[RHSA-2023:5029-01] Critical: Red Hat OpenShift GitOps security update
Red Hat Security Advisory
Synopsis: Critical: Red Hat OpenShift GitOps security update
Advisory ID: RHSA-2023:5029-01
Product: Red Hat OpenShift GitOps
Advisory URL: https://access.redhat.com/errata/RHSA-2023:5029
Issue date: 2023-09-08
CVE Names: CVE-2023-2602 CVE-2023-2603 CVE-2023-2828
CVE-2023-3899 CVE-2023-27536 CVE-2023-28321
CVE-2023-28484 CVE-2023-29469 CVE-2023-32681
CVE-2023-34969 CVE-2023-38408 CVE-2023-40029
An update is now available for Red Hat OpenShift GitOps 1.9.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
* ArgoCD: secrets can be leaked through
* ArgoCD: Denial of Service to Argo CD repo-server (CVE-2023-40584)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
4. Bugs fixed ( https://bugzilla.redhat.com/):
2233203 - CVE-2023-40029 ArgoCD: secrets can be leak through kubectl.kubernetes.io/last-applied-configuration
2236530 - CVE-2023-40584 ArgoCD: Denial of Service to Argo CD repo-server
The Red Hat security contact is [email@example.com]. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.
A Red Hat OpenShift GitOps security update has been released.