[RHSA-2023:5030-01] Critical: Red Hat OpenShift GitOps security update
Red Hat Security Advisory
Synopsis: Critical: Red Hat OpenShift GitOps security update
Advisory ID: RHSA-2023:5030-01
Product: Red Hat OpenShift GitOps
Advisory URL: https://access.redhat.com/errata/RHSA-2023:5030
Issue date: 2023-09-08
CVE Names: CVE-2023-2602 CVE-2023-2603 CVE-2023-27536
CVE-2023-28321 CVE-2023-28484 CVE-2023-29469
An update is now available for Red Hat OpenShift GitOps 1.8.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
* ArgoCD: Secrets can be leaked through
* ArgoCD: Denial of Service to Argo CD repo-server (CVE-2023-40584)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
4. Bugs fixed ( https://bugzilla.redhat.com/):
2233203 - CVE-2023-40029 ArgoCD: secrets can be leak through kubectl.kubernetes.io/last-applied-configuration
2236530 - CVE-2023-40584 ArgoCD: Denial of Service to Argo CD repo-server
The Red Hat security contact is [email@example.com]. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.
A Red Hat OpenShift GitOps security update has been released.