Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2021:1004
HistoryMar 29, 2021 - 11:07 a.m.

(RHSA-2021:1004) Moderate: Red Hat build of Quarkus 1.11.6 release and security update

2021-03-2911:07:57
access.redhat.com
85

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.199 Low

EPSS

Percentile

96.3%

JSON

This release of Red Hat build of Quarkus 1.11.6 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section.

Security Fix(es):

  • cron-utils: template injection allows attackers to inject arbitrary Java EL expressions leading to remote code execution (CVE-2020-26238)

  • resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client’s WebApplicationException handling (CVE-2020-25633)

  • fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise (CVE-2021-20218)

  • resteasy: information disclosure via HTTP response reuse (CVE-2020-25724)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.

Related

debiancve 2
osv 8
prion 4
cve 4
redhatcve 4
ubuntucve 2
github 4
veracode 3
ibm 3
redhat 15
nessus 5
debiancve
debiancve
CVE-2020-25724
2021-05-26 21:15:00
CVE-2020-25633
2020-09-18 19:15:00
osv
osv
CVE-2020-26238
2020-11-25 00:15:10
Template injection in cron-utils
2020-11-24 23:48:38
Unsynchronized Access to Shared Data in a Multithreaded Context in RESTEasy
2021-06-08 22:29:46
prion
prion
Design/Logic Flaw
2020-11-25 00:15:00
Design/Logic Flaw
2021-05-26 21:15:00
Design/Logic Flaw
2020-09-18 19:15:00
cve
cve
CVE-2020-26238
2020-11-25 00:15:00
CVE-2020-25724
2021-05-26 21:15:00
CVE-2020-25633
2020-09-18 19:15:00
redhatcve
redhatcve
CVE-2020-26238
2020-11-25 18:22:07
CVE-2020-25724
2020-11-19 07:51:56
CVE-2020-25633
2020-09-18 09:30:11
ubuntucve
ubuntucve
CVE-2020-25724
2021-05-26 00:00:00
CVE-2020-25633
2020-09-18 00:00:00
github
github
Unsynchronized Access to Shared Data in a Multithreaded Context in RESTEasy
2021-06-08 22:29:46
Template injection in cron-utils
2020-11-24 23:48:38
Generation of Error Message Containing Sensitive Information in RESTEasy client
2021-06-03 23:41:34
veracode
veracode
Template Injection
2020-12-04 00:52:43
Information Disclosure
2020-10-03 01:14:18
Directory Traversal
2021-02-04 03:44:39
ibm
ibm
Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to SQL injection due to PostgreSQL (CVE-2022-31197) and obtaining sensitive information due to RESTEasy (CVE-2020-25633)
2022-10-06 04:59:27
Security Bulletin: IBM Observability with Instana is affected by multiple vulnerabilities
2024-01-31 11:30:26
Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps
2024-01-31 19:31:55
redhat
redhat
(RHSA-2021:3207) Moderate: Red Hat Integration Camel Quarkus Tech-Preview 2 security update
2021-08-18 09:50:40
(RHSA-2021:1006) Moderate: OpenShift Container Platform 4.7.5 security and bug fix update
2021-04-05 12:52:40
(RHSA-2021:0986) Low: AMQ Online 1.7.0 release and security update
2021-03-25 09:39:47
nessus
nessus
RHEL 7 / 8 : OpenShift Container Platform 4.7.5 (RHSA-2021:1006)
2021-04-05 00:00:00
RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.3.5 (RHSA-2021:0248)
2021-01-25 00:00:00
RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.3.5 (RHSA-2021:0246)
2021-01-25 00:00:00

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.199 Low

EPSS

Percentile

96.3%

JSON
Related for RHSA-2021:1004
debiancve2osv8prion4cve4redhatcve4ubuntucve2github4veracode3ibm3redhat15nessus5