Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2020:3369
HistoryAug 06, 2020 - 8:06 p.m.

(RHSA-2020:3369) Moderate: Red Hat OpenShift Service Mesh security update

2020-08-0620:06:08
access.redhat.com
39

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.244 Low

EPSS

Percentile

96.5%

JSON

Red Hat OpenShift Service Mesh is Red Hat’s distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.

Security Fix(es):

  • golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)

  • nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)

  • jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)

  • macaron: open redirect in the static handler (CVE-2020-12666)

  • golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8x86_64servicemesh-grafana< 6.4.3-13.el8servicemesh-grafana-6.4.3-13.el8.x86_64.rpm
RedHat8x86_64servicemesh-citadel< 1.1.6-1.el8servicemesh-citadel-1.1.6-1.el8.x86_64.rpm
RedHat8x86_64servicemesh-mixc< 1.1.6-1.el8servicemesh-mixc-1.1.6-1.el8.x86_64.rpm
RedHat8x86_64servicemesh-cni< 1.1.6-1.el8servicemesh-cni-1.1.6-1.el8.x86_64.rpm
RedHat8x86_64servicemesh-pilot-discovery< 1.1.6-1.el8servicemesh-pilot-discovery-1.1.6-1.el8.x86_64.rpm
RedHat8x86_64ior< 1.1.6-1.el8ior-1.1.6-1.el8.x86_64.rpm
RedHat7x86_64kiali< v1.12.10.redhat2-1.el7kiali-v1.12.10.redhat2-1.el7.x86_64.rpm
RedHat8x86_64servicemesh-istioctl< 1.1.6-1.el8servicemesh-istioctl-1.1.6-1.el8.x86_64.rpm
RedHat8x86_64servicemesh-grafana-prometheus< 6.4.3-13.el8servicemesh-grafana-prometheus-6.4.3-13.el8.x86_64.rpm
RedHat8x86_64servicemesh-mixs< 1.1.6-1.el8servicemesh-mixs-1.1.6-1.el8.x86_64.rpm
Rows per page:
1-10 of 161

Related

nessus 34
redhat 21
cve 5
osv 19
exploitpack 1
openvas 12
debiancve 4
debian 4
fedora 4
github 5
prion 5
redhatcve 5
veracode 5
ibm 27
hackerone 2
zdt 2
cgr 2
wolfi 2
githubexploit 3
gitlab 4
checkpoint_advisories 2
archlinux 1
ubuntucve 4
packetstorm 2
amazon 3
ics 1
almalinux 2
oraclelinux 4
alpinelinux 1
exploitdb 2
f5 1
rocky 1
huntr 1
suse 1
attackerkb 2
atlassian 3
hp 1
joomla 1
nessus
nessus
RHEL 7 / 8 : Red Hat OpenShift Service Mesh (RHSA-2020:3369)
2020-08-07 00:00:00
RHEL 8 : Red Hat Virtualization (RHSA-2020:3807)
2020-09-23 00:00:00
Fedora 32 : golang-gopkg-macaron-1 (2020-66e6e8d027)
2021-01-04 00:00:00
redhat
redhat
(RHSA-2020:3372) Moderate: Red Hat OpenShift Service Mesh 3scale-istio-adapter-rhel8-container security update
2020-08-06 20:17:21
(RHSA-2020:3807) Moderate: Red Hat Virtualization security, bug fix, and enhancement update
2020-09-23 15:54:23
(RHSA-2020:3414) Low: OpenShift Container Platform 4.5.5 security update
2020-08-12 04:43:08
cve
cve
CVE-2020-12666
2020-05-05 22:15:00
CVE-2020-9283
2020-02-20 20:15:00
CVE-2020-8203
2020-07-15 17:15:00
osv
osv
Open redirect in gopkg.in/macaron.v1
2021-04-14 20:04:52
CVE-2020-12666
2020-05-05 22:15:13
restic - security update
2020-11-17 00:00:00
exploitpack
exploitpack
Go SSH servers 0.0.2 - Denial of Service (PoC)
2020-02-24 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-2453-1)
2020-11-17 00:00:00
Fedora: Security Advisory for golang-gopkg-macaron-1 (FEDORA-2020-66e6e8d027)
2021-01-11 00:00:00
Debian: Security Advisory (DLA-2455-1)
2020-11-19 00:00:00
debiancve
debiancve
CVE-2020-9283
2020-02-20 20:15:00
CVE-2020-8203
2020-07-15 17:15:00
CVE-2020-14040
2020-06-17 20:15:00
debian
debian
[SECURITY] [DLA 2455-1] packer security update
2020-11-18 21:02:24
[SECURITY] [DLA 2453-1] restic security update
2020-11-16 21:49:41
[SECURITY] [DLA 2608-1] jquery security update
2021-03-26 01:32:22
fedora
fedora
[SECURITY] Fedora 32 Update: golang-gopkg-macaron-1-1.4.0-1.fc32
2021-01-01 01:25:17
[SECURITY] Fedora 32 Update: golang-1.14.6-1.fc32
2020-07-30 17:53:53
[SECURITY] Fedora 31 Update: golang-1.13.14-1.fc31
2020-07-28 15:03:46
github
github
gopkg.in/macaron.v1 Open redirect vulnerability
2021-05-18 21:08:35
Improper Verification of Cryptographic Signature in golang.org/x/crypto
2021-05-18 15:29:31
Prototype Pollution in lodash
2020-07-15 19:15:48
prion
prion
Open redirect
2020-05-05 22:15:00
Code injection
2020-07-15 17:15:00
Code injection
2020-02-20 20:15:00
redhatcve
redhatcve
CVE-2020-12666
2020-06-23 12:56:35
CVE-2020-9283
2021-08-15 06:09:30
CVE-2020-8203
2020-07-15 20:08:37
veracode
veracode
Signature Verification With Malformed Public Keys
2020-02-21 05:23:31
Open Redirection
2020-05-08 06:12:07
Prototype Pollution
2020-04-28 09:42:14
ibm
ibm
Security Bulletin: GO is is vulnerable to a denial of service on IBM Watson Machine Learning on CP4D
2021-05-03 15:17:07
Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data - Node.js (CVE-2020-8203)
2020-10-01 21:23:31
Security Bulletin: CVE-2020-8203
2022-07-08 19:00:44
hackerone
hackerone
Sifchain: SSH server due to Improper Signature Verification
2021-08-06 17:07:57
Node.js third-party modules: Prototype pollution attack (lodash)
2019-10-11 12:06:20
zdt
zdt
Go SSH servers 0.0.2 - Denial of Service Exploit
2020-02-24 00:00:00
jQuery 1.0.3 - Cross-Site Scripting Vulnerability
2021-04-14 00:00:00
cgr
cgr
CVE-2020-9283 vulnerabilities
2024-04-26 03:19:48
CVE-2020-14040 vulnerabilities
2024-04-26 03:19:48
wolfi
wolfi
CVE-2020-9283 vulnerabilities
2024-04-26 03:16:27
CVE-2020-14040 vulnerabilities
2024-04-26 03:16:27
githubexploit
githubexploit
Exploit for Prototype Pollution in Lodash
2020-12-01 09:45:48
Exploit for Improper Verification of Cryptographic Signature in Golang Package Ssh
2020-06-02 10:55:37
Exploit for Cross-site Scripting in Jquery
2021-10-16 01:10:33
gitlab
gitlab
URL Redirection to Untrusted Site (Open Redirect)
2020-05-05 00:00:00
Improper Verification of Cryptographic Signature
2020-02-20 00:00:00
Loop with Unreachable Exit Condition ('Infinite Loop')
2021-05-18 00:00:00
checkpoint_advisories
checkpoint_advisories
Google Golang Crypto Denial of Service (CVE-2020-9283)
2020-10-25 00:00:00
jQuery Cross Site Scripting (CVE-2020-11022; CVE-2020-11023)
2020-11-16 00:00:00
archlinux
archlinux
[ASA-202003-4] golang-golang-x-crypto: denial of service
2020-03-08 00:00:00
ubuntucve
ubuntucve
CVE-2020-9283
2020-02-20 00:00:00
CVE-2020-8203
2020-07-15 00:00:00
CVE-2020-14040
2020-06-17 00:00:00
packetstorm
packetstorm
Go SSH 0.0.2 Denial Of Service
2020-02-23 00:00:00
jQuery 1.0.3 Cross Site Scripting
2021-04-14 00:00:00
amazon
amazon
Medium: ipa
2021-04-20 17:55:00
Medium: golang
2020-09-28 20:57:00
Medium: golang
2020-10-26 18:04:00
ics
ics
Sensormatic Electronics VideoEdge
2021-11-02 12:00:00
almalinux
almalinux
Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
2021-05-18 06:14:07
Low: pcs security, bug fix, and enhancement update
2021-11-09 08:21:49
oraclelinux
oraclelinux
bootstrap security update
2021-08-09 00:00:00
ipa security and bug fix update
2021-03-19 00:00:00
idm:DL1 and idm:client security, bug fix, and enhancement update
2021-05-25 00:00:00
alpinelinux
alpinelinux
CVE-2020-11023
2020-04-29 21:15:00
exploitdb
exploitdb
Go SSH servers 0.0.2 - Denial of Service (PoC)
2020-02-24 00:00:00
jQuery 1.0.3 - Cross-Site Scripting (XSS)
2021-04-14 00:00:00
f5
f5
K66544153 : jQuery vulnerability CVE-2020-11023
2020-08-03 00:00:00
rocky
rocky
idm:DL1 and idm:client security, bug fix, and enhancement update
2021-05-18 06:14:07
huntr
huntr
Lodash 4.17.15 in use which is vulnerable to CVE-2020-8203
2023-02-20 02:52:19
suse
suse
Security update for otrs (moderate)
2020-11-10 00:00:00
attackerkb
attackerkb
CVE-2020-11022
2020-04-29 00:00:00
CVE-2020-11023
2020-04-29 00:00:00
atlassian
atlassian
Update jQuery to avoid CVE-2020-11022 and CVE-2020-11023
2021-02-02 09:59:24
Update jQuery to avoid CVE-2020-11022 and CVE-2020-11023
2021-02-02 09:59:24
jquery 2.2.4 XSS vulnerability
2022-08-24 14:53:45
hp
hp
HPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)
2020-09-17 00:00:00
joomla
joomla
[20200604] - Core - XSS in jQuery.htmlPrefilter
2020-04-10 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.244 Low

EPSS

Percentile

96.5%

JSON
Related for RHSA-2020:3369
nessus34redhat21cve5osv19exploitpack1openvas12debiancve4debian4fedora4github5prion5redhatcve5veracode5ibm27hackerone2zdt2cgr2wolfi2githubexploit3gitlab4checkpoint_advisories2archlinux1ubuntucve4packetstorm2amazon3ics1almalinux2oraclelinux4alpinelinux1exploitdb2f51rocky1huntr1suse1attackerkb2atlassian3hp1joomla1