Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2024:1345
HistoryMar 15, 2024 - 5:27 p.m.

(RHSA-2024:1345) Important: Red Hat OpenShift GitOps security update

2024-03-1517:27:23
access.redhat.com
16
red hat
openshift
gitops
security update
cross-site scripting
argo cd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.965

Percentile

99.6%

JSON

Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.

Security Fix(es):

  • Before this update, due to the improper filtering of URL protocols in the Argo CD application summary component, an attacker could achieve cross-site scripting with permission to edit the application. This update fixes the issue by upgrading the Argo CD version to v2.8.12 which has the fix applied and is therefore not vulnerable (CVE-2024-28175)

Related

redhat 34
almalinux 8
nessus 68
osv 16
oraclelinux 10
openvas 30
ibm 6
slackware 1
fedora 3
mageia 2
debian 4
altlinux 2
ubuntu 4
rocky 2
suse 2
amazon 1
gentoo 2
redos 2
aix 2
redhat
redhat
(RHSA-2024:1346) Important: Red Hat OpenShift GitOps security update
2024-03-16 00:31:19
(RHSA-2024:1321) Moderate: ACS 4.3 enhancement and security update
2024-03-13 20:53:28
(RHSA-2024:0889) Moderate: oniguruma security update
2024-02-20 11:21:18
almalinux
almalinux
Moderate: oniguruma security update
2024-02-20 00:00:00
Moderate: rpm security update
2024-01-25 00:00:00
Moderate: rpm security update
2024-02-01 00:00:00
nessus
nessus
AlmaLinux 8 : oniguruma (ALSA-2024:0889)
2024-02-22 00:00:00
RHEL 8 : oniguruma (RHSA-2024:0572)
2024-01-30 00:00:00
RHEL 8 : oniguruma (RHSA-2024:0889)
2024-02-20 00:00:00
osv
osv
Moderate: oniguruma security update
2024-02-20 00:00:00
libonig - security update
2020-11-03 00:00:00
libonig vulnerabilities
2022-10-10 05:11:49
oraclelinux
oraclelinux
oniguruma security update
2024-02-20 00:00:00
rpm security update
2024-01-25 00:00:00
rpm security update
2024-02-02 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-2431-1)
2020-11-05 00:00:00
Fedora Update for oniguruma FEDORA-2019-73197ff9a0
2019-12-08 00:00:00
Slackware: Security Advisory (SSA:2023-343-01)
2023-12-11 00:00:00
ibm
ibm
Security Bulletin: IBM MQ Appliance is affected by multiple open source vulnerabilities
2023-04-28 18:25:19
Security Bulletin:IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from libxml2, expat, libtasn1 and systemd
2023-01-25 16:27:43
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Gnome ibxml2 arbitrary code execution vulnerabilities( CVE-2022-40304, CVE-2022-40303)
2023-07-06 17:15:52
slackware
slackware
[slackware-security] libxml2
2023-12-10 01:15:09
fedora
fedora
[SECURITY] Fedora 30 Update: oniguruma-6.9.2-4.fc30
2019-12-08 01:03:41
[SECURITY] Fedora 31 Update: oniguruma-6.9.4-1.fc31
2019-12-04 01:15:49
[SECURITY] Fedora 37 Update: xmlsec1-1.2.34-4.fc37
2022-11-13 01:14:14
mageia
mageia
Updated oniguruma packages fix security vulnerabilities
2020-01-12 02:52:04
Updated libxml2 packages fix security vulnerability
2022-11-08 22:44:28
debian
debian
[SECURITY][DLA 2431-1] libonig security update
2020-11-05 01:29:26
[SECURITY] [DLA 3172-1] libxml2 security update
2022-10-30 15:57:58
[SECURITY] [DSA 5271-1] libxml2 security update
2022-11-05 19:46:29
altlinux
altlinux
Security fix for the ALT Linux 8 package oniguruma version 6.9.4-alt1
2019-12-04 00:00:00
Security fix for the ALT Linux 9 package libxml2 version 1:2.9.10-alt6.p9.1
2023-02-13 00:00:00
ubuntu
ubuntu
Oniguruma vulnerabilities
2022-10-10 00:00:00
Oniguruma vulnerabilities
2020-08-17 00:00:00
libxml2 vulnerabilities
2023-04-19 00:00:00
rocky
rocky
rpm security update
2024-02-12 20:17:16
libxml2 security update
2023-01-23 14:30:36
suse
suse
Security update for oniguruma (important)
2022-09-21 00:00:00
Security update for libxml2 (important)
2022-10-21 00:00:00
amazon
amazon
Medium: oniguruma
2020-01-06 23:44:00
gentoo
gentoo
RPM: Multiple Vulnerabilities
2022-10-31 00:00:00
libxml2: Multiple Vulnerabilities
2022-10-31 00:00:00
redos
redos
ROS-20240410-21
2024-04-10 00:00:00
ROS-20221110-01
2022-11-10 00:00:00
aix
aix
AIX is vulnerable to arbitrary code execution due to libxml2
2023-02-08 13:18:47
AIX is vulnerable to a denial of service due to libxml2
2023-07-25 11:08:32

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.965

Percentile

99.6%

JSON
Related for RHSA-2024:1345
redhat34almalinux8nessus68osv16oraclelinux10openvas30ibm6slackware1fedora3mageia2debian4altlinux2ubuntu4rocky2suse2amazon1gentoo2redos2aix2