[RHSA-2023:1452-01] Moderate: Red Hat OpenShift GitOps security update

Security announcements for all Red Hat products and services. rhsa-announce at redhat.com
Thu Mar 23 21:15:43 UTC 2023 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenShift GitOps security update
Advisory ID:       RHSA-2023:1452-01
Product:           Red Hat OpenShift GitOps
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1452
Issue date:        2023-03-23
CVE Names:         CVE-2022-41354 
=====================================================================

1. Summary:

An update is now available for Red Hat OpenShift GitOps 1.8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Security Fix(es):

* ArgoCD: Authenticated but unauthorized users may enumerate Application
names via the API (CVE-2022-41354)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2167820 - CVE-2022-41354 ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API

5. References:

https://access.redhat.com/security/cve/CVE-2022-41354
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBZBzBVtzjgjWX9erEAQi6RQ/+JfxD64NTPljBopSNQSuDFtEBIiohZguZ
2ydP/fVMGMksww/EPIhyh4gczYdq73hk2+V6P2RaCN87DxfBRpvLLc4x+GqS0bRn
ZkgaSe0UArP7fiPQu4krszGlFjEwm/bSXBDFcWA1anb8lEvQ+/dUiR/kjWsHjLXZ
6yU/0OEot4DGuLPvq7Kkj4sZ37/gNAjNIE9Sh46lnDWTD7nxZ1Si1UAJ2uNjfj52
gUUk5UxQRgg/5wuXucBSeU+IwK+Qh16mUAtAmJLn2eoIsM3kMisq3UL97oszrU32
J62w6Fu3mxJ1Axfz6hv5V/80W27Lqtkn60DH+UwpB9pvrraEVKWxQd+fM5NhjBnS
xgERYbDvh3SVMFHphkldFCYu6yOwkCS3uSrrpe/7wVRPmC9V8v0oMAZ9wlhczQs7
3t/4dfLfLgmWlApdJBEApwXnLWRPTKTverJwHtaHp1hnXO17Olm6XdaxhAwHiXF0
kXCFWXl3Sq/bb4Zyp6cbAEYdlWAiOA5qw0Hg89iciXXQ7v9eTSRXvH7ddNGFwlnW
fl7RrM/Dn6zLGsOnz70kZc8QZCy+YyrT+4j3CIiOHity0dlDn+pvTJgtXvgS2LoZ
zkuvktkhnePFgosSeMRLjPV36NjLD8E2vOuZqec3uooRzQ2afdFDHV6Ewreu2dyk
PLaxEL0Z8sE=
=vMuw
-----END PGP SIGNATURE-----

More information about the RHSA-announce mailing list