This content is viewable by Everyone
High Vulnerability in Red Hat OpenShift GitOps
Red Hat released security updates to address a vulnerability in Red Hat OpenShift GitOps. A flaw was found in the ArgoCD component of Red Hat GitOps, where an unauthenticated attacker can craft a malicious JWT token while ArgoCD's anonymous access is enabled and gains full access to the ArgoCD instance. This flaw allows the attacker to impersonate any ArgoCD user or role, fully compromising the targeted cluster's confidentiality, integrity, and availability.
For a complete description of the vulnerabilities and affected systems:
- Red Hat (RHSA-2022:4690) Security Update Information
- Red Hat (RHSA-2022:4691) Security Update Information
- Red Hat (RHSA-2022:4692) Security Update Information