Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Important: Red Hat OpenShift GitOps security update

Related Vulnerabilities: CVE-2016-4658   CVE-2019-5827   CVE-2019-13750   CVE-2019-13751   CVE-2019-17594   CVE-2019-17595   CVE-2019-18218   CVE-2019-19603   CVE-2019-20838   CVE-2020-12762   CVE-2020-13435   CVE-2020-14145   CVE-2020-14155   CVE-2020-16135   CVE-2020-24370   CVE-2021-3200   CVE-2021-3426   CVE-2021-3445   CVE-2021-3521   CVE-2021-3572   CVE-2021-3580   CVE-2021-3712   CVE-2021-3800   CVE-2021-20231   CVE-2021-20232   CVE-2021-20271   CVE-2021-22876   CVE-2021-22898   CVE-2021-22925   CVE-2021-27645   CVE-2021-28153   CVE-2021-33560   CVE-2021-33574   CVE-2021-35942   CVE-2021-36084   CVE-2021-36085   CVE-2021-36086   CVE-2021-36087   CVE-2021-37750   CVE-2021-39241   CVE-2021-40346   CVE-2021-42574   CVE-2021-43527   CVE-2021-44790   CVE-2022-24348  

Source

Synopsis

Important: Red Hat OpenShift GitOps security update

Type/Severity

Security Advisory: Important

Topic

An update for openshift-gitops-applicationset-container, openshift-gitops-container, openshift-gitops-kam-delivery-container, and openshift-gitops-operator-container is now available for Red Hat OpenShift GitOps 1.2. (GitOps v1.2.2)

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.

Security Fix(es):

  • gitops: Path traversal and dereference of symlinks when passing Helm value files (CVE-2022-24348)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenShift GitOps 1.2 x86_64

Fixes

  • BZ - 2050826 - CVE-2022-24348 gitops: Path traversal and dereference of symlinks when passing Helm value files

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started