- Issued:
- 2025-05-28
- Updated:
- 2025-05-28
RHSA-2025:8277 - Important: Errata Advisory for Red Hat OpenShift GitOps v1.15.3 security update
Synopsis
Important: Errata Advisory for Red Hat OpenShift GitOps v1.15.3 security update
Type/Severity
Security Advisory Important
Topic
Errata Advisory for Red Hat OpenShift GitOps v1.15.3 security update.
Description
Errata Advisory for Red Hat OpenShift GitOps 1.15.3 security release.
Security Fix(es):
- openshift-gitops-argocd-container: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS) gitops-1.15
- openshift-gitops-1/argocd-rhel9: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS) gitops-1.15
- openshift-gitops-1/gitops-operator-bundle: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS) gitops-1.15
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat OpenShift GitOps | 1.15 | x86_64 |
| Red Hat OpenShift GitOps | 1.15 | x86_64 |
| Red Hat OpenShift GitOps for IBM Z and LinuxONE | 1.15 | s390x |
| Red Hat OpenShift GitOps for IBM Power, little endian | 1.15 | ppc64le |
| Red Hat OpenShift GitOps for ARM 64 | 1.15 | aarch64 |
| Red Hat OpenShift GitOps for ARM 64 | 1.15 | aarch64 |
Fixes
CVEs
- CVE-2023-39321
- CVE-2023-39322
- CVE-2024-8176
- CVE-2024-9355
- CVE-2024-12133
- CVE-2024-12243
- CVE-2024-24788
- CVE-2024-24790
- CVE-2024-24791
- CVE-2024-52005
- CVE-2025-24528
- CVE-2025-26465
- CVE-2025-47933
References
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.