032ba3487a3f03041ed34cfce30_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:f87ac5bb84230c4c34f5404adbc45347a295fb1e60095c2e4ad1e0ea126382b5_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:1ac33bdd539b1bf2033e27f3127badf1afd2d5fdeef9fd51f00feeffdd936f32_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:32ae33eb3d84b30020cb6732e5c84f76cbd2de6abdd7b42e72be887015c49d35_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a6141b3b5508dc9690ae15ebc3efd33a3fc71382a7dd449a954ffe181f8cd138_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a621f4cfd83907d57317ce941f470ba4b0fb5d599aab38db936e591dde426404_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:0330e4aab6eb9d7c54417d2a6c5aaf959319eb1c811ab91085570295dc19b258_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:259bb75abc6b464d9badf8b110ab239232152010ada0c407241fab47ecbbae6e_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:571c6d9d4e84c6fcd278e13f15e71b527b618ac7d98c477c516d91e0097ba40c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:8286093133d109fe0d852491fda66c66d893527f3364c587b6d09823088bcba6_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0eb572fc96ae2e1973ce43515f03121965600bb09ef0b995eb467f5965c2246c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1438757fd131c12d8ae3a1edb5757bc63114b882d00563be2857917611008418_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a333f6b8ae405b22c746a02bd38a125753a347e7e2c352ec690fa97388b3a40b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f8d8f51bd4aeba9dcfd4edad0720410d289ac0e7a2642c90128d506d69d42c77_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:0f883371ffee9d87547a4dc9524a35c5e6cce840a722bf3a01b1be3c1396fdb1_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:6e8d1e3c7bee9c2c2bee357af24bae34510fe6b87075b98f5be34e41dd70d152_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:779c33c3679e47ebca0af343ba6e26d2723cfc9affdcee4df54078ef68278016_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:88d55cc7ec87db114cc60c9c7a67e9c6a69aae69c30a6c076bd94f239a84498c_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:6f16630ff37a5e18b5f8eee782edd6ada351a60b41fdab1bbfda27ebb297135a_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:ae7a2d5c703f6caa7d4facffe3c141bed9739b88967f5a832cf9005b2f815561_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:b6c961fab1178fcc25126ac214d0a7e15bf5738291e2e16c4e05ec320e54fcca_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bca47a6bb7edb70b24927ea02484c91bc4ce35cc8ebb24f5d68cb28193e77fda_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:792cbe51a6e0f80d9a97b5a6a538a36f756467624144ad3af2c2da53f85db68c_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:a0236e0cf364d15553a77f0c12f8f8c0bb12ebf2c49c43c68da4f3f28b93e781_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ab7de39ebdcc363fe61d919ebf430d6e533ddc108075c19f9c9e6d71938bfd6e_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ed37ac2ef10a9107672556fe62e19020d470745a0ec04378ed840949c49a6234_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:a4e9887db8647c4e958df4725f08340a9c6a462cd18fd2bf9c9f1fc939649740_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:10aa721d5a3c55fad979603898fa3b5d504c4911559b8615edfce9a5d0653ff0_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:3cde1fe9926ec2d6d7618cee7a053b1f66c8ebe1a5f6d9e097914b3d3d6f8ca1_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:43ba408b8ed58259bf338fd29260d936fbde9846f772d0580b3e7486ef8ea300_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e73fa4b644e17e520cc9836d4b235a5ae02e10a6a21addc2ae959832d4e08143_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1992f4b3414b6955295827e06e8e5e635f754eb3e0b52ca181e80add613d1ba4_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1cbde70be8f1035b0f45b02e0663c28aa444ea5bc2c8bca580ff164dcfff4196_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:7fbb7d98b130e1dc6c9f5f440244a05bff22e34ab70f5e57e45d4b70e4e3f8da_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:853107e7329e189ded3fc5ca657366e27010f468b1be813264efd9e2cf90c906_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:376ef09554debe6042424f2b4464922cf1aeb14d801fea5c81900d24ce028a39_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:4bb1a9bd246dac5d17ea6bb1556d7ebb87e794369f75913d3d197d2c55a48015_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:54a92917be83722915ce05181652988342015eeb3e54fa3b4dd226d6fd493ccd_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:de7cde72fcb72eccc9f5ea89eed7094e4c976c3e331c48ef450339323a326da1_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:1ac33bdd539b1bf2033e27f3127badf1afd2d5fdeef9fd51f00feeffdd936f32_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:32ae33eb3d84b30020cb6732e5c84f76cbd2de6abdd7b42e72be887015c49d35_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a6141b3b5508dc9690ae15ebc3efd33a3fc71382a7dd449a954ffe181f8cd138_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a621f4cfd83907d57317ce941f470ba4b0fb5d599aab38db936e591dde426404_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:0330e4aab6eb9d7c54417d2a6c5aaf959319eb1c811ab91085570295dc19b258_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:259bb75abc6b464d9badf8b110ab239232152010ada0c407241fab47ecbbae6e_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:571c6d9d4e84c6fcd278e13f15e71b527b618ac7d98c477c516d91e0097ba40c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:8286093133d109fe0d852491fda66c66d893527f3364c587b6d09823088bcba6_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0eb572fc96ae2e1973ce43515f03121965600bb09ef0b995eb467f5965c2246c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1438757fd131c12d8ae3a1edb5757bc63114b882d00563be2857917611008418_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a333f6b8ae405b22c746a02bd38a125753a347e7e2c352ec690fa97388b3a40b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f8d8f51bd4aeba9dcfd4edad0720410d289ac0e7a2642c90128d506d69d42c77_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:0f883371ffee9d87547a4dc9524a35c5e6cce840a722bf3a01b1be3c1396fdb1_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:6e8d1e3c7bee9c2c2bee357af24bae34510fe6b87075b98f5be34e41dd70d152_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:779c33c3679e47ebca0af343ba6e26d2723cfc9affdcee4df54078ef68278016_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:88d55cc7ec87db114cc60c9c7a67e9c6a69aae69c30a6c076bd94f239a84498c_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:6f16630ff37a5e18b5f8eee782edd6ada351a60b41fdab1bbfda27ebb297135a_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:ae7a2d5c703f6caa7d4facffe3c141bed9739b88967f5a832cf9005b2f815561_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:b6c961fab1178fcc25126ac214d0a7e15bf5738291e2e16c4e05ec320e54fcca_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bca47a6bb7edb70b24927ea02484c91bc4ce35cc8ebb24f5d68cb28193e77fda_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:a4e9887db8647c4e958df4725f08340a9c6a462cd18fd2bf9c9f1fc939649740_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:376ef09554debe6042424f2b4464922cf1aeb14d801fea5c81900d24ce028a39_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:4bb1a9bd246dac5d17ea6bb1556d7ebb87e794369f75913d3d197d2c55a48015_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:54a92917be83722915ce05181652988342015eeb3e54fa3b4dd226d6fd493ccd_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:de7cde72fcb72eccc9f5ea89eed7094e4c976c3e331c48ef450339323a326da1_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:58b596569b8de68d7474d949fd30d9a1666f1f08ea81e8264b9132263b61377b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:d529b4bbae3cfcf25ea91a29d3c9eb701ef6a3a54e6e0c0117c649f3e4dbe2dc_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:ddc27dbea59c611ffb5394114a6c754397cc0032ba3487a3f03041ed34cfce30_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:f87ac5bb84230c4c34f5404adbc45347a295fb1e60095c2e4ad1e0ea126382b5_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:792cbe51a6e0f80d9a97b5a6a538a36f756467624144ad3af2c2da53f85db68c_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:a0236e0cf364d15553a77f0c12f8f8c0bb12ebf2c49c43c68da4f3f28b93e781_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ab7de39ebdcc363fe61d919ebf430d6e533ddc108075c19f9c9e6d71938bfd6e_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ed37ac2ef10a9107672556fe62e19020d470745a0ec04378ed840949c49a6234_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:10aa721d5a3c55fad979603898fa3b5d504c4911559b8615edfce9a5d0653ff0_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:3cde1fe9926ec2d6d7618cee7a053b1f66c8ebe1a5f6d9e097914b3d3d6f8ca1_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:43ba408b8ed58259bf338fd29260d936fbde9846f772d0580b3e7486ef8ea300_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e73fa4b644e17e520cc9836d4b235a5ae02e10a6a21addc2ae959832d4e08143_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1992f4b3414b6955295827e06e8e5e635f754eb3e0b52ca181e80add613d1ba4_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1cbde70be8f1035b0f45b02e0663c28aa444ea5bc2c8bca580ff164dcfff4196_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:7fbb7d98b130e1dc6c9f5f440244a05bff22e34ab70f5e57e45d4b70e4e3f8da_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:853107e7329e189ded3fc5ca657366e27010f468b1be813264efd9e2cf90c906_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:1ac33bdd539b1bf2033e27f3127badf1afd2d5fdeef9fd51f00feeffdd936f32_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:32ae33eb3d84b30020cb6732e5c84f76cbd2de6abdd7b42e72be887015c49d35_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a6141b3b5508dc9690ae15ebc3efd33a3fc71382a7dd449a954ffe181f8cd138_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a621f4cfd83907d57317ce941f470ba4b0fb5d599aab38db936e591dde426404_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:0330e4aab6eb9d7c54417d2a6c5aaf959319eb1c811ab91085570295dc19b258_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:259bb75abc6b464d9badf8b110ab239232152010ada0c407241fab47ecbbae6e_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:571c6d9d4e84c6fcd278e13f15e71b527b618ac7d98c477c516d91e0097ba40c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:8286093133d109fe0d852491fda66c66d893527f3364c587b6d09823088bcba6_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0eb572fc96ae2e1973ce43515f03121965600bb09ef0b995eb467f5965c2246c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1438757fd131c12d8ae3a1edb5757bc63114b882d00563be2857917611008418_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a333f6b8ae405b22c746a02bd38a125753a347e7e2c352ec690fa97388b3a40b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f8d8f51bd4aeba9dcfd4edad0720410d289ac0e7a2642c90128d506d69d42c77_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:0f883371ffee9d87547a4dc9524a35c5e6cce840a722bf3a01b1be3c1396fdb1_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:6e8d1e3c7bee9c2c2bee357af24bae34510fe6b87075b98f5be34e41dd70d152_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:779c33c3679e47ebca0af343ba6e26d2723cfc9affdcee4df54078ef68278016_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:88d55cc7ec87db114cc60c9c7a67e9c6a69aae69c30a6c076bd94f239a84498c_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:6f16630ff37a5e18b5f8eee782edd6ada351a60b41fdab1bbfda27ebb297135a_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:ae7a2d5c703f6caa7d4facffe3c141bed9739b88967f5a832cf9005b2f815561_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:b6c961fab1178fcc25126ac214d0a7e15bf5738291e2e16c4e05ec320e54fcca_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bca47a6bb7edb70b24927ea02484c91bc4ce35cc8ebb24f5d68cb28193e77fda_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:a4e9887db8647c4e958df4725f08340a9c6a462cd18fd2bf9c9f1fc939649740_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:376ef09554debe6042424f2b4464922cf1aeb14d801fea5c81900d24ce028a39_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:4bb1a9bd246dac5d17ea6bb1556d7ebb87e794369f75913d3d197d2c55a48015_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:54a92917be83722915ce05181652988342015eeb3e54fa3b4dd226d6fd493ccd_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:de7cde72fcb72eccc9f5ea89eed7094e4c976c3e331c48ef450339323a326da1_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T15:47:03+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:58b596569b8de68d7474d949fd30d9a1666f1f08ea81e8264b9132263b61377b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:d529b4bbae3cfcf25ea91a29d3c9eb701ef6a3a54e6e0c0117c649f3e4dbe2dc_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:ddc27dbea59c611ffb5394114a6c754397cc0032ba3487a3f03041ed34cfce30_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:f87ac5bb84230c4c34f5404adbc45347a295fb1e60095c2e4ad1e0ea126382b5_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:792cbe51a6e0f80d9a97b5a6a538a36f756467624144ad3af2c2da53f85db68c_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:a0236e0cf364d15553a77f0c12f8f8c0bb12ebf2c49c43c68da4f3f28b93e781_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ab7de39ebdcc363fe61d919ebf430d6e533ddc108075c19f9c9e6d71938bfd6e_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ed37ac2ef10a9107672556fe62e19020d470745a0ec04378ed840949c49a6234_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:10aa721d5a3c55fad979603898fa3b5d504c4911559b8615edfce9a5d0653ff0_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:3cde1fe9926ec2d6d7618cee7a053b1f66c8ebe1a5f6d9e097914b3d3d6f8ca1_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:43ba408b8ed58259bf338fd29260d936fbde9846f772d0580b3e7486ef8ea300_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e73fa4b644e17e520cc9836d4b235a5ae02e10a6a21addc2ae959832d4e08143_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1992f4b3414b6955295827e06e8e5e635f754eb3e0b52ca181e80add613d1ba4_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1cbde70be8f1035b0f45b02e0663c28aa444ea5bc2c8bca580ff164dcfff4196_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:7fbb7d98b130e1dc6c9f5f440244a05bff22e34ab70f5e57e45d4b70e4e3f8da_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:853107e7329e189ded3fc5ca657366e27010f468b1be813264efd9e2cf90c906_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:58b596569b8de68d7474d949fd30d9a1666f1f08ea81e8264b9132263b61377b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:d529b4bbae3cfcf25ea91a29d3c9eb701ef6a3a54e6e0c0117c649f3e4dbe2dc_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:ddc27dbea59c611ffb5394114a6c754397cc0032ba3487a3f03041ed34cfce30_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:f87ac5bb84230c4c34f5404adbc45347a295fb1e60095c2e4ad1e0ea126382b5_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:1ac33bdd539b1bf2033e27f3127badf1afd2d5fdeef9fd51f00feeffdd936f32_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:32ae33eb3d84b30020cb6732e5c84f76cbd2de6abdd7b42e72be887015c49d35_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a6141b3b5508dc9690ae15ebc3efd33a3fc71382a7dd449a954ffe181f8cd138_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a621f4cfd83907d57317ce941f470ba4b0fb5d599aab38db936e591dde426404_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:0330e4aab6eb9d7c54417d2a6c5aaf959319eb1c811ab91085570295dc19b258_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:259bb75abc6b464d9badf8b110ab239232152010ada0c407241fab47ecbbae6e_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:571c6d9d4e84c6fcd278e13f15e71b527b618ac7d98c477c516d91e0097ba40c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:8286093133d109fe0d852491fda66c66d893527f3364c587b6d09823088bcba6_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0eb572fc96ae2e1973ce43515f03121965600bb09ef0b995eb467f5965c2246c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1438757fd131c12d8ae3a1edb5757bc63114b882d00563be2857917611008418_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a333f6b8ae405b22c746a02bd38a125753a347e7e2c352ec690fa97388b3a40b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f8d8f51bd4aeba9dcfd4edad0720410d289ac0e7a2642c90128d506d69d42c77_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:0f883371ffee9d87547a4dc9524a35c5e6cce840a722bf3a01b1be3c1396fdb1_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:6e8d1e3c7bee9c2c2bee357af24bae34510fe6b87075b98f5be34e41dd70d152_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:779c33c3679e47ebca0af343ba6e26d2723cfc9affdcee4df54078ef68278016_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:88d55cc7ec87db114cc60c9c7a67e9c6a69aae69c30a6c076bd94f239a84498c_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:6f16630ff37a5e18b5f8eee782edd6ada351a60b41fdab1bbfda27ebb297135a_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:ae7a2d5c703f6caa7d4facffe3c141bed9739b88967f5a832cf9005b2f815561_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:b6c961fab1178fcc25126ac214d0a7e15bf5738291e2e16c4e05ec320e54fcca_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bca47a6bb7edb70b24927ea02484c91bc4ce35cc8ebb24f5d68cb28193e77fda_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:792cbe51a6e0f80d9a97b5a6a538a36f756467624144ad3af2c2da53f85db68c_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:a0236e0cf364d15553a77f0c12f8f8c0bb12ebf2c49c43c68da4f3f28b93e781_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ab7de39ebdcc363fe61d919ebf430d6e533ddc108075c19f9c9e6d71938bfd6e_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ed37ac2ef10a9107672556fe62e19020d470745a0ec04378ed840949c49a6234_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:a4e9887db8647c4e958df4725f08340a9c6a462cd18fd2bf9c9f1fc939649740_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:10aa721d5a3c55fad979603898fa3b5d504c4911559b8615edfce9a5d0653ff0_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:3cde1fe9926ec2d6d7618cee7a053b1f66c8ebe1a5f6d9e097914b3d3d6f8ca1_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:43ba408b8ed58259bf338fd29260d936fbde9846f772d0580b3e7486ef8ea300_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e73fa4b644e17e520cc9836d4b235a5ae02e10a6a21addc2ae959832d4e08143_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1992f4b3414b6955295827e06e8e5e635f754eb3e0b52ca181e80add613d1ba4_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1cbde70be8f1035b0f45b02e0663c28aa444ea5bc2c8bca580ff164dcfff4196_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:7fbb7d98b130e1dc6c9f5f440244a05bff22e34ab70f5e57e45d4b70e4e3f8da_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:853107e7329e189ded3fc5ca657366e27010f468b1be813264efd9e2cf90c906_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:376ef09554debe6042424f2b4464922cf1aeb14d801fea5c81900d24ce028a39_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:4bb1a9bd246dac5d17ea6bb1556d7ebb87e794369f75913d3d197d2c55a48015_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:54a92917be83722915ce05181652988342015eeb3e54fa3b4dd226d6fd493ccd_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:de7cde72fcb72eccc9f5ea89eed7094e4c976c3e331c48ef450339323a326da1_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68156",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-16T19:01:42.049157+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:58b596569b8de68d7474d949fd30d9a1666f1f08ea81e8264b9132263b61377b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:d529b4bbae3cfcf25ea91a29d3c9eb701ef6a3a54e6e0c0117c649f3e4dbe2dc_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:ddc27dbea59c611ffb5394114a6c754397cc0032ba3487a3f03041ed34cfce30_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:f87ac5bb84230c4c34f5404adbc45347a295fb1e60095c2e4ad1e0ea126382b5_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:1ac33bdd539b1bf2033e27f3127badf1afd2d5fdeef9fd51f00feeffdd936f32_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:32ae33eb3d84b30020cb6732e5c84f76cbd2de6abdd7b42e72be887015c49d35_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a6141b3b5508dc9690ae15ebc3efd33a3fc71382a7dd449a954ffe181f8cd138_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a621f4cfd83907d57317ce941f470ba4b0fb5d599aab38db936e591dde426404_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:0330e4aab6eb9d7c54417d2a6c5aaf959319eb1c811ab91085570295dc19b258_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:259bb75abc6b464d9badf8b110ab239232152010ada0c407241fab47ecbbae6e_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:571c6d9d4e84c6fcd278e13f15e71b527b618ac7d98c477c516d91e0097ba40c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:8286093133d109fe0d852491fda66c66d893527f3364c587b6d09823088bcba6_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:6f16630ff37a5e18b5f8eee782edd6ada351a60b41fdab1bbfda27ebb297135a_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:ae7a2d5c703f6caa7d4facffe3c141bed9739b88967f5a832cf9005b2f815561_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:b6c961fab1178fcc25126ac214d0a7e15bf5738291e2e16c4e05ec320e54fcca_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bca47a6bb7edb70b24927ea02484c91bc4ce35cc8ebb24f5d68cb28193e77fda_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:792cbe51a6e0f80d9a97b5a6a538a36f756467624144ad3af2c2da53f85db68c_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:a0236e0cf364d15553a77f0c12f8f8c0bb12ebf2c49c43c68da4f3f28b93e781_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ab7de39ebdcc363fe61d919ebf430d6e533ddc108075c19f9c9e6d71938bfd6e_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ed37ac2ef10a9107672556fe62e19020d470745a0ec04378ed840949c49a6234_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:a4e9887db8647c4e958df4725f08340a9c6a462cd18fd2bf9c9f1fc939649740_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:10aa721d5a3c55fad979603898fa3b5d504c4911559b8615edfce9a5d0653ff0_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:3cde1fe9926ec2d6d7618cee7a053b1f66c8ebe1a5f6d9e097914b3d3d6f8ca1_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:43ba408b8ed58259bf338fd29260d936fbde9846f772d0580b3e7486ef8ea300_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e73fa4b644e17e520cc9836d4b235a5ae02e10a6a21addc2ae959832d4e08143_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1992f4b3414b6955295827e06e8e5e635f754eb3e0b52ca181e80add613d1ba4_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1cbde70be8f1035b0f45b02e0663c28aa444ea5bc2c8bca580ff164dcfff4196_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:7fbb7d98b130e1dc6c9f5f440244a05bff22e34ab70f5e57e45d4b70e4e3f8da_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:853107e7329e189ded3fc5ca657366e27010f468b1be813264efd9e2cf90c906_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:376ef09554debe6042424f2b4464922cf1aeb14d801fea5c81900d24ce028a39_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:4bb1a9bd246dac5d17ea6bb1556d7ebb87e794369f75913d3d197d2c55a48015_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:54a92917be83722915ce05181652988342015eeb3e54fa3b4dd226d6fd493ccd_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:de7cde72fcb72eccc9f5ea89eed7094e4c976c3e331c48ef450339323a326da1_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2422891"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service (DoS) via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic and application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products utilizing the `Expr` Go library because it can lead to a denial-of-service. Exploitation requires an application to evaluate expressions against untrusted or insufficiently validated data structures containing deeply nested or cyclic references, which can cause a stack overflow and application crash. Products that do not process untrusted input with `Expr` are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0eb572fc96ae2e1973ce43515f03121965600bb09ef0b995eb467f5965c2246c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1438757fd131c12d8ae3a1edb5757bc63114b882d00563be2857917611008418_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a333f6b8ae405b22c746a02bd38a125753a347e7e2c352ec690fa97388b3a40b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f8d8f51bd4aeba9dcfd4edad0720410d289ac0e7a2642c90128d506d69d42c77_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:0f883371ffee9d87547a4dc9524a35c5e6cce840a722bf3a01b1be3c1396fdb1_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:6e8d1e3c7bee9c2c2bee357af24bae34510fe6b87075b98f5be34e41dd70d152_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:779c33c3679e47ebca0af343ba6e26d2723cfc9affdcee4df54078ef68278016_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:88d55cc7ec87db114cc60c9c7a67e9c6a69aae69c30a6c076bd94f239a84498c_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:58b596569b8de68d7474d949fd30d9a1666f1f08ea81e8264b9132263b61377b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:d529b4bbae3cfcf25ea91a29d3c9eb701ef6a3a54e6e0c0117c649f3e4dbe2dc_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:ddc27dbea59c611ffb5394114a6c754397cc0032ba3487a3f03041ed34cfce30_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:f87ac5bb84230c4c34f5404adbc45347a295fb1e60095c2e4ad1e0ea126382b5_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:1ac33bdd539b1bf2033e27f3127badf1afd2d5fdeef9fd51f00feeffdd936f32_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:32ae33eb3d84b30020cb6732e5c84f76cbd2de6abdd7b42e72be887015c49d35_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a6141b3b5508dc9690ae15ebc3efd33a3fc71382a7dd449a954ffe181f8cd138_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a621f4cfd83907d57317ce941f470ba4b0fb5d599aab38db936e591dde426404_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:0330e4aab6eb9d7c54417d2a6c5aaf959319eb1c811ab91085570295dc19b258_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:259bb75abc6b464d9badf8b110ab239232152010ada0c407241fab47ecbbae6e_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:571c6d9d4e84c6fcd278e13f15e71b527b618ac7d98c477c516d91e0097ba40c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:8286093133d109fe0d852491fda66c66d893527f3364c587b6d09823088bcba6_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:6f16630ff37a5e18b5f8eee782edd6ada351a60b41fdab1bbfda27ebb297135a_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:ae7a2d5c703f6caa7d4facffe3c141bed9739b88967f5a832cf9005b2f815561_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:b6c961fab1178fcc25126ac214d0a7e15bf5738291e2e16c4e05ec320e54fcca_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bca47a6bb7edb70b24927ea02484c91bc4ce35cc8ebb24f5d68cb28193e77fda_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:792cbe51a6e0f80d9a97b5a6a538a36f756467624144ad3af2c2da53f85db68c_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:a0236e0cf364d15553a77f0c12f8f8c0bb12ebf2c49c43c68da4f3f28b93e781_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ab7de39ebdcc363fe61d919ebf430d6e533ddc108075c19f9c9e6d71938bfd6e_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ed37ac2ef10a9107672556fe62e19020d470745a0ec04378ed840949c49a6234_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:a4e9887db8647c4e958df4725f08340a9c6a462cd18fd2bf9c9f1fc939649740_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:10aa721d5a3c55fad979603898fa3b5d504c4911559b8615edfce9a5d0653ff0_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:3cde1fe9926ec2d6d7618cee7a053b1f66c8ebe1a5f6d9e097914b3d3d6f8ca1_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:43ba408b8ed58259bf338fd29260d936fbde9846f772d0580b3e7486ef8ea300_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e73fa4b644e17e520cc9836d4b235a5ae02e10a6a21addc2ae959832d4e08143_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1992f4b3414b6955295827e06e8e5e635f754eb3e0b52ca181e80add613d1ba4_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1cbde70be8f1035b0f45b02e0663c28aa444ea5bc2c8bca580ff164dcfff4196_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:7fbb7d98b130e1dc6c9f5f440244a05bff22e34ab70f5e57e45d4b70e4e3f8da_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:853107e7329e189ded3fc5ca657366e27010f468b1be813264efd9e2cf90c906_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:376ef09554debe6042424f2b4464922cf1aeb14d801fea5c81900d24ce028a39_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:4bb1a9bd246dac5d17ea6bb1556d7ebb87e794369f75913d3d197d2c55a48015_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:54a92917be83722915ce05181652988342015eeb3e54fa3b4dd226d6fd493ccd_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:de7cde72fcb72eccc9f5ea89eed7094e4c976c3e331c48ef450339323a326da1_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68156"
},
{
"category": "external",
"summary": "RHBZ#2422891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422891"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68156",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68156"
},
{
"category": "external",
"summary": "https://github.com/expr-lang/expr/pull/870",
"url": "https://github.com/expr-lang/expr/pull/870"
},
{
"category": "external",
"summary": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6",
"url": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6"
}
],
"release_date": "2025-12-16T18:24:11.648000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T15:47:03+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0eb572fc96ae2e1973ce43515f03121965600bb09ef0b995eb467f5965c2246c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1438757fd131c12d8ae3a1edb5757bc63114b882d00563be2857917611008418_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a333f6b8ae405b22c746a02bd38a125753a347e7e2c352ec690fa97388b3a40b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f8d8f51bd4aeba9dcfd4edad0720410d289ac0e7a2642c90128d506d69d42c77_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:0f883371ffee9d87547a4dc9524a35c5e6cce840a722bf3a01b1be3c1396fdb1_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:6e8d1e3c7bee9c2c2bee357af24bae34510fe6b87075b98f5be34e41dd70d152_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:779c33c3679e47ebca0af343ba6e26d2723cfc9affdcee4df54078ef68278016_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:88d55cc7ec87db114cc60c9c7a67e9c6a69aae69c30a6c076bd94f239a84498c_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1017"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications using the `Expr` library should ensure that evaluation environments do not contain cyclic references. Additionally, externally supplied data structures must be validated or sanitized before being passed to `Expr` for evaluation. As a last-resort defensive measure, expression evaluation can be wrapped with panic recovery to prevent a full process crash.",
"product_ids": [
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:58b596569b8de68d7474d949fd30d9a1666f1f08ea81e8264b9132263b61377b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:d529b4bbae3cfcf25ea91a29d3c9eb701ef6a3a54e6e0c0117c649f3e4dbe2dc_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:ddc27dbea59c611ffb5394114a6c754397cc0032ba3487a3f03041ed34cfce30_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:f87ac5bb84230c4c34f5404adbc45347a295fb1e60095c2e4ad1e0ea126382b5_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:1ac33bdd539b1bf2033e27f3127badf1afd2d5fdeef9fd51f00feeffdd936f32_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:32ae33eb3d84b30020cb6732e5c84f76cbd2de6abdd7b42e72be887015c49d35_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a6141b3b5508dc9690ae15ebc3efd33a3fc71382a7dd449a954ffe181f8cd138_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a621f4cfd83907d57317ce941f470ba4b0fb5d599aab38db936e591dde426404_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:0330e4aab6eb9d7c54417d2a6c5aaf959319eb1c811ab91085570295dc19b258_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:259bb75abc6b464d9badf8b110ab239232152010ada0c407241fab47ecbbae6e_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:571c6d9d4e84c6fcd278e13f15e71b527b618ac7d98c477c516d91e0097ba40c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:8286093133d109fe0d852491fda66c66d893527f3364c587b6d09823088bcba6_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0eb572fc96ae2e1973ce43515f03121965600bb09ef0b995eb467f5965c2246c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1438757fd131c12d8ae3a1edb5757bc63114b882d00563be2857917611008418_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a333f6b8ae405b22c746a02bd38a125753a347e7e2c352ec690fa97388b3a40b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f8d8f51bd4aeba9dcfd4edad0720410d289ac0e7a2642c90128d506d69d42c77_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:0f883371ffee9d87547a4dc9524a35c5e6cce840a722bf3a01b1be3c1396fdb1_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:6e8d1e3c7bee9c2c2bee357af24bae34510fe6b87075b98f5be34e41dd70d152_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:779c33c3679e47ebca0af343ba6e26d2723cfc9affdcee4df54078ef68278016_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:88d55cc7ec87db114cc60c9c7a67e9c6a69aae69c30a6c076bd94f239a84498c_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:6f16630ff37a5e18b5f8eee782edd6ada351a60b41fdab1bbfda27ebb297135a_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:ae7a2d5c703f6caa7d4facffe3c141bed9739b88967f5a832cf9005b2f815561_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:b6c961fab1178fcc25126ac214d0a7e15bf5738291e2e16c4e05ec320e54fcca_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bca47a6bb7edb70b24927ea02484c91bc4ce35cc8ebb24f5d68cb28193e77fda_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:792cbe51a6e0f80d9a97b5a6a538a36f756467624144ad3af2c2da53f85db68c_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:a0236e0cf364d15553a77f0c12f8f8c0bb12ebf2c49c43c68da4f3f28b93e781_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ab7de39ebdcc363fe61d919ebf430d6e533ddc108075c19f9c9e6d71938bfd6e_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ed37ac2ef10a9107672556fe62e19020d470745a0ec04378ed840949c49a6234_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:a4e9887db8647c4e958df4725f08340a9c6a462cd18fd2bf9c9f1fc939649740_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:10aa721d5a3c55fad979603898fa3b5d504c4911559b8615edfce9a5d0653ff0_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:3cde1fe9926ec2d6d7618cee7a053b1f66c8ebe1a5f6d9e097914b3d3d6f8ca1_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:43ba408b8ed58259bf338fd29260d936fbde9846f772d0580b3e7486ef8ea300_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e73fa4b644e17e520cc9836d4b235a5ae02e10a6a21addc2ae959832d4e08143_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1992f4b3414b6955295827e06e8e5e635f754eb3e0b52ca181e80add613d1ba4_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1cbde70be8f1035b0f45b02e0663c28aa444ea5bc2c8bca580ff164dcfff4196_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:7fbb7d98b130e1dc6c9f5f440244a05bff22e34ab70f5e57e45d4b70e4e3f8da_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:853107e7329e189ded3fc5ca657366e27010f468b1be813264efd9e2cf90c906_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:376ef09554debe6042424f2b4464922cf1aeb14d801fea5c81900d24ce028a39_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:4bb1a9bd246dac5d17ea6bb1556d7ebb87e794369f75913d3d197d2c55a48015_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:54a92917be83722915ce05181652988342015eeb3e54fa3b4dd226d6fd493ccd_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:de7cde72fcb72eccc9f5ea89eed7094e4c976c3e331c48ef450339323a326da1_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:58b596569b8de68d7474d949fd30d9a1666f1f08ea81e8264b9132263b61377b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:d529b4bbae3cfcf25ea91a29d3c9eb701ef6a3a54e6e0c0117c649f3e4dbe2dc_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:ddc27dbea59c611ffb5394114a6c754397cc0032ba3487a3f03041ed34cfce30_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:f87ac5bb84230c4c34f5404adbc45347a295fb1e60095c2e4ad1e0ea126382b5_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:1ac33bdd539b1bf2033e27f3127badf1afd2d5fdeef9fd51f00feeffdd936f32_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:32ae33eb3d84b30020cb6732e5c84f76cbd2de6abdd7b42e72be887015c49d35_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a6141b3b5508dc9690ae15ebc3efd33a3fc71382a7dd449a954ffe181f8cd138_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:a621f4cfd83907d57317ce941f470ba4b0fb5d599aab38db936e591dde426404_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:0330e4aab6eb9d7c54417d2a6c5aaf959319eb1c811ab91085570295dc19b258_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:259bb75abc6b464d9badf8b110ab239232152010ada0c407241fab47ecbbae6e_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:571c6d9d4e84c6fcd278e13f15e71b527b618ac7d98c477c516d91e0097ba40c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:8286093133d109fe0d852491fda66c66d893527f3364c587b6d09823088bcba6_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:0eb572fc96ae2e1973ce43515f03121965600bb09ef0b995eb467f5965c2246c_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:1438757fd131c12d8ae3a1edb5757bc63114b882d00563be2857917611008418_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a333f6b8ae405b22c746a02bd38a125753a347e7e2c352ec690fa97388b3a40b_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:f8d8f51bd4aeba9dcfd4edad0720410d289ac0e7a2642c90128d506d69d42c77_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:0f883371ffee9d87547a4dc9524a35c5e6cce840a722bf3a01b1be3c1396fdb1_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:6e8d1e3c7bee9c2c2bee357af24bae34510fe6b87075b98f5be34e41dd70d152_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:779c33c3679e47ebca0af343ba6e26d2723cfc9affdcee4df54078ef68278016_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:88d55cc7ec87db114cc60c9c7a67e9c6a69aae69c30a6c076bd94f239a84498c_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:6f16630ff37a5e18b5f8eee782edd6ada351a60b41fdab1bbfda27ebb297135a_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:ae7a2d5c703f6caa7d4facffe3c141bed9739b88967f5a832cf9005b2f815561_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:b6c961fab1178fcc25126ac214d0a7e15bf5738291e2e16c4e05ec320e54fcca_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bca47a6bb7edb70b24927ea02484c91bc4ce35cc8ebb24f5d68cb28193e77fda_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:792cbe51a6e0f80d9a97b5a6a538a36f756467624144ad3af2c2da53f85db68c_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:a0236e0cf364d15553a77f0c12f8f8c0bb12ebf2c49c43c68da4f3f28b93e781_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ab7de39ebdcc363fe61d919ebf430d6e533ddc108075c19f9c9e6d71938bfd6e_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:ed37ac2ef10a9107672556fe62e19020d470745a0ec04378ed840949c49a6234_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:a4e9887db8647c4e958df4725f08340a9c6a462cd18fd2bf9c9f1fc939649740_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:10aa721d5a3c55fad979603898fa3b5d504c4911559b8615edfce9a5d0653ff0_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:3cde1fe9926ec2d6d7618cee7a053b1f66c8ebe1a5f6d9e097914b3d3d6f8ca1_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:43ba408b8ed58259bf338fd29260d936fbde9846f772d0580b3e7486ef8ea300_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e73fa4b644e17e520cc9836d4b235a5ae02e10a6a21addc2ae959832d4e08143_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1992f4b3414b6955295827e06e8e5e635f754eb3e0b52ca181e80add613d1ba4_s390x",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1cbde70be8f1035b0f45b02e0663c28aa444ea5bc2c8bca580ff164dcfff4196_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:7fbb7d98b130e1dc6c9f5f440244a05bff22e34ab70f5e57e45d4b70e4e3f8da_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:853107e7329e189ded3fc5ca657366e27010f468b1be813264efd9e2cf90c906_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:376ef09554debe6042424f2b4464922cf1aeb14d801fea5c81900d24ce028a39_ppc64le",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:4bb1a9bd246dac5d17ea6bb1556d7ebb87e794369f75913d3d197d2c55a48015_amd64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:54a92917be83722915ce05181652988342015eeb3e54fa3b4dd226d6fd493ccd_arm64",
"Red Hat OpenShift GitOps 1.18:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:de7cde72fcb72eccc9f5ea89eed7094e4c976c3e331c48ef450339323a326da1_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation"
}
]
}
RHSA-2026:0513
Vulnerability from csaf_redhat - Published: 2026-01-13 16:33 - Updated: 2026-01-22 22:23Summary
Red Hat Security Advisory: opentelemetry-collector security update
Notes
Topic
An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Collector with the supported components for a Red Hat build of OpenTelemetry
Security Fix(es):
* github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation (CVE-2025-68156)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Collector with the supported components for a Red Hat build of OpenTelemetry\n\nSecurity Fix(es):\n\n* github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation (CVE-2025-68156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0513",
"url": "https://access.redhat.com/errata/RHSA-2026:0513"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2422891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422891"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0513.json"
}
],
"title": "Red Hat Security Advisory: opentelemetry-collector security update",
"tracking": {
"current_release_date": "2026-01-22T22:23:32+00:00",
"generator": {
"date": "2026-01-22T22:23:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2026:0513",
"initial_release_date": "2026-01-13T16:33:48+00:00",
"revision_history": [
{
"date": "2026-01-13T16:33:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-13T16:33:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-22T22:23:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "opentelemetry-collector-0:0.135.0-2.el9_6.src",
"product": {
"name": "opentelemetry-collector-0:0.135.0-2.el9_6.src",
"product_id": "opentelemetry-collector-0:0.135.0-2.el9_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opentelemetry-collector@0.135.0-2.el9_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "opentelemetry-collector-0:0.135.0-2.el9_6.aarch64",
"product": {
"name": "opentelemetry-collector-0:0.135.0-2.el9_6.aarch64",
"product_id": "opentelemetry-collector-0:0.135.0-2.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opentelemetry-collector@0.135.0-2.el9_6?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "opentelemetry-collector-0:0.135.0-2.el9_6.ppc64le",
"product": {
"name": "opentelemetry-collector-0:0.135.0-2.el9_6.ppc64le",
"product_id": "opentelemetry-collector-0:0.135.0-2.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opentelemetry-collector@0.135.0-2.el9_6?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "opentelemetry-collector-0:0.135.0-2.el9_6.x86_64",
"product": {
"name": "opentelemetry-collector-0:0.135.0-2.el9_6.x86_64",
"product_id": "opentelemetry-collector-0:0.135.0-2.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opentelemetry-collector@0.135.0-2.el9_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "opentelemetry-collector-0:0.135.0-2.el9_6.s390x",
"product": {
"name": "opentelemetry-collector-0:0.135.0-2.el9_6.s390x",
"product_id": "opentelemetry-collector-0:0.135.0-2.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opentelemetry-collector@0.135.0-2.el9_6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "opentelemetry-collector-0:0.135.0-2.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_6.aarch64"
},
"product_reference": "opentelemetry-collector-0:0.135.0-2.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opentelemetry-collector-0:0.135.0-2.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_6.ppc64le"
},
"product_reference": "opentelemetry-collector-0:0.135.0-2.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opentelemetry-collector-0:0.135.0-2.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_6.s390x"
},
"product_reference": "opentelemetry-collector-0:0.135.0-2.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opentelemetry-collector-0:0.135.0-2.el9_6.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_6.src"
},
"product_reference": "opentelemetry-collector-0:0.135.0-2.el9_6.src",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opentelemetry-collector-0:0.135.0-2.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_6.x86_64"
},
"product_reference": "opentelemetry-collector-0:0.135.0-2.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-68156",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-16T19:01:42.049157+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2422891"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service (DoS) via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic and application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products utilizing the `Expr` Go library because it can lead to a denial-of-service. Exploitation requires an application to evaluate expressions against untrusted or insufficiently validated data structures containing deeply nested or cyclic references, which can cause a stack overflow and application crash. Products that do not process untrusted input with `Expr` are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_6.src",
"AppStream-9.6.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68156"
},
{
"category": "external",
"summary": "RHBZ#2422891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422891"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68156",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68156"
},
{
"category": "external",
"summary": "https://github.com/expr-lang/expr/pull/870",
"url": "https://github.com/expr-lang/expr/pull/870"
},
{
"category": "external",
"summary": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6",
"url": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6"
}
],
"release_date": "2025-12-16T18:24:11.648000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-13T16:33:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_6.src",
"AppStream-9.6.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0513"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications using the `Expr` library should ensure that evaluation environments do not contain cyclic references. Additionally, externally supplied data structures must be validated or sanitized before being passed to `Expr` for evaluation. As a last-resort defensive measure, expression evaluation can be wrapped with panic recovery to prevent a full process crash.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_6.src",
"AppStream-9.6.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_6.src",
"AppStream-9.6.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation"
}
]
}
RHSA-2026:0512
Vulnerability from csaf_redhat - Published: 2026-01-13 16:29 - Updated: 2026-01-22 22:23Summary
Red Hat Security Advisory: opentelemetry-collector security update
Notes
Topic
An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Collector with the supported components for a Red Hat build of OpenTelemetry
Security Fix(es):
* github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation (CVE-2025-68156)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Collector with the supported components for a Red Hat build of OpenTelemetry\n\nSecurity Fix(es):\n\n* github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation (CVE-2025-68156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0512",
"url": "https://access.redhat.com/errata/RHSA-2026:0512"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2422891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422891"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0512.json"
}
],
"title": "Red Hat Security Advisory: opentelemetry-collector security update",
"tracking": {
"current_release_date": "2026-01-22T22:23:30+00:00",
"generator": {
"date": "2026-01-22T22:23:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2026:0512",
"initial_release_date": "2026-01-13T16:29:33+00:00",
"revision_history": [
{
"date": "2026-01-13T16:29:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-13T16:29:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-22T22:23:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "opentelemetry-collector-0:0.135.0-2.el9_4.ppc64le",
"product": {
"name": "opentelemetry-collector-0:0.135.0-2.el9_4.ppc64le",
"product_id": "opentelemetry-collector-0:0.135.0-2.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opentelemetry-collector@0.135.0-2.el9_4?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "opentelemetry-collector-0:0.135.0-2.el9_4.x86_64",
"product": {
"name": "opentelemetry-collector-0:0.135.0-2.el9_4.x86_64",
"product_id": "opentelemetry-collector-0:0.135.0-2.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opentelemetry-collector@0.135.0-2.el9_4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "opentelemetry-collector-0:0.135.0-2.el9_4.s390x",
"product": {
"name": "opentelemetry-collector-0:0.135.0-2.el9_4.s390x",
"product_id": "opentelemetry-collector-0:0.135.0-2.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opentelemetry-collector@0.135.0-2.el9_4?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "opentelemetry-collector-0:0.135.0-2.el9_4.src",
"product": {
"name": "opentelemetry-collector-0:0.135.0-2.el9_4.src",
"product_id": "opentelemetry-collector-0:0.135.0-2.el9_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opentelemetry-collector@0.135.0-2.el9_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "opentelemetry-collector-0:0.135.0-2.el9_4.aarch64",
"product": {
"name": "opentelemetry-collector-0:0.135.0-2.el9_4.aarch64",
"product_id": "opentelemetry-collector-0:0.135.0-2.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opentelemetry-collector@0.135.0-2.el9_4?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "opentelemetry-collector-0:0.135.0-2.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_4.aarch64"
},
"product_reference": "opentelemetry-collector-0:0.135.0-2.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opentelemetry-collector-0:0.135.0-2.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_4.ppc64le"
},
"product_reference": "opentelemetry-collector-0:0.135.0-2.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opentelemetry-collector-0:0.135.0-2.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_4.s390x"
},
"product_reference": "opentelemetry-collector-0:0.135.0-2.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opentelemetry-collector-0:0.135.0-2.el9_4.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_4.src"
},
"product_reference": "opentelemetry-collector-0:0.135.0-2.el9_4.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opentelemetry-collector-0:0.135.0-2.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_4.x86_64"
},
"product_reference": "opentelemetry-collector-0:0.135.0-2.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-68156",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-16T19:01:42.049157+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2422891"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service (DoS) via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic and application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products utilizing the `Expr` Go library because it can lead to a denial-of-service. Exploitation requires an application to evaluate expressions against untrusted or insufficiently validated data structures containing deeply nested or cyclic references, which can cause a stack overflow and application crash. Products that do not process untrusted input with `Expr` are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_4.src",
"AppStream-9.4.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68156"
},
{
"category": "external",
"summary": "RHBZ#2422891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422891"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68156",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68156"
},
{
"category": "external",
"summary": "https://github.com/expr-lang/expr/pull/870",
"url": "https://github.com/expr-lang/expr/pull/870"
},
{
"category": "external",
"summary": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6",
"url": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6"
}
],
"release_date": "2025-12-16T18:24:11.648000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-13T16:29:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_4.src",
"AppStream-9.4.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0512"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications using the `Expr` library should ensure that evaluation environments do not contain cyclic references. Additionally, externally supplied data structures must be validated or sanitized before being passed to `Expr` for evaluation. As a last-resort defensive measure, expression evaluation can be wrapped with panic recovery to prevent a full process crash.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_4.src",
"AppStream-9.4.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_4.src",
"AppStream-9.4.0.Z.EUS:opentelemetry-collector-0:0.135.0-2.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation"
}
]
}
OPENSUSE-SU-2025:15832-1
Vulnerability from csaf_opensuse - Published: 2025-12-19 00:00 - Updated: 2025-12-19 00:00Summary
coredns-for-k8s1.35-1.13.1-2.1 on GA media
Notes
Title of the patch
coredns-for-k8s1.35-1.13.1-2.1 on GA media
Description of the patch
These are all security issues fixed in the coredns-for-k8s1.35-1.13.1-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15832
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "coredns-for-k8s1.35-1.13.1-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the coredns-for-k8s1.35-1.13.1-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15832",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15832-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68156 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68156/"
}
],
"title": "coredns-for-k8s1.35-1.13.1-2.1 on GA media",
"tracking": {
"current_release_date": "2025-12-19T00:00:00Z",
"generator": {
"date": "2025-12-19T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15832-1",
"initial_release_date": "2025-12-19T00:00:00Z",
"revision_history": [
{
"date": "2025-12-19T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "coredns-for-k8s1.35-1.13.1-2.1.aarch64",
"product": {
"name": "coredns-for-k8s1.35-1.13.1-2.1.aarch64",
"product_id": "coredns-for-k8s1.35-1.13.1-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "coredns-for-k8s1.35-extras-1.13.1-2.1.aarch64",
"product": {
"name": "coredns-for-k8s1.35-extras-1.13.1-2.1.aarch64",
"product_id": "coredns-for-k8s1.35-extras-1.13.1-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "coredns-for-k8s1.35-1.13.1-2.1.ppc64le",
"product": {
"name": "coredns-for-k8s1.35-1.13.1-2.1.ppc64le",
"product_id": "coredns-for-k8s1.35-1.13.1-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "coredns-for-k8s1.35-extras-1.13.1-2.1.ppc64le",
"product": {
"name": "coredns-for-k8s1.35-extras-1.13.1-2.1.ppc64le",
"product_id": "coredns-for-k8s1.35-extras-1.13.1-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "coredns-for-k8s1.35-1.13.1-2.1.s390x",
"product": {
"name": "coredns-for-k8s1.35-1.13.1-2.1.s390x",
"product_id": "coredns-for-k8s1.35-1.13.1-2.1.s390x"
}
},
{
"category": "product_version",
"name": "coredns-for-k8s1.35-extras-1.13.1-2.1.s390x",
"product": {
"name": "coredns-for-k8s1.35-extras-1.13.1-2.1.s390x",
"product_id": "coredns-for-k8s1.35-extras-1.13.1-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "coredns-for-k8s1.35-1.13.1-2.1.x86_64",
"product": {
"name": "coredns-for-k8s1.35-1.13.1-2.1.x86_64",
"product_id": "coredns-for-k8s1.35-1.13.1-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "coredns-for-k8s1.35-extras-1.13.1-2.1.x86_64",
"product": {
"name": "coredns-for-k8s1.35-extras-1.13.1-2.1.x86_64",
"product_id": "coredns-for-k8s1.35-extras-1.13.1-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-for-k8s1.35-1.13.1-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-for-k8s1.35-1.13.1-2.1.aarch64"
},
"product_reference": "coredns-for-k8s1.35-1.13.1-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-for-k8s1.35-1.13.1-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-for-k8s1.35-1.13.1-2.1.ppc64le"
},
"product_reference": "coredns-for-k8s1.35-1.13.1-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-for-k8s1.35-1.13.1-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-for-k8s1.35-1.13.1-2.1.s390x"
},
"product_reference": "coredns-for-k8s1.35-1.13.1-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-for-k8s1.35-1.13.1-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-for-k8s1.35-1.13.1-2.1.x86_64"
},
"product_reference": "coredns-for-k8s1.35-1.13.1-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-for-k8s1.35-extras-1.13.1-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-for-k8s1.35-extras-1.13.1-2.1.aarch64"
},
"product_reference": "coredns-for-k8s1.35-extras-1.13.1-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-for-k8s1.35-extras-1.13.1-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-for-k8s1.35-extras-1.13.1-2.1.ppc64le"
},
"product_reference": "coredns-for-k8s1.35-extras-1.13.1-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-for-k8s1.35-extras-1.13.1-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-for-k8s1.35-extras-1.13.1-2.1.s390x"
},
"product_reference": "coredns-for-k8s1.35-extras-1.13.1-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-for-k8s1.35-extras-1.13.1-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-for-k8s1.35-extras-1.13.1-2.1.x86_64"
},
"product_reference": "coredns-for-k8s1.35-extras-1.13.1-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-68156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68156"
}
],
"notes": [
{
"category": "general",
"text": "Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation environment contains deeply nested or cyclic data structures, these functions may recurse indefinitely until exceed the Go runtime stack limit. This results in a stack overflow panic, causing the host application to crash. While exploitability depends on whether an attacker can influence or inject cyclic or pathologically deep data into the\nevaluation environment, this behavior represents a denial-of-service (DoS) risk and affects overall library robustness. Instead of returning a recoverable evaluation error, the process may terminate unexpectedly. In affected versions, evaluation of expressions that invoke certain builtin functions on untrusted or insufficiently validated data structures can lead to a process-level crash due to stack exhaustion. This issue is most relevant in scenarios where Expr is used to evaluate expressions against externally supplied or dynamically constructed environments; cyclic references (directly or indirectly) can be introduced into arrays, maps, or structs; and there are no application-level safeguards preventing deeply nested input data. In typical use cases with controlled, acyclic data, the issue may not manifest. However, when present, the resulting panic can be used to reliably crash the application, constituting a denial of service. The issue has been fixed in the v1.17.7 versions of Expr. The patch introduces a maximum recursion depth limit for affected builtin functions. When this limit is exceeded, evaluation aborts gracefully and returns a descriptive error instead of panicking. Additionally, the maximum depth can be customized by users via `builtin.MaxDepth`, allowing applications with legitimate deep structures to raise the limit in a controlled manner. Users are strongly encouraged to upgrade to the patched release, which includes both the recursion guard and comprehensive test coverage to prevent regressions. For users who cannot immediately upgrade, some mitigations are recommended. Ensure that evaluation environments cannot contain cyclic references, validate or sanitize externally supplied data structures before passing them to Expr, and/or wrap expression evaluation with panic recovery to prevent a full process crash (as a last-resort defensive measure). These workarounds reduce risk but do not fully eliminate the issue without the patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:coredns-for-k8s1.35-1.13.1-2.1.aarch64",
"openSUSE Tumbleweed:coredns-for-k8s1.35-1.13.1-2.1.ppc64le",
"openSUSE Tumbleweed:coredns-for-k8s1.35-1.13.1-2.1.s390x",
"openSUSE Tumbleweed:coredns-for-k8s1.35-1.13.1-2.1.x86_64",
"openSUSE Tumbleweed:coredns-for-k8s1.35-extras-1.13.1-2.1.aarch64",
"openSUSE Tumbleweed:coredns-for-k8s1.35-extras-1.13.1-2.1.ppc64le",
"openSUSE Tumbleweed:coredns-for-k8s1.35-extras-1.13.1-2.1.s390x",
"openSUSE Tumbleweed:coredns-for-k8s1.35-extras-1.13.1-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68156",
"url": "https://www.suse.com/security/cve/CVE-2025-68156"
},
{
"category": "external",
"summary": "SUSE Bug 1255330 for CVE-2025-68156",
"url": "https://bugzilla.suse.com/1255330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:coredns-for-k8s1.35-1.13.1-2.1.aarch64",
"openSUSE Tumbleweed:coredns-for-k8s1.35-1.13.1-2.1.ppc64le",
"openSUSE Tumbleweed:coredns-for-k8s1.35-1.13.1-2.1.s390x",
"openSUSE Tumbleweed:coredns-for-k8s1.35-1.13.1-2.1.x86_64",
"openSUSE Tumbleweed:coredns-for-k8s1.35-extras-1.13.1-2.1.aarch64",
"openSUSE Tumbleweed:coredns-for-k8s1.35-extras-1.13.1-2.1.ppc64le",
"openSUSE Tumbleweed:coredns-for-k8s1.35-extras-1.13.1-2.1.s390x",
"openSUSE Tumbleweed:coredns-for-k8s1.35-extras-1.13.1-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:coredns-for-k8s1.35-1.13.1-2.1.aarch64",
"openSUSE Tumbleweed:coredns-for-k8s1.35-1.13.1-2.1.ppc64le",
"openSUSE Tumbleweed:coredns-for-k8s1.35-1.13.1-2.1.s390x",
"openSUSE Tumbleweed:coredns-for-k8s1.35-1.13.1-2.1.x86_64",
"openSUSE Tumbleweed:coredns-for-k8s1.35-extras-1.13.1-2.1.aarch64",
"openSUSE Tumbleweed:coredns-for-k8s1.35-extras-1.13.1-2.1.ppc64le",
"openSUSE Tumbleweed:coredns-for-k8s1.35-extras-1.13.1-2.1.s390x",
"openSUSE Tumbleweed:coredns-for-k8s1.35-extras-1.13.1-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-19T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-68156"
}
]
}
OPENSUSE-SU-2026:10021-1
Vulnerability from csaf_opensuse - Published: 2026-01-09 00:00 - Updated: 2026-01-09 00:00Summary
coredns-1.14.0-1.1 on GA media
Notes
Title of the patch
coredns-1.14.0-1.1 on GA media
Description of the patch
These are all security issues fixed in the coredns-1.14.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2026-10021
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "coredns-1.14.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the coredns-1.14.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10021",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10021-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68156 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68156/"
}
],
"title": "coredns-1.14.0-1.1 on GA media",
"tracking": {
"current_release_date": "2026-01-09T00:00:00Z",
"generator": {
"date": "2026-01-09T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10021-1",
"initial_release_date": "2026-01-09T00:00:00Z",
"revision_history": [
{
"date": "2026-01-09T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "coredns-1.14.0-1.1.aarch64",
"product": {
"name": "coredns-1.14.0-1.1.aarch64",
"product_id": "coredns-1.14.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "coredns-extras-1.14.0-1.1.aarch64",
"product": {
"name": "coredns-extras-1.14.0-1.1.aarch64",
"product_id": "coredns-extras-1.14.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "coredns-1.14.0-1.1.ppc64le",
"product": {
"name": "coredns-1.14.0-1.1.ppc64le",
"product_id": "coredns-1.14.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "coredns-extras-1.14.0-1.1.ppc64le",
"product": {
"name": "coredns-extras-1.14.0-1.1.ppc64le",
"product_id": "coredns-extras-1.14.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "coredns-1.14.0-1.1.s390x",
"product": {
"name": "coredns-1.14.0-1.1.s390x",
"product_id": "coredns-1.14.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "coredns-extras-1.14.0-1.1.s390x",
"product": {
"name": "coredns-extras-1.14.0-1.1.s390x",
"product_id": "coredns-extras-1.14.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "coredns-1.14.0-1.1.x86_64",
"product": {
"name": "coredns-1.14.0-1.1.x86_64",
"product_id": "coredns-1.14.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "coredns-extras-1.14.0-1.1.x86_64",
"product": {
"name": "coredns-extras-1.14.0-1.1.x86_64",
"product_id": "coredns-extras-1.14.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.14.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-1.14.0-1.1.aarch64"
},
"product_reference": "coredns-1.14.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.14.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-1.14.0-1.1.ppc64le"
},
"product_reference": "coredns-1.14.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.14.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-1.14.0-1.1.s390x"
},
"product_reference": "coredns-1.14.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.14.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-1.14.0-1.1.x86_64"
},
"product_reference": "coredns-1.14.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-extras-1.14.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-extras-1.14.0-1.1.aarch64"
},
"product_reference": "coredns-extras-1.14.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-extras-1.14.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-extras-1.14.0-1.1.ppc64le"
},
"product_reference": "coredns-extras-1.14.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-extras-1.14.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-extras-1.14.0-1.1.s390x"
},
"product_reference": "coredns-extras-1.14.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-extras-1.14.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-extras-1.14.0-1.1.x86_64"
},
"product_reference": "coredns-extras-1.14.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-68156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68156"
}
],
"notes": [
{
"category": "general",
"text": "Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation environment contains deeply nested or cyclic data structures, these functions may recurse indefinitely until exceed the Go runtime stack limit. This results in a stack overflow panic, causing the host application to crash. While exploitability depends on whether an attacker can influence or inject cyclic or pathologically deep data into the\nevaluation environment, this behavior represents a denial-of-service (DoS) risk and affects overall library robustness. Instead of returning a recoverable evaluation error, the process may terminate unexpectedly. In affected versions, evaluation of expressions that invoke certain builtin functions on untrusted or insufficiently validated data structures can lead to a process-level crash due to stack exhaustion. This issue is most relevant in scenarios where Expr is used to evaluate expressions against externally supplied or dynamically constructed environments; cyclic references (directly or indirectly) can be introduced into arrays, maps, or structs; and there are no application-level safeguards preventing deeply nested input data. In typical use cases with controlled, acyclic data, the issue may not manifest. However, when present, the resulting panic can be used to reliably crash the application, constituting a denial of service. The issue has been fixed in the v1.17.7 versions of Expr. The patch introduces a maximum recursion depth limit for affected builtin functions. When this limit is exceeded, evaluation aborts gracefully and returns a descriptive error instead of panicking. Additionally, the maximum depth can be customized by users via `builtin.MaxDepth`, allowing applications with legitimate deep structures to raise the limit in a controlled manner. Users are strongly encouraged to upgrade to the patched release, which includes both the recursion guard and comprehensive test coverage to prevent regressions. For users who cannot immediately upgrade, some mitigations are recommended. Ensure that evaluation environments cannot contain cyclic references, validate or sanitize externally supplied data structures before passing them to Expr, and/or wrap expression evaluation with panic recovery to prevent a full process crash (as a last-resort defensive measure). These workarounds reduce risk but do not fully eliminate the issue without the patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:coredns-1.14.0-1.1.aarch64",
"openSUSE Tumbleweed:coredns-1.14.0-1.1.ppc64le",
"openSUSE Tumbleweed:coredns-1.14.0-1.1.s390x",
"openSUSE Tumbleweed:coredns-1.14.0-1.1.x86_64",
"openSUSE Tumbleweed:coredns-extras-1.14.0-1.1.aarch64",
"openSUSE Tumbleweed:coredns-extras-1.14.0-1.1.ppc64le",
"openSUSE Tumbleweed:coredns-extras-1.14.0-1.1.s390x",
"openSUSE Tumbleweed:coredns-extras-1.14.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68156",
"url": "https://www.suse.com/security/cve/CVE-2025-68156"
},
{
"category": "external",
"summary": "SUSE Bug 1255330 for CVE-2025-68156",
"url": "https://bugzilla.suse.com/1255330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:coredns-1.14.0-1.1.aarch64",
"openSUSE Tumbleweed:coredns-1.14.0-1.1.ppc64le",
"openSUSE Tumbleweed:coredns-1.14.0-1.1.s390x",
"openSUSE Tumbleweed:coredns-1.14.0-1.1.x86_64",
"openSUSE Tumbleweed:coredns-extras-1.14.0-1.1.aarch64",
"openSUSE Tumbleweed:coredns-extras-1.14.0-1.1.ppc64le",
"openSUSE Tumbleweed:coredns-extras-1.14.0-1.1.s390x",
"openSUSE Tumbleweed:coredns-extras-1.14.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:coredns-1.14.0-1.1.aarch64",
"openSUSE Tumbleweed:coredns-1.14.0-1.1.ppc64le",
"openSUSE Tumbleweed:coredns-1.14.0-1.1.s390x",
"openSUSE Tumbleweed:coredns-1.14.0-1.1.x86_64",
"openSUSE Tumbleweed:coredns-extras-1.14.0-1.1.aarch64",
"openSUSE Tumbleweed:coredns-extras-1.14.0-1.1.ppc64le",
"openSUSE Tumbleweed:coredns-extras-1.14.0-1.1.s390x",
"openSUSE Tumbleweed:coredns-extras-1.14.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-09T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-68156"
}
]
}
FKIE_CVE-2025-68156
Vulnerability from fkie_nvd - Published: 2025-12-16 19:16 - Updated: 2025-12-18 15:08
Severity ?
Summary
Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation environment contains deeply nested or cyclic data structures, these functions may recurse indefinitely until exceed the Go runtime stack limit. This results in a stack overflow panic, causing the host application to crash. While exploitability depends on whether an attacker can influence or inject cyclic or pathologically deep data into the
evaluation environment, this behavior represents a denial-of-service (DoS) risk and affects overall library robustness. Instead of returning a recoverable evaluation error, the process may terminate unexpectedly. In affected versions, evaluation of expressions that invoke certain builtin functions on untrusted or insufficiently validated data structures can lead to a process-level crash due to stack exhaustion. This issue is most relevant in scenarios where Expr is used to evaluate expressions against externally supplied or dynamically constructed environments; cyclic references (directly or indirectly) can be introduced into arrays, maps, or structs; and there are no application-level safeguards preventing deeply nested input data. In typical use cases with controlled, acyclic data, the issue may not manifest. However, when present, the resulting panic can be used to reliably crash the application, constituting a denial of service. The issue has been fixed in the v1.17.7 versions of Expr. The patch introduces a maximum recursion depth limit for affected builtin functions. When this limit is exceeded, evaluation aborts gracefully and returns a descriptive error instead of panicking. Additionally, the maximum depth can be customized by users via `builtin.MaxDepth`, allowing applications with legitimate deep structures to raise the limit in a controlled manner. Users are strongly encouraged to upgrade to the patched release, which includes both the recursion guard and comprehensive test coverage to prevent regressions. For users who cannot immediately upgrade, some mitigations are recommended. Ensure that evaluation environments cannot contain cyclic references, validate or sanitize externally supplied data structures before passing them to Expr, and/or wrap expression evaluation with panic recovery to prevent a full process crash (as a last-resort defensive measure). These workarounds reduce risk but do not fully eliminate the issue without the patch.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation environment contains deeply nested or cyclic data structures, these functions may recurse indefinitely until exceed the Go runtime stack limit. This results in a stack overflow panic, causing the host application to crash. While exploitability depends on whether an attacker can influence or inject cyclic or pathologically deep data into the\nevaluation environment, this behavior represents a denial-of-service (DoS) risk and affects overall library robustness. Instead of returning a recoverable evaluation error, the process may terminate unexpectedly. In affected versions, evaluation of expressions that invoke certain builtin functions on untrusted or insufficiently validated data structures can lead to a process-level crash due to stack exhaustion. This issue is most relevant in scenarios where Expr is used to evaluate expressions against externally supplied or dynamically constructed environments; cyclic references (directly or indirectly) can be introduced into arrays, maps, or structs; and there are no application-level safeguards preventing deeply nested input data. In typical use cases with controlled, acyclic data, the issue may not manifest. However, when present, the resulting panic can be used to reliably crash the application, constituting a denial of service. The issue has been fixed in the v1.17.7 versions of Expr. The patch introduces a maximum recursion depth limit for affected builtin functions. When this limit is exceeded, evaluation aborts gracefully and returns a descriptive error instead of panicking. Additionally, the maximum depth can be customized by users via `builtin.MaxDepth`, allowing applications with legitimate deep structures to raise the limit in a controlled manner. Users are strongly encouraged to upgrade to the patched release, which includes both the recursion guard and comprehensive test coverage to prevent regressions. For users who cannot immediately upgrade, some mitigations are recommended. Ensure that evaluation environments cannot contain cyclic references, validate or sanitize externally supplied data structures before passing them to Expr, and/or wrap expression evaluation with panic recovery to prevent a full process crash (as a last-resort defensive measure). These workarounds reduce risk but do not fully eliminate the issue without the patch."
}
],
"id": "CVE-2025-68156",
"lastModified": "2025-12-18T15:08:06.237",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-12-16T19:16:00.567",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/expr-lang/expr/pull/870"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
GHSA-CFPF-HRX2-8RV6
Vulnerability from github – Published: 2025-12-16 22:34 – Updated: 2025-12-16 22:34
VLAI?
Summary
Expr has Denial of Service via Unbounded Recursion in Builtin Functions
Details
Several builtin functions in Expr, including flatten, min, max, mean, and median, perform
recursive traversal over user-provided data structures without enforcing a maximum recursion depth.
If the evaluation environment contains deeply nested or cyclic data structures, these functions may recurse indefinitely until exceed the Go runtime stack limit. This results in a stack overflow panic, causing the host application to crash.
While exploitability depends on whether an attacker can influence or inject cyclic or pathologically deep data into the evaluation environment, this behavior represents a denial-of-service (DoS) risk and affects overall library robustness. Instead of returning a recoverable evaluation error, the process may terminate unexpectedly.
Impact
In affected versions, evaluation of expressions that invoke certain builtin functions on untrusted or insufficiently validated data structures can lead to a process-level crash due to stack exhaustion.
This issue is most relevant in scenarios where:
- Expr is used to evaluate expressions against externally supplied or dynamically constructed environments.
- Cyclic references (directly or indirectly) can be introduced into arrays, maps, or structs.
- There are no application-level safeguards preventing deeply nested input data.
In typical use cases with controlled, acyclic data, the issue may not manifest. However, when present, the resulting panic can be used to reliably crash the application, constituting a denial of service.
Patches
The issue has been fixed in the v1.17.7 versions of Expr.
The patch introduces a maximum recursion depth limit for affected builtin functions. When this limit is exceeded, evaluation aborts gracefully and returns a descriptive error instead of panicking.
Additionally, the maximum depth can be customized by users via builtin.MaxDepth, allowing applications with legitimate
deep structures to raise the limit in a controlled manner.
Users are strongly encouraged to upgrade to the patched release, which includes both the recursion guard and comprehensive test coverage to prevent regressions.
Workarounds
For users who cannot immediately upgrade, the following mitigations are recommended:
- Ensure that evaluation environments cannot contain cyclic references.
- Validate or sanitize externally supplied data structures before passing them to Expr.
- Wrap expression evaluation with panic recovery to prevent a full process crash (as a last-resort defensive measure).
These workarounds reduce risk but do not fully eliminate the issue without the patch.
Severity ?
7.5 (High)
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/expr-lang/expr"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.17.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-68156"
],
"database_specific": {
"cwe_ids": [
"CWE-770"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-16T22:34:16Z",
"nvd_published_at": "2025-12-16T19:16:00Z",
"severity": "HIGH"
},
"details": "Several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform\nrecursive traversal over user-provided data structures without enforcing a maximum recursion depth.\n\nIf the evaluation environment contains **deeply nested** or **cyclic** data structures, these functions may recurse\nindefinitely until exceed the Go runtime stack limit. This results in a **stack overflow panic**, causing the host\napplication to crash.\n\nWhile exploitability depends on whether an attacker can influence or inject cyclic or pathologically deep data into the\nevaluation environment, this behavior represents a denial-of-service (DoS) risk and affects overall library robustness.\nInstead of returning a recoverable evaluation error, the process may terminate unexpectedly.\n\n### Impact\n\nIn affected versions, evaluation of expressions that invoke certain builtin functions on untrusted or insufficiently\nvalidated data structures can lead to a **process-level crash** due to stack exhaustion.\n\nThis issue is most relevant in scenarios where:\n\n* Expr is used to evaluate expressions against externally supplied or dynamically constructed environments.\n* Cyclic references (directly or indirectly) can be introduced into arrays, maps, or structs.\n* There are no application-level safeguards preventing deeply nested input data.\n\nIn typical use cases with controlled, acyclic data, the issue may not manifest. However, when present, the resulting\npanic can be used to reliably crash the application, constituting a denial of service.\n\n### Patches\n\nThe issue has been fixed in the v1.17.7 versions of Expr.\n\nThe patch introduces a **maximum recursion depth limit** for affected builtin functions. When this limit is exceeded,\nevaluation aborts gracefully and returns a descriptive error instead of panicking.\n\nAdditionally, the maximum depth can be customized by users via `builtin.MaxDepth`, allowing applications with legitimate\ndeep structures to raise the limit in a controlled manner.\n\nUsers are strongly encouraged to upgrade to the patched release, which includes both the recursion guard and\ncomprehensive test coverage to prevent regressions.\n\n### Workarounds\n\nFor users who cannot immediately upgrade, the following mitigations are recommended:\n\n* Ensure that evaluation environments cannot contain cyclic references.\n* Validate or sanitize externally supplied data structures before passing them to Expr.\n* Wrap expression evaluation with panic recovery to prevent a full process crash (as a last-resort defensive measure).\n\nThese workarounds reduce risk but do not fully eliminate the issue without the patch.",
"id": "GHSA-cfpf-hrx2-8rv6",
"modified": "2025-12-16T22:34:16Z",
"published": "2025-12-16T22:34:16Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68156"
},
{
"type": "WEB",
"url": "https://github.com/expr-lang/expr/pull/870"
},
{
"type": "PACKAGE",
"url": "https://github.com/expr-lang/expr"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Expr has Denial of Service via Unbounded Recursion in Builtin Functions"
}
WID-SEC-W-2025-2886
Vulnerability from csaf_certbund - Published: 2025-12-18 23:00 - Updated: 2026-01-06 23:00Summary
Red Hat Enterprise Linux (git-lfs, opentelemetry-collector): Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um Dateien zu manipulieren und einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme
- UNIX
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um Dateien zu manipulieren und einen Denial-of-Service-Zustand zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2886 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2886.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2886 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2886"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2025-12-18",
"url": "https://access.redhat.com/errata/RHSA-2025:23664"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2025-12-18",
"url": "https://access.redhat.com/errata/RHSA-2025:23667"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-23667 vom 2025-12-19",
"url": "https://linux.oracle.com/errata/ELSA-2025-23667.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:23667 vom 2025-12-20",
"url": "https://errata.build.resf.org/RLSA-2025:23667"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23744 vom 2025-12-22",
"url": "https://access.redhat.com/errata/RHSA-2025:23744"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23745 vom 2025-12-22",
"url": "https://access.redhat.com/errata/RHSA-2025:23745"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:23664 vom 2025-12-20",
"url": "https://errata.build.resf.org/RLSA-2025:23664"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15826-1 vom 2025-12-19",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JOORLR7RSL2C72NQ24OU7Q6PVSYY3DZN/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23729 vom 2025-12-22",
"url": "https://access.redhat.com/errata/RHSA-2025:23729"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15825-1 vom 2025-12-19",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RM47OIUEDFYOHGPXDM4ASJ4DS4I2YAKK/"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-23745 vom 2025-12-22",
"url": "https://linux.oracle.com/errata/ELSA-2025-23745.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-23744 vom 2025-12-22",
"url": "https://linux.oracle.com/errata/ELSA-2025-23744.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23927 vom 2025-12-22",
"url": "https://access.redhat.com/errata/RHSA-2025:23927"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:23729 vom 2025-12-23",
"url": "https://errata.build.resf.org/RLSA-2025:23729"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:23744 vom 2025-12-23",
"url": "https://errata.build.resf.org/RLSA-2025:23744"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:23745 vom 2025-12-23",
"url": "https://errata.build.resf.org/RLSA-2025:23745"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2025-3120 vom 2026-01-05",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-3120.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0203 vom 2026-01-07",
"url": "https://access.redhat.com/errata/RHSA-2026:0203"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0204 vom 2026-01-07",
"url": "https://access.redhat.com/errata/RHSA-2026:0204"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0199 vom 2026-01-07",
"url": "https://access.redhat.com/errata/RHSA-2026:0199"
}
],
"source_lang": "en-US",
"title": "Red Hat Enterprise Linux (git-lfs, opentelemetry-collector): Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-01-06T23:00:00.000+00:00",
"generator": {
"date": "2026-01-07T07:20:25.310+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-2886",
"initial_release_date": "2025-12-18T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-12-18T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-12-21T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Rocky Enterprise Software Foundation, Red Hat und openSUSE aufgenommen"
},
{
"date": "2025-12-22T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-01-05T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2026-01-06T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "10",
"product": {
"name": "Red Hat Enterprise Linux 10",
"product_id": "T049560",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-26625",
"product_status": {
"known_affected": [
"67646",
"T049560",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2025-12-18T23:00:00.000+00:00",
"title": "CVE-2025-26625"
},
{
"cve": "CVE-2025-68156",
"product_status": {
"known_affected": [
"67646",
"T049560",
"T027843",
"398363",
"T004914",
"T032255"
]
},
"release_date": "2025-12-18T23:00:00.000+00:00",
"title": "CVE-2025-68156"
}
]
}
MSRC_CVE-2025-68156
Vulnerability from csaf_microsoft - Published: 2025-12-02 00:00 - Updated: 2026-01-08 01:39Summary
Expr has Denial of Service via Unbounded Recursion in Builtin Functions
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-68156 Expr has Denial of Service via Unbounded Recursion in Builtin Functions - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-68156.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Expr has Denial of Service via Unbounded Recursion in Builtin Functions",
"tracking": {
"current_release_date": "2026-01-08T01:39:14.000Z",
"generator": {
"date": "2026-01-08T08:58:26.425Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-68156",
"initial_release_date": "2025-12-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-12-19T01:02:08.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2025-12-27T01:36:36.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
},
{
"date": "2026-01-08T01:39:14.000Z",
"legacy_version": "3",
"number": "3",
"summary": "Information published."
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
},
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 coredns 1.11.4-11",
"product": {
"name": "\u003cazl3 coredns 1.11.4-11",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 coredns 1.11.4-11",
"product": {
"name": "azl3 coredns 1.11.4-11",
"product_id": "20760"
}
}
],
"category": "product_name",
"name": "coredns"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 keda 2.14.1-7",
"product": {
"name": "\u003cazl3 keda 2.14.1-7",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "azl3 keda 2.14.1-7",
"product": {
"name": "azl3 keda 2.14.1-7",
"product_id": "19347"
}
}
],
"category": "product_name",
"name": "keda"
},
{
"category": "product_name",
"name": "cbl2 coredns 1.11.1-24",
"product": {
"name": "cbl2 coredns 1.11.1-24",
"product_id": "2"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 coredns 1.11.1-24 as a component of CBL Mariner 2.0",
"product_id": "17086-2"
},
"product_reference": "2",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 coredns 1.11.4-11 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 coredns 1.11.4-11 as a component of Azure Linux 3.0",
"product_id": "20760-17084"
},
"product_reference": "20760",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 keda 2.14.1-7 as a component of Azure Linux 3.0",
"product_id": "17084-3"
},
"product_reference": "3",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 keda 2.14.1-7 as a component of Azure Linux 3.0",
"product_id": "19347-17084"
},
"product_reference": "19347",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-68156",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17086-2"
]
}
],
"notes": [
{
"category": "general",
"text": "GitHub_M",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"20760-17084",
"19347-17084"
],
"known_affected": [
"17084-1",
"17084-3"
],
"known_not_affected": [
"17086-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-68156 Expr has Denial of Service via Unbounded Recursion in Builtin Functions - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-68156.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-19T01:02:08.000Z",
"details": "1.11.4-12:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-12-19T01:02:08.000Z",
"details": "2.14.1-8:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-3"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"17084-1",
"17084-3"
]
}
],
"title": "Expr has Denial of Service via Unbounded Recursion in Builtin Functions"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…