Bug 2096282 (CVE-2022-31034)
Summary: | CVE-2022-31034 argocd: vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or the UI. | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Rohit Keshri <rkeshri> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | scorneli, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | ArgoCD 2.1.16, ArgoCD 2.2.10, ArgoCD 2.3.5, ArgoCD 2.4.1 | Doc Type: | If docs needed, set a value |
Doc Text: |
Several Single sign-on (SSO) vulnerabilities were found in ArgoCD when the login process is initiated via CLI or UI interfaces. The vulnerabilities are related to using insufficiently random value parameters during the login process. This flaw gives the attacker elevated privileges, including the possibility of administrative rights.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2022-06-28 11:36:57 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 2096259 |
Description
Rohit Keshri
2022-06-13 12:29:08 UTC
This issue has been addressed in the following products: Red Hat OpenShift GitOps 1.5 Via RHSA-2022:5152 https://access.redhat.com/errata/RHSA-2022:5152 This issue has been addressed in the following products: Red Hat OpenShift GitOps 1.4 Via RHSA-2022:5153 https://access.redhat.com/errata/RHSA-2022:5153 This issue has been addressed in the following products: Red Hat OpenShift GitOps 1.3 Via RHSA-2022:5192 https://access.redhat.com/errata/RHSA-2022:5192 This issue has been addressed in the following products: Red Hat OpenShift GitOps 1.3 Via RHSA-2022:5187 https://access.redhat.com/errata/RHSA-2022:5187 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-31034 |