RHSA-2022:4691HighCVSS 10.0
Red Hat Security Advisory: Red Hat OpenShift GitOps security update
🔗 CVE IDs covered (3)
📋 Description
CVE-2022-24904 — argocd: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server CVE-2022-24905 — argocd: Login screen allows message spoofing if SSO is enabled CVE-2022-29165 — argocd: ArgoCD will blindly trust JWT claims if anonymous access is enabled
🔗 References (6)
- selfhttps://access.redhat.com/errata/RHSA-2022:4691
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2081686
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2081689
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2081691
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4691.json