Explore top 10 tips to secure your open-source projects now. Read More
×
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
OpenShift GitOps v1.3.4 on OCP 4.7-4.9
Red Hat Openshift GitOps is a declarative way to implement continuous
deployment for cloud native applications.
Security Fix(es):
* gitops: Path traversal and dereference of symlinks when passing Helm
value files (CVE-2022-24348)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
https://access.redhat.com/security/cve/CVE-2021-44790 https://access.redhat.com/security/cve/CVE-2022-24348 https://access.redhat.com/security/updates/classification#important
An update for openshift-gitops-applicationset-container,openshift-gitops-container, openshift-gitops-kam-delivery-container, andopenshift-gitops-operator-container is now available for Red Hat OpenShiftGitOps 1.3 on OCP 4.7-4.9. (GitOps v1.3.4)Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
2050826 - CVE-2022-24348 gitops: Path traversal and dereference of symlinks when passing Helm value files
Get the latest Linux and open source security news straight to your inbox.