A vulnerability was found in Argo CD that allows an attacker to spoof error messages on the login screen when SSO is enabled. In order to exploit this vulnerability, an attacker would have to trick the victim to visit a specially crafted URL that contains the message to be displayed.
This issue has been addressed in the following products: Red Hat OpenShift GitOps 1.3 Via RHSA-2022:4671 https://access.redhat.com/errata/RHSA-2022:4671
This issue has been addressed in the following products: Red Hat OpenShift GitOps 1.5 Via RHSA-2022:4690 https://access.redhat.com/errata/RHSA-2022:4690
This issue has been addressed in the following products: Red Hat OpenShift GitOps 1.3 Via RHSA-2022:4691 https://access.redhat.com/errata/RHSA-2022:4691
This issue has been addressed in the following products: Red Hat OpenShift GitOps 1.4 Via RHSA-2022:4692 https://access.redhat.com/errata/RHSA-2022:4692
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-24905