drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Cross-Site Scripting in Red Hat OpenShift GitOps
| Name: |
Cross-Site Scripting in Red Hat OpenShift GitOps |
|
| ID: |
RHSA-2024:1345 |
|
| Distribution: |
Red Hat |
|
| Plattformen: |
Red Hat OpenShift GitOps 1.10 |
|
| Datum: |
Sa, 16. März 2024, 07:22 |
|
| Referenzen: |
https://bugzilla.redhat.com/show_bug.cgi?id=2268518
https://access.redhat.com/errata/RHSA-2024:1345
https://docs.openshift.com/gitops/1.10/understanding_openshift_gitops/about-redhat-openshift-gitops.html
https://access.redhat.com/security/cve/CVE-2024-28175 |
|
| Applikationen: |
Red Hat OpenShift GitOps |
|
Originalnachricht |
An update is now available for Red Hat OpenShift GitOps 1.10.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Red Hat Openshift GitOps is a declarative way to implement continuous
deployment for cloud native applications.
Security Fix(es):
* Before this update, due to the improper filtering of URL protocols in the
Argo CD application summary component, an attacker could achieve cross-site scripting with permission to edit the application. This update fixes the issue by upgrading the Argo CD version to v2.8.12 which has the fix applied and is therefore not vulnerable (CVE-2024-28175)
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
CVE-2024-28175: Improper Neutralization of Input During Web Page Generation
('Cross-site Scripting') (CWE-79)
|
|
|
|
