Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.17.4 security update

Important: Red Hat OpenShift GitOps v1.17.4 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-8231 CVE-2025-47913 openshift-gitops-1/argocd-agent-rhel8: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSHAGENTSUCCESS...

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.16.5 security update

Important: Red Hat OpenShift GitOps v1.16.5 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-8116 CVE-2024-45338 openshift-gitops-dex-container: Non-linear parsing of case-insensitive content in golang.org/x/net/html gitops-1.17 GITOPS-80...

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.17.3 security update

Important: Red Hat OpenShift GitOps v1.17.3 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-8116 CVE-2024-45338 openshift-gitops-dex-container: Non-linear parsing of case-insensitive content in golang.org/x/net/html gitops-1.17 GITOPS-76...

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.18.2 security update

Important: Red Hat OpenShift GitOps v1.18.2 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-7608 Redis HA pods are taking longer than expected to come up GITOPS-7789 Version override in ArgoCD CR causes operator to use upstream images...

CVE-2025-29781

The connected IBM security bulletin confirms CVE-2025-29781 in Bare Metal Operator (BMO) for Kubernetes/Metal3. Before patch releases v0.9.1 and v0.8.1, a namespace-scoped attacker could cause Secret leakage by loading Secrets from unauthorized namespaces when deploying BMCEventSubscription. The ...

CVE-2025-29781 Bare Metal Operator (BMO) can expose any secret from other namespaces via BMCEventSubscription CRD

The Bare Metal Operator BMO implements a Kubernetes API for managing bare metal hosts in Metal3. Baremetal Operator enables users to load Secret from arbitrary namespaces upon deployment of the namespace scoped Custom Resource BMCEventSubscription. Prior to versions 0.8.1 and 0.9.1, an adversary...

CVE-2025-29781 Bare Metal Operator (BMO) can expose any secret from other namespaces via BMCEventSubscription CRD

The Bare Metal Operator BMO implements a Kubernetes API for managing bare metal hosts in Metal3. Baremetal Operator enables users to load Secret from arbitrary namespaces upon deployment of the namespace scoped Custom Resource BMCEventSubscription. Prior to versions 0.8.1 and 0.9.1, an adversary...

kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced

The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with...

kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced

The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with...