{"id":"RHSA-2024:1752","summary":"Red Hat Security Advisory: GitOps 1.12.1- Argo CD CLI and MicroShift GitOps security update","modified":"2026-03-21T10:08:48Z","published":"2024-09-23T08:36:52Z","upstream":["CVE-2023-50726","CVE-2024-21652","CVE-2024-21661","CVE-2024-21662","CVE-2024-29893"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1752"},{"type":"ARTICLE","url":"https://access.redhat.com/security/updates/classification/#important"},{"type":"ARTICLE","url":"https://docs.openshift.com/gitops/latest/understanding_openshift_gitops/about-redhat-openshift-gitops.html"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2269479"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2270170"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2270173"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2270182"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2272211"},{"type":"ADVISORY","url":"https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1752.json"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-50726"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-50726"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50726"},{"type":"ARTICLE","url":"https://argo-cd.readthedocs.io/en/latest/operator-manual/rbac"},{"type":"ARTICLE","url":"https://github.com/argoproj/argo-cd/commit/3b8f673f06c2d228e01cbc830e5cb57cef008978"},{"type":"ARTICLE","url":"https://github.com/argoproj/argo-cd/security/advisories/GHSA-g623-jcgg-mhmm"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-21652"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2024-21652"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21652"},{"type":"ARTICLE","url":"https://github.com/argoproj/argo-cd/security/advisories/GHSA-x32m-mvfj-52xv"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-21661"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2024-21661"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21661"},{"type":"ARTICLE","url":"https://github.com/argoproj/argo-cd/security/advisories/GHSA-6v85-wr92-q4p7"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-21662"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2024-21662"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21662"},{"type":"ARTICLE","url":"https://github.com/argoproj/argo-cd/commit/17b0df1168a4c535f6f37e95f25ed7cd81e1fa4d"},{"type":"ARTICLE","url":"https://github.com/argoproj/argo-cd/commit/6e181d72b31522f886a2afa029d5b26d7912ec7b"},{"type":"ARTICLE","url":"https://github.com/argoproj/argo-cd/commit/cebb6538f7944c87ca2fecb5d17f8baacc431456"},{"type":"ARTICLE","url":"https://github.com/argoproj/argo-cd/security/advisories/GHSA-2vgg-9h6w-m454"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-29893"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2024-29893"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29893"},{"type":"ARTICLE","url":"https://github.com/argoproj/argo-cd/commit/14f681e3ee7c38731943b98f92277e88a3db109d"},{"type":"ARTICLE","url":"https://github.com/argoproj/argo-cd/commit/36b8a12a38f8d92d55bffc81deed44389bf6eb59"},{"type":"ARTICLE","url":"https://github.com/argoproj/argo-cd/commit/3e5a878f6e30d935fa149723ea2a2e93748fcddd"},{"type":"ARTICLE","url":"https://github.com/argoproj/argo-cd/security/advisories/GHSA-jhwx-mhww-rgc3"}],"affected":[{"package":{"name":"openshift-gitops-argocd-cli","ecosystem":"Red Hat:openshift_gitops:1.12::el8","purl":"pkg:rpm/redhat/openshift-gitops-argocd-cli"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.12.1-5.el8"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1752.json"}},{"package":{"name":"openshift-gitops-argocd-cli-redistributable","ecosystem":"Red Hat:openshift_gitops:1.12::el8","purl":"pkg:rpm/redhat/openshift-gitops-argocd-cli-redistributable"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.12.1-5.el8"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1752.json"}},{"package":{"name":"microshift-gitops","ecosystem":"Red Hat:openshift_gitops:1.12::el9","purl":"pkg:rpm/redhat/microshift-gitops"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.12.1-4.el9"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1752.json"}},{"package":{"name":"microshift-gitops-release-info","ecosystem":"Red Hat:openshift_gitops:1.12::el9","purl":"pkg:rpm/redhat/microshift-gitops-release-info"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.12.1-4.el9"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1752.json"}},{"package":{"name":"openshift-gitops-argocd-cli","ecosystem":"Red Hat:openshift_gitops:1.12::el9","purl":"pkg:rpm/redhat/openshift-gitops-argocd-cli"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.12.1-4.el9"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1752.json"}},{"package":{"name":"openshift-gitops-argocd-cli-redistributable","ecosystem":"Red Hat:openshift_gitops:1.12::el9","purl":"pkg:rpm/redhat/openshift-gitops-argocd-cli-redistributable"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.12.1-4.el9"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1752.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}