RHSA-2022:5187HighCVSS 8.8
Red Hat Security Advisory: Red Hat OpenShift GitOps security update
🔗 CVE IDs covered (4)
📋 Description
CVE-2022-31016 — argocd: vulnerable to an uncontrolled memory consumption bug CVE-2022-31034 — argocd: vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or the UI. CVE-2022-31035 — argocd: cross-site scripting (XSS) allow a malicious user to inject a javascript link in the UI CVE-2022-31036 — argocd: vulnerable to a symlink following bug allowing a malicious user with repository write access
🔗 References (7)
- selfhttps://access.redhat.com/errata/RHSA-2022:5187
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2096278
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2096282
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2096283
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2096291
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_5187.json