drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Red Hat OpenShift GitOps
Name: |
Mehrere Probleme in Red Hat OpenShift GitOps |
|
ID: |
RHSA-2021:2053-01 |
|
Distribution: |
Red Hat |
|
Plattformen: |
Red Hat OpenShift GitOps |
|
Datum: |
Do, 20. Mai 2021, 07:11 |
|
Referenzen: |
https://access.redhat.com/security/cve/CVE-2020-28362
https://access.redhat.com/security/cve/CVE-2021-3557
https://access.redhat.com/security/cve/CVE-2021-25215
https://access.redhat.com/security/cve/CVE-2021-20305
https://access.redhat.com/security/cve/CVE-2020-16845
https://access.redhat.com/security/cve/CVE-2021-3114
https://access.redhat.com/security/cve/CVE-2020-25692
https://access.redhat.com/security/cve/CVE-2020-15586
https://access.redhat.com/security/cve/CVE-2020-25648 |
|
Applikationen: |
Red Hat OpenShift GitOps |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat OpenShift GitOps security update Advisory ID: RHSA-2021:2053-01 Product: Red Hat OpenShift GitOps Advisory URL: https://access.redhat.com/errata/RHSA-2021:2053 Issue date: 2021-05-19 Keywords: openshift, gitops, cicd CVE Names: CVE-2020-15586 CVE-2020-16845 CVE-2020-25648 CVE-2020-25692 CVE-2020-28362 CVE-2021-3114 CVE-2021-3557 CVE-2021-20305 CVE-2021-25215 =====================================================================
1. Summary:
An update is now available for Red Hat OpenShift GitOps 1.1.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
2. Description:
Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.
Security Fix(es):
* argocd: ServiceAccount argocd-argocd-server is able to read all resources of the whole cluster (CVE-2021-3557)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
3. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
4. Bugs fixed (https://bugzilla.redhat.com/):
1961929 - CVE-2021-3557 argocd: ServiceAccount argocd-argocd-server is able to read all resources of the whole cluster
5. JIRA issues fixed (https://issues.jboss.org/):
GITOPS-951 - Remove operator dependency on OpenShift Pipelines
6. References:
https://access.redhat.com/security/cve/CVE-2020-15586 https://access.redhat.com/security/cve/CVE-2020-16845 https://access.redhat.com/security/cve/CVE-2020-25648 https://access.redhat.com/security/cve/CVE-2020-25692 https://access.redhat.com/security/cve/CVE-2020-28362 https://access.redhat.com/security/cve/CVE-2021-3114 https://access.redhat.com/security/cve/CVE-2021-3557 https://access.redhat.com/security/cve/CVE-2021-20305 https://access.redhat.com/security/cve/CVE-2021-25215 https://access.redhat.com/security/updates/classification/#important
7. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYKVGAtzjgjWX9erEAQj6+BAAkaYNiHoPtc2FfBn1/CP0ZXwiVO1g6NVv t9mTAvkcMilaWLXF3ZSDKYlEzWXozkFKqFSOAuDJobzUG1WgjGOC6dBNzpgCNeXf +QRxkbSjethvC/HUZUNiOrrNhsX6CbuOzrfyngG5OK4RqqNFqN5YlAgusfuZjwGP GA3ic6t5ZHX5Y4nOXZ1M3J6QQQ9RLy5hldriRqCSmSbTKzAQna6Bw+bpEzc21RG/ u7tvZ2/WflkfUKrVyJmm14ZIVGPQu1ZJaXDoVPm6S8Gcr0azX6RZek67xa5lpHGN 18bPx7XcRX9R/2P1slx5XREzHiTZDDiNFa0sVHywOrj37/6JjLJn63kvM/sImC1b 85XCZLw6IqQRTg/Nu9ztosZafcRL8UZ9zmVagnpj2t+k3+PrXdL5jujWAfM+niAK oE+KBuVidqXWY8YdcNuZQ/iDW5vqsl5yguvJTETurjrlwPv7dXc0DNR8FFGIeOi3 50aCRBvzLbKgQe94CMjhEgi8Uh7aOezdF+p6MluDpc1f7c2vSgqkWKW2QWlAPQd6 KIWuEOl8TAqi81/klKIH9SHoGUrF1nqzfnXSrafQNQgJL6wItx2JDfoKIb7AbCJV hVNpAO1KAtgS4j+07SLcS5hsRoDg5y/r+3d0bc7Rkmuh0yGakGpxTV+KBwNuRkTn YmywC78GzRE= =8SiK -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
|
|
|
|