9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.974 High
EPSS
Percentile
99.9%
The Public Key Infrastructure (PKI) Core contains fundamental packages required by Rocky Enterprise Software Foundation Certificate System.
Security Fix(es):
jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
bootstrap: XSS in the data-target attribute (CVE-2016-10735)
bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
jquery: Prototype pollution in object’s prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)
pki: Dogtag’s python client does not validate certificates (CVE-2020-15720)
pki-core: Reflected XSS in ‘path length’ constraint field in CA’s Agent page (CVE-2019-10146)
pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA’s DRM agent page in authorize recovery tab (CVE-2019-10179)
pki-core: Reflected XSS in getcookies?url= endpoint in CA (CVE-2019-10221)
pki-core: KRA vulnerable to reflected XSS via the getPk12 page (CVE-2020-1721)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section.
bugzilla.redhat.com/show_bug.cgi?id=1376706
bugzilla.redhat.com/show_bug.cgi?id=1399546
bugzilla.redhat.com/show_bug.cgi?id=1406505
bugzilla.redhat.com/show_bug.cgi?id=1601614
bugzilla.redhat.com/show_bug.cgi?id=1601617
bugzilla.redhat.com/show_bug.cgi?id=1666907
bugzilla.redhat.com/show_bug.cgi?id=1668097
bugzilla.redhat.com/show_bug.cgi?id=1686454
bugzilla.redhat.com/show_bug.cgi?id=1695901
bugzilla.redhat.com/show_bug.cgi?id=1701972
bugzilla.redhat.com/show_bug.cgi?id=1706521
bugzilla.redhat.com/show_bug.cgi?id=1710171
bugzilla.redhat.com/show_bug.cgi?id=1721684
bugzilla.redhat.com/show_bug.cgi?id=1724433
bugzilla.redhat.com/show_bug.cgi?id=1732565
bugzilla.redhat.com/show_bug.cgi?id=1732981
bugzilla.redhat.com/show_bug.cgi?id=1777579
bugzilla.redhat.com/show_bug.cgi?id=1805541
bugzilla.redhat.com/show_bug.cgi?id=1817247
bugzilla.redhat.com/show_bug.cgi?id=1821851
bugzilla.redhat.com/show_bug.cgi?id=1822246
bugzilla.redhat.com/show_bug.cgi?id=1824939
bugzilla.redhat.com/show_bug.cgi?id=1824948
bugzilla.redhat.com/show_bug.cgi?id=1825998
bugzilla.redhat.com/show_bug.cgi?id=1828406
bugzilla.redhat.com/show_bug.cgi?id=1842734
bugzilla.redhat.com/show_bug.cgi?id=1842736
bugzilla.redhat.com/show_bug.cgi?id=1843537
bugzilla.redhat.com/show_bug.cgi?id=1845447
bugzilla.redhat.com/show_bug.cgi?id=1850004
bugzilla.redhat.com/show_bug.cgi?id=1854043
bugzilla.redhat.com/show_bug.cgi?id=1854959
bugzilla.redhat.com/show_bug.cgi?id=1855273
bugzilla.redhat.com/show_bug.cgi?id=1855319
bugzilla.redhat.com/show_bug.cgi?id=1856368
bugzilla.redhat.com/show_bug.cgi?id=1857933
bugzilla.redhat.com/show_bug.cgi?id=1861911
bugzilla.redhat.com/show_bug.cgi?id=1869893
bugzilla.redhat.com/show_bug.cgi?id=1871064
bugzilla.redhat.com/show_bug.cgi?id=1873235
errata.rockylinux.org/RLSA-2020:4847
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.974 High
EPSS
Percentile
99.9%