Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-11023 (GCVE-0-2020-11023)
Vulnerability from cvelistv5 – Published: 2020-04-29 00:00 – Updated: 2025-10-21 23:35
VLAI
EPSS
CISA KEV
Title
Potential XSS vulnerability in jQuery
Summary
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Severity
6.9 (Medium)
SSVC
Exploitation: active
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
67 references
CISA KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 6a8afda7-8b8f-4b92-9952-49928b65b5e9
Exploited: Yes
Timestamps
First Seen: 2025-01-23
Asserted: 2025-01-23
Scope
Notes: KEV entry: JQuery Cross-Site Scripting (XSS) Vulnerability | Affected: JQuery / JQuery | Description: JQuery contains a persistent cross-site scripting (XSS) vulnerability. When passing maliciously formed, untrusted input enclosed in HTML tags, JQuery's DOM manipulators can execute untrusted code in the context of the user's browser. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-02-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6 ; https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ ; https://nvd.nist.gov/vuln/detail/CVE-2020-11023
Evidence
Type: Vendor Report
Signal: Successful Exploitation
Confidence: 80%
Source: cisa-kev
Details
| Cwes | CWE-79 |
|---|---|
| Feed | CISA Known Exploited Vulnerabilities Catalog |
| Product | JQuery |
| Due Date | 2025-02-13 |
| Date Added | 2025-01-23 |
| Vendorproject | JQuery |
| Vulnerabilityname | JQuery Cross-Site Scripting (XSS) Vulnerability |
| Knownransomwarecampaignuse | Unknown |
References
Created: 2026-02-02 13:24 UTC
| Updated: 2026-02-06 07:53 UTC
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-01-23T21:07:47.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://github.com/github/advisory-database/blob/99afa6fdeaf5d1d23e1021ff915a5e5dbc82c1f1/advisories/github-reviewed/2020/04/GHSA-jpcq-cgw6-v4j6/GHSA-jpcq-cgw6-v4j6.json#L20-L37"
},
{
"name": "DSA-4693",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4693"
},
{
"name": "FEDORA-2020-36d2db5f51",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jquery.com/upgrade-guide/3.5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200511-0006/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.drupal.org/sa-core-2020-002"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released"
},
{
"name": "openSUSE-SU-2020:1060",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html"
},
{
"name": "GLSA-202007-03",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-03"
},
{
"name": "openSUSE-SU-2020:1106",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"
},
{
"name": "[hive-issues] 20200813 [jira] [Assigned] (HIVE-24039) update jquery version to mitigate CVE-2020-11023",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-dev] 20200813 [jira] [Created] (HIVE-24039) update jquery version to mitigate CVE-2020-11023",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248%40%3Cdev.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20200813 [jira] [Updated] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-gitbox] 20200813 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c%40%3Cgitbox.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20200902 [jira] [Work started] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20200902 [jira] [Commented] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20200902 [jira] [Assigned] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20200902 [jira] [Comment Edited] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20200904 [jira] [Assigned] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-gitbox] 20200911 [GitHub] [hive] rajkrrsingh closed pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72%40%3Cgitbox.hive.apache.org%3E"
},
{
"name": "[hive-gitbox] 20200911 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61%40%3Cgitbox.hive.apache.org%3E"
},
{
"name": "[hive-gitbox] 20200912 [GitHub] [hive] rajkrrsingh closed pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93%40%3Cgitbox.hive.apache.org%3E"
},
{
"name": "[hive-gitbox] 20200912 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac%40%3Cgitbox.hive.apache.org%3E"
},
{
"name": "FEDORA-2020-fbb94073a1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/"
},
{
"name": "FEDORA-2020-0b32a59b54",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/"
},
{
"name": "[hive-issues] 20200915 [jira] [Resolved] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-commits] 20200915 [hive] branch master updated: HIVE-24039 : Update jquery version to mitigate CVE-2020-11023 (#1403)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9%40%3Ccommits.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20200915 [jira] [Work logged] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-gitbox] 20200915 [GitHub] [hive] kgyrtkirk merged pull request #1403: HIVE-24039 : Update jquery version to mitigate CVE-2020-11023",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c%40%3Cgitbox.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20200915 [jira] [Updated] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb%40%3Cissues.hive.apache.org%3E"
},
{
"name": "FEDORA-2020-fe94df8c34",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/"
},
{
"name": "[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "[flink-issues] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E"
},
{
"name": "openSUSE-SU-2020:1888",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html"
},
{
"name": "[flink-issues] 20201129 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[felix-dev] 20201208 [jira] [Created] (FELIX-6366) 1.0.3 \u003c jQuery \u003c3.4.0 is vulnerable to CVE-2020-11023",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330%40%3Cdev.felix.apache.org%3E"
},
{
"name": "[felix-dev] 20201208 [jira] [Updated] (FELIX-6366) 1.0.3 \u003c jQuery \u003c3.4.0 is vulnerable to CVE-2020-11023",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16%40%3Cdev.felix.apache.org%3E"
},
{
"name": "[felix-dev] 20201208 [GitHub] [felix-dev] cziegeler merged pull request #64: FELIX-6366 1.0.3 \u003c jQuery \u003c3.4.0 is vulnerable to CVE-2020-11023",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef%40%3Cdev.felix.apache.org%3E"
},
{
"name": "[felix-dev] 20201208 [GitHub] [felix-dev] abhishekgarg18 opened a new pull request #64: FELIX-6366 1.0.3 \u003c jQuery \u003c3.4.0 is vulnerable to CVE-2020-11023",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6%40%3Cdev.felix.apache.org%3E"
},
{
"name": "[felix-dev] 20201208 [jira] [Commented] (FELIX-6366) 1.0.3 \u003c jQuery \u003c3.4.0 is vulnerable to CVE-2020-11023",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e%40%3Cdev.felix.apache.org%3E"
},
{
"name": "[felix-dev] 20201208 [jira] [Assigned] (FELIX-6366) 1.0.3 \u003c jQuery \u003c3.4.0 is vulnerable to CVE-2020-11023",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817%40%3Cdev.felix.apache.org%3E"
},
{
"name": "[felix-commits] 20201208 [felix-dev] branch master updated: FELIX-6366 1.0.3 \u003c jQuery \u003c3.4.0 is vulnerable to CVE-2020-11023 (#64)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c%40%3Ccommits.felix.apache.org%3E"
},
{
"name": "[felix-dev] 20201208 [jira] [Updated] (FELIX-6366) 1.0.3 \u003c jQuery \u003c3.5.0 is vulnerable to CVE-2020-11023",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494%40%3Cdev.felix.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "[flink-issues] 20210209 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210209 [jira] [Comment Edited] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20210326 [SECURITY] [DLA 2608-1] jquery security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html"
},
{
"name": "[flink-issues] 20210422 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210422 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210429 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210429 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2021-10"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2021-02"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "[flink-issues] 20211031 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-11023",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T18:07:17.892570Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-01-23",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11023"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:35:45.230Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11023"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-23T00:00:00.000Z",
"value": "CVE-2020-11023 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "jQuery",
"vendor": "jquery",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.3, \u003c 3.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing \u003coption\u003e elements from untrusted sources - even after sanitizing it - to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T02:06:42.262Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "DSA-4693",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4693"
},
{
"name": "FEDORA-2020-36d2db5f51",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"url": "https://jquery.com/upgrade-guide/3.5/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20200511-0006/"
},
{
"url": "https://www.drupal.org/sa-core-2020-002"
},
{
"url": "https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6"
},
{
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released"
},
{
"name": "openSUSE-SU-2020:1060",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html"
},
{
"name": "GLSA-202007-03",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202007-03"
},
{
"name": "openSUSE-SU-2020:1106",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"
},
{
"name": "[hive-issues] 20200813 [jira] [Assigned] (HIVE-24039) update jquery version to mitigate CVE-2020-11023",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-dev] 20200813 [jira] [Created] (HIVE-24039) update jquery version to mitigate CVE-2020-11023",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248%40%3Cdev.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20200813 [jira] [Updated] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-gitbox] 20200813 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c%40%3Cgitbox.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20200902 [jira] [Work started] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20200902 [jira] [Commented] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20200902 [jira] [Assigned] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20200902 [jira] [Comment Edited] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20200904 [jira] [Assigned] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-gitbox] 20200911 [GitHub] [hive] rajkrrsingh closed pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72%40%3Cgitbox.hive.apache.org%3E"
},
{
"name": "[hive-gitbox] 20200911 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61%40%3Cgitbox.hive.apache.org%3E"
},
{
"name": "[hive-gitbox] 20200912 [GitHub] [hive] rajkrrsingh closed pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93%40%3Cgitbox.hive.apache.org%3E"
},
{
"name": "[hive-gitbox] 20200912 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac%40%3Cgitbox.hive.apache.org%3E"
},
{
"name": "FEDORA-2020-fbb94073a1",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/"
},
{
"name": "FEDORA-2020-0b32a59b54",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/"
},
{
"name": "[hive-issues] 20200915 [jira] [Resolved] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-commits] 20200915 [hive] branch master updated: HIVE-24039 : Update jquery version to mitigate CVE-2020-11023 (#1403)",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9%40%3Ccommits.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20200915 [jira] [Work logged] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-gitbox] 20200915 [GitHub] [hive] kgyrtkirk merged pull request #1403: HIVE-24039 : Update jquery version to mitigate CVE-2020-11023",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c%40%3Cgitbox.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20200915 [jira] [Updated] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb%40%3Cissues.hive.apache.org%3E"
},
{
"name": "FEDORA-2020-fe94df8c34",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/"
},
{
"name": "[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "[flink-issues] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E"
},
{
"name": "openSUSE-SU-2020:1888",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html"
},
{
"name": "[flink-issues] 20201129 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[felix-dev] 20201208 [jira] [Created] (FELIX-6366) 1.0.3 \u003c jQuery \u003c3.4.0 is vulnerable to CVE-2020-11023",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330%40%3Cdev.felix.apache.org%3E"
},
{
"name": "[felix-dev] 20201208 [jira] [Updated] (FELIX-6366) 1.0.3 \u003c jQuery \u003c3.4.0 is vulnerable to CVE-2020-11023",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16%40%3Cdev.felix.apache.org%3E"
},
{
"name": "[felix-dev] 20201208 [GitHub] [felix-dev] cziegeler merged pull request #64: FELIX-6366 1.0.3 \u003c jQuery \u003c3.4.0 is vulnerable to CVE-2020-11023",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef%40%3Cdev.felix.apache.org%3E"
},
{
"name": "[felix-dev] 20201208 [GitHub] [felix-dev] abhishekgarg18 opened a new pull request #64: FELIX-6366 1.0.3 \u003c jQuery \u003c3.4.0 is vulnerable to CVE-2020-11023",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6%40%3Cdev.felix.apache.org%3E"
},
{
"name": "[felix-dev] 20201208 [jira] [Commented] (FELIX-6366) 1.0.3 \u003c jQuery \u003c3.4.0 is vulnerable to CVE-2020-11023",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e%40%3Cdev.felix.apache.org%3E"
},
{
"name": "[felix-dev] 20201208 [jira] [Assigned] (FELIX-6366) 1.0.3 \u003c jQuery \u003c3.4.0 is vulnerable to CVE-2020-11023",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817%40%3Cdev.felix.apache.org%3E"
},
{
"name": "[felix-commits] 20201208 [felix-dev] branch master updated: FELIX-6366 1.0.3 \u003c jQuery \u003c3.4.0 is vulnerable to CVE-2020-11023 (#64)",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c%40%3Ccommits.felix.apache.org%3E"
},
{
"name": "[felix-dev] 20201208 [jira] [Updated] (FELIX-6366) 1.0.3 \u003c jQuery \u003c3.5.0 is vulnerable to CVE-2020-11023",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494%40%3Cdev.felix.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "[flink-issues] 20210209 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210209 [jira] [Comment Edited] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20210326 [SECURITY] [DLA 2608-1] jquery security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html"
},
{
"name": "[flink-issues] 20210422 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210422 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210429 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210429 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.tenable.com/security/tns-2021-10"
},
{
"url": "https://www.tenable.com/security/tns-2021-02"
},
{
"url": "http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "[flink-issues] 20211031 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"source": {
"advisory": "GHSA-jpcq-cgw6-v4j6",
"discovery": "UNKNOWN"
},
"title": "Potential XSS vulnerability in jQuery"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-11023",
"datePublished": "2020-04-29T00:00:00.000Z",
"dateReserved": "2020-03-30T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:35:45.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2020-11023",
"cwes": "[\"CWE-79\"]",
"dateAdded": "2025-01-23",
"dueDate": "2025-02-13",
"knownRansomwareCampaignUse": "Unknown",
"notes": "This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6 ; https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ ; https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
"product": "JQuery",
"requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"shortDescription": "JQuery contains a persistent cross-site scripting (XSS) vulnerability. When passing maliciously formed, untrusted input enclosed in HTML tags, JQuery\u0027s DOM manipulators can execute untrusted code in the context of the user\u0027s browser.",
"vendorProject": "JQuery",
"vulnerabilityName": "JQuery Cross-Site Scripting (XSS) Vulnerability"
},
"epss": {
"cve": "CVE-2020-11023",
"date": "2026-06-02",
"epss": "0.3466",
"percentile": "0.97094"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-11023\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2020-04-29T21:15:11.743\",\"lastModified\":\"2025-11-07T19:32:52.023\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing \u003coption\u003e elements from untrusted sources - even after sanitizing it - to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\"},{\"lang\":\"es\",\"value\":\"En jQuery versiones mayores o iguales a 1.0.3 y anteriores a la versi\u00f3n 3.5.0, passing HTML contiene elementos de fuentes no seguras \u2013 incluso despu\u00e9s de sanearlo \u2013 para uno de los m\u00e9todos de manipulaci\u00f3n de jQuery \u00b4s DOM ( i.e. html t(), adjunto (), y otros ) podr\u00edan ejecutar c\u00f3digos no seguros. Este problema est\u00e1 corregido en JQuery 3.5.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":4.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"cisaExploitAdd\":\"2025-01-23\",\"cisaActionDue\":\"2025-02-13\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"JQuery Cross-Site Scripting (XSS) Vulnerability\",\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.3\",\"versionEndExcluding\":\"3.5.0\",\"matchCriteriaId\":\"1888A4D3-5058-41FC-9F3B-E837CFC0505C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0\",\"versionEndExcluding\":\"7.70\",\"matchCriteriaId\":\"70C672EE-2027-4A29-8C14-3450DEF1462A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.7.0\",\"versionEndExcluding\":\"8.7.14\",\"matchCriteriaId\":\"BBFE42E2-6583-4EBE-B320-B8CF9CA0C3BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.8.0\",\"versionEndExcluding\":\"8.8.6\",\"matchCriteriaId\":\"7BA49DB0-ECC3-4155-B76C-0CA292600DE6\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20.2\",\"matchCriteriaId\":\"96FC5AC6-88AC-4C4D-8692-7489D6DE8E16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A125E817-F974-4509-872C-B71933F42AD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.7.0\",\"versionEndIncluding\":\"2.8.0\",\"matchCriteriaId\":\"660DB443-6250-4956-ABD1-C6A522B8DCCA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.4.0\",\"versionEndIncluding\":\"2.10.0\",\"matchCriteriaId\":\"3625D477-1338-46CB-90B1-7291D617DC39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.1.2\",\"matchCriteriaId\":\"D0DBC938-A782-433F-8BF1-CA250C332AA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2ECE8F5F-4417-4412-B857-F1ACDEED4FC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"B602F9E8-1580-436C-A26D-6E6F8121A583\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55D98C27-734F-490B-92D5-251805C841B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.4.0\",\"matchCriteriaId\":\"1A0E3537-CB5A-40BF-B42C-CED9211B8892\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C57FD3A-0CC1-4BA9-879A-8C4A40234162\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"698FB6D0-B26F-4760-9B9B-1C65FBFF2126\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F1D64BC-17BF-4DAE-B5FC-BC41F9C12DFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.1\",\"versionEndIncluding\":\"6.4\",\"matchCriteriaId\":\"324821D1-6A7A-4D46-A1C5-03D688F7A32A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.1\",\"versionEndIncluding\":\"4.3\",\"matchCriteriaId\":\"9264AF8A-3819-40E5-BBCB-3B6C95A0D828\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D52F557F-D0A0-43D3-85F1-F10B6EBFAEDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"062E4E7C-55BB-46F3-8B61-5A663B565891\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB43DFD4-D058-4001-BD19-488E059F4532\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"086E2E5C-44EB-4C07-B298-C04189533996\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA77B994-3872-4059-854B-0974AA5593D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5682DAEB-3810-4541-833A-568C868BCE0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01BC9AED-F81D-4344-AD97-EEF19B6EA8C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8198E762-9AD9-452B-B1AF-516E52436B7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51DB64CA-8953-43BB-AEA9-D0D7E91E9FE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CCE1968-016C-43C1-9EE1-FD9F978B688F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B5DBF4C-84BB-4537-BD8D-E10C5A4B69F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:health_sciences_inform:6.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52893362-272A-4AED-9167-6613C2E86385\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1F726C6-EA5A-40FF-8809-4F48E4AE6976\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD7C26E3-BB0D-4218-8176-319AEA2925C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD67072F-3CFC-480D-9360-81A05D523318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"652E762A-BCDD-451E-9DE3-F1555C1E4B16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A6675A3-684B-4486-A451-C6688F1C821B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.2.5.0\",\"matchCriteriaId\":\"3D4EF35F-B239-4820-936F-0FA51DECA8A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.2.5.0\",\"matchCriteriaId\":\"ABEF6749-518B-4D0F-8EA6-40E9FBE4CE0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.12.41\",\"matchCriteriaId\":\"61B4D874-CCF2-4C78-A823-69A62FA1F6C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0502309-C0D6-4530-9D92-F10B3B36DE14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.2\",\"versionEndIncluding\":\"16.2.11\",\"matchCriteriaId\":\"1CB8F81A-D028-4258-9A4F-ADEE25BE95FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.12.0\",\"versionEndIncluding\":\"17.12.7\",\"matchCriteriaId\":\"E4AA3854-C9FD-4287-85A0-EE7907D1E1ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.8.0\",\"versionEndIncluding\":\"18.8.9\",\"matchCriteriaId\":\"E8CD4002-F310-4BE4-AF7B-4BCCB17DA6FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"19.12.0\",\"versionEndIncluding\":\"19.12.4\",\"matchCriteriaId\":\"69112C56-7747-4E11-A938-85A481529F58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"36FC547E-861A-418C-A314-DA09A457B13A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"DF9FEE51-50E3-41E9-AA0D-272A640F85CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"E69E905F-2E1A-4462-9082-FF7B10474496\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"0F9B692C-8986-4F91-9EF4-2BB1E3B5C133\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"C5F4C40E-3ABC-4C59-B226-224262DCFF37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"20.12\",\"matchCriteriaId\":\"2FF424F8-E15C-415D-A170-EC6450F35282\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6953CFDB-33C0-4B8E-BBBD-E460A17E8ED3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7737E073-B46E-456E-807C-FBEA43872A33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D551CAB1-4312-44AA-BDA8-A030817E153A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"174A6D2E-E42E-4C92-A194-C6A820CD7EF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C93CC705-1F8C-4870-99E6-14BF264C3811\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F14A818F-AA16-4438-A3E4-E64C9287AC66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04BCDC24-4A21-473C-8733-0D9CFB38A752\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6770B6C3-732E-4E22-BF1C-2D2FD610061C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F9C8C20-42EB-4AB5-BD97-212DEB070C43\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FFF7106-ED78-49BA-9EC5-B889E3685D53\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E63D8B0F-006E-4801-BF9D-1C001BBFB4F9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56409CEC-5A1E-4450-AA42-641E459CC2AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B06F4839-D16A-4A61-9BB5-55B13F41E47F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"108A2215-50FB-4074-94CF-C130FA14566D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32F0B6C0-F930-480D-962B-3F4EFDCC13C7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"803BC414-B250-4E3A-A478-A3881340D6B8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FEB3337-BFDE-462A-908B-176F92053CEC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"736AEAE9-782B-4F71-9893-DED53367E102\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0B4AD8A-F172-4558-AEC6-FF424BA2D912\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8497A4C9-8474-4A62-8331-3FE862ED4098\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDDF61B7-EC5C-467C-B710-B89F502CD04F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*\",\"matchCriteriaId\":\"F3E0B672-3E06-4422-B2A4-0BD073AEC2A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*\",\"matchCriteriaId\":\"E8F29E19-3A64-4426-A2AA-F169440267CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"B55E8D50-99B4-47EC-86F9-699B67D473CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C2089EE-5D7F-47EC-8EA5-0F69790564C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B199052-5732-4726-B06B-A12C70DFB891\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:hci_baseboard_management_controller:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C93821CF-3117-4763-8163-DD49F6D2CA8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD1FCB0D-3E19-4461-9330-4D7F02972A35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0\",\"versionEndIncluding\":\"3.1.3\",\"matchCriteriaId\":\"B9273745-6408-4CD3-94E8-9385D4F5FE69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F4754FB-E3EB-454A-AB1A-AE3835C5350C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E788440A-02B0-45F5-AFBC-7109F3177033\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.0.9\",\"matchCriteriaId\":\"4ACF85D6-6B45-43DA-9C01-F0208186F014\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Broken Link\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://blog.jquery.com/2020/04/10/jquery-3-5-0-released\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://jquery.com/upgrade-guide/3.5/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb%40%3Cissues.hive.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6%40%3Cdev.felix.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec%40%3Cissues.hive.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c%40%3Cgitbox.hive.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330%40%3Cdev.felix.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef%40%3Cdev.felix.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5%40%3Cissues.hive.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16%40%3Cdev.felix.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494%40%3Cdev.felix.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1%40%3Cissues.hive.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49%40%3Cissues.hive.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c%40%3Ccommits.felix.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15%40%3Cissues.hive.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e%40%3Cdev.felix.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac%40%3Cgitbox.hive.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72%40%3Cgitbox.hive.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c%40%3Cgitbox.hive.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6%40%3Cissues.hive.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9%40%3Ccommits.hive.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea%40%3Cissues.hive.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61%40%3Cgitbox.hive.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7%40%3Cissues.hive.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9%40%3Cissues.hive.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817%40%3Cdev.felix.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93%40%3Cgitbox.hive.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248%40%3Cdev.hive.apache.org%3E\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202007-03\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20200511-0006/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4693\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.drupal.org/sa-core-2020-002\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2021-02\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2021-10\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://blog.jquery.com/2020/04/10/jquery-3-5-0-released\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/github/advisory-database/blob/99afa6fdeaf5d1d23e1021ff915a5e5dbc82c1f1/advisories/github-reviewed/2020/04/GHSA-jpcq-cgw6-v4j6/GHSA-jpcq-cgw6-v4j6.json#L20-L37\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://jquery.com/upgrade-guide/3.5/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb%40%3Cissues.hive.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6%40%3Cdev.felix.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec%40%3Cissues.hive.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c%40%3Cgitbox.hive.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330%40%3Cdev.felix.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef%40%3Cdev.felix.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5%40%3Cissues.hive.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16%40%3Cdev.felix.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494%40%3Cdev.felix.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1%40%3Cissues.hive.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49%40%3Cissues.hive.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c%40%3Ccommits.felix.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15%40%3Cissues.hive.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e%40%3Cdev.felix.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac%40%3Cgitbox.hive.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72%40%3Cgitbox.hive.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c%40%3Cgitbox.hive.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6%40%3Cissues.hive.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9%40%3Ccommits.hive.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea%40%3Cissues.hive.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61%40%3Cgitbox.hive.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7%40%3Cissues.hive.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9%40%3Cissues.hive.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817%40%3Cdev.felix.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93%40%3Cgitbox.hive.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248%40%3Cdev.hive.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202007-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20200511-0006/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4693\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.drupal.org/sa-core-2020-002\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2021-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2021-10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11023\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/github/advisory-database/blob/99afa6fdeaf5d1d23e1021ff915a5e5dbc82c1f1/advisories/github-reviewed/2020/04/GHSA-jpcq-cgw6-v4j6/GHSA-jpcq-cgw6-v4j6.json#L20-L37\"}, {\"url\": \"https://www.debian.org/security/2020/dsa-4693\", \"name\": \"DSA-4693\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/\", \"name\": \"FEDORA-2020-36d2db5f51\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://jquery.com/upgrade-guide/3.5/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200511-0006/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.drupal.org/sa-core-2020-002\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://blog.jquery.com/2020/04/10/jquery-3-5-0-released\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html\", \"name\": \"openSUSE-SU-2020:1060\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202007-03\", \"name\": \"GLSA-202007-03\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html\", \"name\": \"openSUSE-SU-2020:1106\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec%40%3Cissues.hive.apache.org%3E\", \"name\": \"[hive-issues] 20200813 [jira] [Assigned] (HIVE-24039) update jquery version to mitigate CVE-2020-11023\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248%40%3Cdev.hive.apache.org%3E\", \"name\": \"[hive-dev] 20200813 [jira] [Created] (HIVE-24039) update jquery version to mitigate CVE-2020-11023\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15%40%3Cissues.hive.apache.org%3E\", \"name\": \"[hive-issues] 20200813 [jira] [Updated] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c%40%3Cgitbox.hive.apache.org%3E\", \"name\": \"[hive-gitbox] 20200813 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea%40%3Cissues.hive.apache.org%3E\", \"name\": \"[hive-issues] 20200902 [jira] [Work started] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9%40%3Cissues.hive.apache.org%3E\", \"name\": \"[hive-issues] 20200902 [jira] [Commented] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49%40%3Cissues.hive.apache.org%3E\", \"name\": \"[hive-issues] 20200902 [jira] [Assigned] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7%40%3Cissues.hive.apache.org%3E\", \"name\": \"[hive-issues] 20200902 [jira] [Comment Edited] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5%40%3Cissues.hive.apache.org%3E\", \"name\": \"[hive-issues] 20200904 [jira] [Assigned] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72%40%3Cgitbox.hive.apache.org%3E\", \"name\": \"[hive-gitbox] 20200911 [GitHub] [hive] rajkrrsingh closed pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61%40%3Cgitbox.hive.apache.org%3E\", \"name\": \"[hive-gitbox] 20200911 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93%40%3Cgitbox.hive.apache.org%3E\", \"name\": \"[hive-gitbox] 20200912 [GitHub] [hive] rajkrrsingh closed pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac%40%3Cgitbox.hive.apache.org%3E\", \"name\": \"[hive-gitbox] 20200912 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/\", \"name\": \"FEDORA-2020-fbb94073a1\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/\", \"name\": \"FEDORA-2020-0b32a59b54\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6%40%3Cissues.hive.apache.org%3E\", \"name\": \"[hive-issues] 20200915 [jira] [Resolved] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9%40%3Ccommits.hive.apache.org%3E\", \"name\": \"[hive-commits] 20200915 [hive] branch master updated: HIVE-24039 : Update jquery version to mitigate CVE-2020-11023 (#1403)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1%40%3Cissues.hive.apache.org%3E\", \"name\": \"[hive-issues] 20200915 [jira] [Work logged] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c%40%3Cgitbox.hive.apache.org%3E\", \"name\": \"[hive-gitbox] 20200915 [GitHub] [hive] kgyrtkirk merged pull request #1403: HIVE-24039 : Update jquery version to mitigate CVE-2020-11023\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb%40%3Cissues.hive.apache.org%3E\", \"name\": \"[hive-issues] 20200915 [jira] [Updated] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/\", \"name\": \"FEDORA-2020-fe94df8c34\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E\", \"name\": \"[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E\", \"name\": \"[flink-issues] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E\", \"name\": \"[flink-dev] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html\", \"name\": \"openSUSE-SU-2020:1888\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E\", \"name\": \"[flink-issues] 20201129 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330%40%3Cdev.felix.apache.org%3E\", \"name\": \"[felix-dev] 20201208 [jira] [Created] (FELIX-6366) 1.0.3 \u003c jQuery \u003c3.4.0 is vulnerable to CVE-2020-11023\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16%40%3Cdev.felix.apache.org%3E\", \"name\": \"[felix-dev] 20201208 [jira] [Updated] (FELIX-6366) 1.0.3 \u003c jQuery \u003c3.4.0 is vulnerable to CVE-2020-11023\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef%40%3Cdev.felix.apache.org%3E\", \"name\": \"[felix-dev] 20201208 [GitHub] [felix-dev] cziegeler merged pull request #64: FELIX-6366 1.0.3 \u003c jQuery \u003c3.4.0 is vulnerable to CVE-2020-11023\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6%40%3Cdev.felix.apache.org%3E\", \"name\": \"[felix-dev] 20201208 [GitHub] [felix-dev] abhishekgarg18 opened a new pull request #64: FELIX-6366 1.0.3 \u003c jQuery \u003c3.4.0 is vulnerable to CVE-2020-11023\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e%40%3Cdev.felix.apache.org%3E\", \"name\": \"[felix-dev] 20201208 [jira] [Commented] (FELIX-6366) 1.0.3 \u003c jQuery \u003c3.4.0 is vulnerable to CVE-2020-11023\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817%40%3Cdev.felix.apache.org%3E\", \"name\": \"[felix-dev] 20201208 [jira] [Assigned] (FELIX-6366) 1.0.3 \u003c jQuery \u003c3.4.0 is vulnerable to CVE-2020-11023\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c%40%3Ccommits.felix.apache.org%3E\", \"name\": \"[felix-commits] 20201208 [felix-dev] branch master updated: FELIX-6366 1.0.3 \u003c jQuery \u003c3.4.0 is vulnerable to CVE-2020-11023 (#64)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494%40%3Cdev.felix.apache.org%3E\", \"name\": \"[felix-dev] 20201208 [jira] [Updated] (FELIX-6366) 1.0.3 \u003c jQuery \u003c3.5.0 is vulnerable to CVE-2020-11023\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2021.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E\", \"name\": \"[flink-issues] 20210209 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E\", \"name\": \"[flink-issues] 20210209 [jira] [Comment Edited] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html\", \"name\": \"[debian-lts-announce] 20210326 [SECURITY] [DLA 2608-1] jquery security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E\", \"name\": \"[flink-issues] 20210422 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E\", \"name\": \"[flink-issues] 20210422 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E\", \"name\": \"[flink-issues] 20210429 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E\", \"name\": \"[flink-issues] 20210429 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuApr2021.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.tenable.com/security/tns-2021-10\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.tenable.com/security/tns-2021-02\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.oracle.com//security-alerts/cpujul2021.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E\", \"name\": \"[flink-issues] 20211031 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2022.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html\", \"name\": \"[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}], \"x_generator\": {\"engine\": \"ADPogram 0.0.1\"}, \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-01-23T21:07:47.681Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-11023\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-23T18:07:17.892570Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2025-01-23\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11023\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-01-23T00:00:00.000Z\", \"value\": \"CVE-2020-11023 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11023\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-23T18:07:28.808Z\"}}], \"cna\": {\"title\": \"Potential XSS vulnerability in jQuery\", \"source\": {\"advisory\": \"GHSA-jpcq-cgw6-v4j6\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"jquery\", \"product\": \"jQuery\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 1.0.3, \u003c 3.5.0\"}]}], \"references\": [{\"url\": \"https://www.debian.org/security/2020/dsa-4693\", \"name\": \"DSA-4693\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/\", \"name\": \"FEDORA-2020-36d2db5f51\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\"}, {\"url\": \"https://jquery.com/upgrade-guide/3.5/\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200511-0006/\"}, {\"url\": \"https://www.drupal.org/sa-core-2020-002\"}, {\"url\": \"https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6\"}, {\"url\": \"https://blog.jquery.com/2020/04/10/jquery-3-5-0-released\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html\", \"name\": \"openSUSE-SU-2020:1060\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202007-03\", \"name\": \"GLSA-202007-03\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html\", \"name\": \"openSUSE-SU-2020:1106\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec%40%3Cissues.hive.apache.org%3E\", \"name\": \"[hive-issues] 20200813 [jira] [Assigned] (HIVE-24039) update jquery version to mitigate CVE-2020-11023\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248%40%3Cdev.hive.apache.org%3E\", \"name\": \"[hive-dev] 20200813 [jira] [Created] (HIVE-24039) update jquery version to mitigate CVE-2020-11023\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15%40%3Cissues.hive.apache.org%3E\", \"name\": \"[hive-issues] 20200813 [jira] [Updated] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c%40%3Cgitbox.hive.apache.org%3E\", \"name\": \"[hive-gitbox] 20200813 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea%40%3Cissues.hive.apache.org%3E\", \"name\": \"[hive-issues] 20200902 [jira] [Work started] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9%40%3Cissues.hive.apache.org%3E\", \"name\": \"[hive-issues] 20200902 [jira] [Commented] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49%40%3Cissues.hive.apache.org%3E\", \"name\": \"[hive-issues] 20200902 [jira] [Assigned] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7%40%3Cissues.hive.apache.org%3E\", \"name\": \"[hive-issues] 20200902 [jira] [Comment Edited] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5%40%3Cissues.hive.apache.org%3E\", \"name\": \"[hive-issues] 20200904 [jira] [Assigned] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72%40%3Cgitbox.hive.apache.org%3E\", \"name\": \"[hive-gitbox] 20200911 [GitHub] [hive] rajkrrsingh closed pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61%40%3Cgitbox.hive.apache.org%3E\", \"name\": \"[hive-gitbox] 20200911 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93%40%3Cgitbox.hive.apache.org%3E\", \"name\": \"[hive-gitbox] 20200912 [GitHub] [hive] rajkrrsingh closed pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac%40%3Cgitbox.hive.apache.org%3E\", \"name\": \"[hive-gitbox] 20200912 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/\", \"name\": \"FEDORA-2020-fbb94073a1\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/\", \"name\": \"FEDORA-2020-0b32a59b54\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6%40%3Cissues.hive.apache.org%3E\", \"name\": \"[hive-issues] 20200915 [jira] [Resolved] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9%40%3Ccommits.hive.apache.org%3E\", \"name\": \"[hive-commits] 20200915 [hive] branch master updated: HIVE-24039 : Update jquery version to mitigate CVE-2020-11023 (#1403)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1%40%3Cissues.hive.apache.org%3E\", \"name\": \"[hive-issues] 20200915 [jira] [Work logged] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c%40%3Cgitbox.hive.apache.org%3E\", \"name\": \"[hive-gitbox] 20200915 [GitHub] [hive] kgyrtkirk merged pull request #1403: HIVE-24039 : Update jquery version to mitigate CVE-2020-11023\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb%40%3Cissues.hive.apache.org%3E\", \"name\": \"[hive-issues] 20200915 [jira] [Updated] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/\", \"name\": \"FEDORA-2020-fe94df8c34\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E\", \"name\": \"[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\"}, {\"url\": \"https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E\", \"name\": \"[flink-issues] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E\", \"name\": \"[flink-dev] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html\", \"name\": \"openSUSE-SU-2020:1888\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E\", \"name\": \"[flink-issues] 20201129 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330%40%3Cdev.felix.apache.org%3E\", \"name\": \"[felix-dev] 20201208 [jira] [Created] (FELIX-6366) 1.0.3 \u003c jQuery \u003c3.4.0 is vulnerable to CVE-2020-11023\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16%40%3Cdev.felix.apache.org%3E\", \"name\": \"[felix-dev] 20201208 [jira] [Updated] (FELIX-6366) 1.0.3 \u003c jQuery \u003c3.4.0 is vulnerable to CVE-2020-11023\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef%40%3Cdev.felix.apache.org%3E\", \"name\": \"[felix-dev] 20201208 [GitHub] [felix-dev] cziegeler merged pull request #64: FELIX-6366 1.0.3 \u003c jQuery \u003c3.4.0 is vulnerable to CVE-2020-11023\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6%40%3Cdev.felix.apache.org%3E\", \"name\": \"[felix-dev] 20201208 [GitHub] [felix-dev] abhishekgarg18 opened a new pull request #64: FELIX-6366 1.0.3 \u003c jQuery \u003c3.4.0 is vulnerable to CVE-2020-11023\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e%40%3Cdev.felix.apache.org%3E\", \"name\": \"[felix-dev] 20201208 [jira] [Commented] (FELIX-6366) 1.0.3 \u003c jQuery \u003c3.4.0 is vulnerable to CVE-2020-11023\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817%40%3Cdev.felix.apache.org%3E\", \"name\": \"[felix-dev] 20201208 [jira] [Assigned] (FELIX-6366) 1.0.3 \u003c jQuery \u003c3.4.0 is vulnerable to CVE-2020-11023\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c%40%3Ccommits.felix.apache.org%3E\", \"name\": \"[felix-commits] 20201208 [felix-dev] branch master updated: FELIX-6366 1.0.3 \u003c jQuery \u003c3.4.0 is vulnerable to CVE-2020-11023 (#64)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494%40%3Cdev.felix.apache.org%3E\", \"name\": \"[felix-dev] 20201208 [jira] [Updated] (FELIX-6366) 1.0.3 \u003c jQuery \u003c3.5.0 is vulnerable to CVE-2020-11023\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2021.html\"}, {\"url\": \"https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E\", \"name\": \"[flink-issues] 20210209 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E\", \"name\": \"[flink-issues] 20210209 [jira] [Comment Edited] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html\", \"name\": \"[debian-lts-announce] 20210326 [SECURITY] [DLA 2608-1] jquery security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E\", \"name\": \"[flink-issues] 20210422 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E\", \"name\": \"[flink-issues] 20210422 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E\", \"name\": \"[flink-issues] 20210429 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E\", \"name\": \"[flink-issues] 20210429 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuApr2021.html\"}, {\"url\": \"https://www.tenable.com/security/tns-2021-10\"}, {\"url\": \"https://www.tenable.com/security/tns-2021-02\"}, {\"url\": \"http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html\"}, {\"url\": \"https://www.oracle.com//security-alerts/cpujul2021.html\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\"}, {\"url\": \"https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E\", \"name\": \"[flink-issues] 20211031 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2022.html\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html\", \"name\": \"[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update\", \"tags\": [\"mailing-list\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing \u003coption\u003e elements from untrusted sources - even after sanitizing it - to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-08-31T02:06:42.262Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2020-11023\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:35:45.230Z\", \"dateReserved\": \"2020-03-30T00:00:00.000Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2020-04-29T00:00:00.000Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
OPENSUSE-SU-2020:1060-1
Vulnerability from csaf_opensuse - Published: 2020-07-25 18:21 - Updated: 2020-07-25 18:21Summary
Security update for cacti, cacti-spine
Severity
Moderate
Notes
Title of the patch: Security update for cacti, cacti-spine
Description of the patch: This update for cacti, cacti-spine fixes the following issues:
- cacti 1.2.13:
* Query XSS vulnerabilities require vendor package update
(CVE-2020-11022 / CVE-2020-11023)
* Lack of escaping on some pages can lead to XSS exposure
* Update PHPMailer to 6.1.6 (CVE-2020-13625)
* SQL Injection vulnerability due to input validation failure when
editing colors (CVE-2020-14295, boo#1173090)
* Lack of escaping on template import can lead to XSS exposure
- switch from cron to systemd timers (boo#1115436):
+ cacti-cron.timer
+ cacti-cron.service
- avoid potential root escalation on systems with fs.protected_hardlinks=0
(boo#1154087): handle directory permissions in file section instead
of using chown during post installation
- rewrote apache configuration to get rid of .htaccess files and
explicitely disable directory permissions per default
(only allow a limited, well-known set of directories)
Patchnames: openSUSE-2020-1060
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.1 (Medium)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:cacti-1.2.13-11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.13-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.13-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.13-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.13-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-1.2.13-11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cacti-1.2.13-11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:cacti-1.2.13-11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.13-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.13-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.13-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.13-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-1.2.13-11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cacti-1.2.13-11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:cacti-1.2.13-11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.13-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.13-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.13-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.13-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-1.2.13-11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cacti-1.2.13-11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.2 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:cacti-1.2.13-11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.13-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.13-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.13-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.13-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-1.2.13-11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cacti-1.2.13-11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
23 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for cacti, cacti-spine",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for cacti, cacti-spine fixes the following issues:\n\n- cacti 1.2.13:\n\n * Query XSS vulnerabilities require vendor package update\n (CVE-2020-11022 / CVE-2020-11023)\n * Lack of escaping on some pages can lead to XSS exposure\n * Update PHPMailer to 6.1.6 (CVE-2020-13625)\n * SQL Injection vulnerability due to input validation failure when\n editing colors (CVE-2020-14295, boo#1173090)\n * Lack of escaping on template import can lead to XSS exposure\n\n- switch from cron to systemd timers (boo#1115436):\n + cacti-cron.timer\n + cacti-cron.service\n- avoid potential root escalation on systems with fs.protected_hardlinks=0\n (boo#1154087): handle directory permissions in file section instead\n of using chown during post installation\n- rewrote apache configuration to get rid of .htaccess files and \n explicitely disable directory permissions per default \n (only allow a limited, well-known set of directories)\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-1060",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1060-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:1060-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VVPI65AW45TXMRAYCWJ6YJT3LF4GIMWL/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:1060-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VVPI65AW45TXMRAYCWJ6YJT3LF4GIMWL/"
},
{
"category": "self",
"summary": "SUSE Bug 1115436",
"url": "https://bugzilla.suse.com/1115436"
},
{
"category": "self",
"summary": "SUSE Bug 1154087",
"url": "https://bugzilla.suse.com/1154087"
},
{
"category": "self",
"summary": "SUSE Bug 1173090",
"url": "https://bugzilla.suse.com/1173090"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11022 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11022/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11023 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11023/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13625 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13625/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14295 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14295/"
}
],
"title": "Security update for cacti, cacti-spine",
"tracking": {
"current_release_date": "2020-07-25T18:21:21Z",
"generator": {
"date": "2020-07-25T18:21:21Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:1060-1",
"initial_release_date": "2020-07-25T18:21:21Z",
"revision_history": [
{
"date": "2020-07-25T18:21:21Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cacti-spine-1.2.13-8.1.aarch64",
"product": {
"name": "cacti-spine-1.2.13-8.1.aarch64",
"product_id": "cacti-spine-1.2.13-8.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cacti-1.2.13-11.1.noarch",
"product": {
"name": "cacti-1.2.13-11.1.noarch",
"product_id": "cacti-1.2.13-11.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cacti-spine-1.2.13-8.1.ppc64le",
"product": {
"name": "cacti-spine-1.2.13-8.1.ppc64le",
"product_id": "cacti-spine-1.2.13-8.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cacti-spine-1.2.13-8.1.s390x",
"product": {
"name": "cacti-spine-1.2.13-8.1.s390x",
"product_id": "cacti-spine-1.2.13-8.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cacti-spine-1.2.13-8.1.x86_64",
"product": {
"name": "cacti-spine-1.2.13-8.1.x86_64",
"product_id": "cacti-spine-1.2.13-8.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12",
"product": {
"name": "SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-1.2.13-11.1.noarch as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:cacti-1.2.13-11.1.noarch"
},
"product_reference": "cacti-1.2.13-11.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.13-8.1.aarch64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:cacti-spine-1.2.13-8.1.aarch64"
},
"product_reference": "cacti-spine-1.2.13-8.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.13-8.1.ppc64le as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:cacti-spine-1.2.13-8.1.ppc64le"
},
"product_reference": "cacti-spine-1.2.13-8.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.13-8.1.s390x as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:cacti-spine-1.2.13-8.1.s390x"
},
"product_reference": "cacti-spine-1.2.13-8.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.13-8.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:cacti-spine-1.2.13-8.1.x86_64"
},
"product_reference": "cacti-spine-1.2.13-8.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-1.2.13-11.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:cacti-1.2.13-11.1.noarch"
},
"product_reference": "cacti-1.2.13-11.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.13-8.1.aarch64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.aarch64"
},
"product_reference": "cacti-spine-1.2.13-8.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.13-8.1.ppc64le as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.ppc64le"
},
"product_reference": "cacti-spine-1.2.13-8.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.13-8.1.s390x as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.s390x"
},
"product_reference": "cacti-spine-1.2.13-8.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.13-8.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.x86_64"
},
"product_reference": "cacti-spine-1.2.13-8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-1.2.13-11.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:cacti-1.2.13-11.1.noarch"
},
"product_reference": "cacti-1.2.13-11.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.13-8.1.aarch64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.aarch64"
},
"product_reference": "cacti-spine-1.2.13-8.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.13-8.1.ppc64le as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.ppc64le"
},
"product_reference": "cacti-spine-1.2.13-8.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.13-8.1.s390x as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.s390x"
},
"product_reference": "cacti-spine-1.2.13-8.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.13-8.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.x86_64"
},
"product_reference": "cacti-spine-1.2.13-8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-11022",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11022"
}
],
"notes": [
{
"category": "general",
"text": "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:cacti-1.2.13-11.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.13-11.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.x86_64",
"openSUSE Leap 15.2:cacti-1.2.13-11.1.noarch",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.aarch64",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.ppc64le",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.s390x",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11022",
"url": "https://www.suse.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "SUSE Bug 1173090 for CVE-2020-11022",
"url": "https://bugzilla.suse.com/1173090"
},
{
"category": "external",
"summary": "SUSE Bug 1178434 for CVE-2020-11022",
"url": "https://bugzilla.suse.com/1178434"
},
{
"category": "external",
"summary": "SUSE Bug 1190663 for CVE-2020-11022",
"url": "https://bugzilla.suse.com/1190663"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:cacti-1.2.13-11.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.13-11.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.x86_64",
"openSUSE Leap 15.2:cacti-1.2.13-11.1.noarch",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.aarch64",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.ppc64le",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.s390x",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12:cacti-1.2.13-11.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.13-11.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.x86_64",
"openSUSE Leap 15.2:cacti-1.2.13-11.1.noarch",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.aarch64",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.ppc64le",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.s390x",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-25T18:21:21Z",
"details": "moderate"
}
],
"title": "CVE-2020-11022"
},
{
"cve": "CVE-2020-11023",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11023"
}
],
"notes": [
{
"category": "general",
"text": "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing \u003coption\u003e elements from untrusted sources - even after sanitizing it - to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:cacti-1.2.13-11.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.13-11.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.x86_64",
"openSUSE Leap 15.2:cacti-1.2.13-11.1.noarch",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.aarch64",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.ppc64le",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.s390x",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11023",
"url": "https://www.suse.com/security/cve/CVE-2020-11023"
},
{
"category": "external",
"summary": "SUSE Bug 1173090 for CVE-2020-11023",
"url": "https://bugzilla.suse.com/1173090"
},
{
"category": "external",
"summary": "SUSE Bug 1178434 for CVE-2020-11023",
"url": "https://bugzilla.suse.com/1178434"
},
{
"category": "external",
"summary": "SUSE Bug 1190660 for CVE-2020-11023",
"url": "https://bugzilla.suse.com/1190660"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:cacti-1.2.13-11.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.13-11.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.x86_64",
"openSUSE Leap 15.2:cacti-1.2.13-11.1.noarch",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.aarch64",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.ppc64le",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.s390x",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12:cacti-1.2.13-11.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.13-11.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.x86_64",
"openSUSE Leap 15.2:cacti-1.2.13-11.1.noarch",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.aarch64",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.ppc64le",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.s390x",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-25T18:21:21Z",
"details": "moderate"
}
],
"title": "CVE-2020-11023"
},
{
"cve": "CVE-2020-13625",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13625"
}
],
"notes": [
{
"category": "general",
"text": "PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:cacti-1.2.13-11.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.13-11.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.x86_64",
"openSUSE Leap 15.2:cacti-1.2.13-11.1.noarch",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.aarch64",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.ppc64le",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.s390x",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13625",
"url": "https://www.suse.com/security/cve/CVE-2020-13625"
},
{
"category": "external",
"summary": "SUSE Bug 1173090 for CVE-2020-13625",
"url": "https://bugzilla.suse.com/1173090"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:cacti-1.2.13-11.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.13-11.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.x86_64",
"openSUSE Leap 15.2:cacti-1.2.13-11.1.noarch",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.aarch64",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.ppc64le",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.s390x",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12:cacti-1.2.13-11.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.13-11.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.x86_64",
"openSUSE Leap 15.2:cacti-1.2.13-11.1.noarch",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.aarch64",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.ppc64le",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.s390x",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-25T18:21:21Z",
"details": "important"
}
],
"title": "CVE-2020-13625"
},
{
"cve": "CVE-2020-14295",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14295"
}
],
"notes": [
{
"category": "general",
"text": "A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:cacti-1.2.13-11.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.13-11.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.x86_64",
"openSUSE Leap 15.2:cacti-1.2.13-11.1.noarch",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.aarch64",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.ppc64le",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.s390x",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14295",
"url": "https://www.suse.com/security/cve/CVE-2020-14295"
},
{
"category": "external",
"summary": "SUSE Bug 1173090 for CVE-2020-14295",
"url": "https://bugzilla.suse.com/1173090"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:cacti-1.2.13-11.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.13-11.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.x86_64",
"openSUSE Leap 15.2:cacti-1.2.13-11.1.noarch",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.aarch64",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.ppc64le",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.s390x",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12:cacti-1.2.13-11.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.13-8.1.x86_64",
"openSUSE Leap 15.1:cacti-1.2.13-11.1.noarch",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.aarch64",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.ppc64le",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.s390x",
"openSUSE Leap 15.1:cacti-spine-1.2.13-8.1.x86_64",
"openSUSE Leap 15.2:cacti-1.2.13-11.1.noarch",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.aarch64",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.ppc64le",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.s390x",
"openSUSE Leap 15.2:cacti-spine-1.2.13-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-25T18:21:21Z",
"details": "important"
}
],
"title": "CVE-2020-14295"
}
]
}
OPENSUSE-SU-2020:1106-1
Vulnerability from csaf_opensuse - Published: 2020-07-27 21:28 - Updated: 2020-07-27 21:28Summary
Security update for cacti, cacti-spine
Severity
Moderate
Notes
Title of the patch: Security update for cacti, cacti-spine
Description of the patch: This update for cacti, cacti-spine fixes the following issues:
- cacti 1.2.13:
* Query XSS vulnerabilities require vendor package update
(CVE-2020-11022 / CVE-2020-11023)
* Lack of escaping on some pages can lead to XSS exposure
* Update PHPMailer to 6.1.6 (CVE-2020-13625)
* SQL Injection vulnerability due to input validation failure when
editing colors (CVE-2020-14295, boo#1173090)
* Lack of escaping on template import can lead to XSS exposure
- switch from cron to systemd timers (boo#1115436):
+ cacti-cron.timer
+ cacti-cron.service
- avoid potential root escalation on systems with fs.protected_hardlinks=0
(boo#1154087): handle directory permissions in file section instead
of using chown during post installation
- rewrote apache configuration to get rid of .htaccess files and
explicitely disable directory permissions per default
(only allow a limited, well-known set of directories)
This update was imported from the openSUSE:Leap:15.1:Update update project.
Patchnames: openSUSE-2020-1106
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.1 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-1.2.13-bp151.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-1.2.13-bp151.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-1.2.13-bp151.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.2 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-1.2.13-bp151.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
23 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for cacti, cacti-spine",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for cacti, cacti-spine fixes the following issues:\n\n- cacti 1.2.13:\n\n * Query XSS vulnerabilities require vendor package update\n (CVE-2020-11022 / CVE-2020-11023)\n * Lack of escaping on some pages can lead to XSS exposure\n * Update PHPMailer to 6.1.6 (CVE-2020-13625)\n * SQL Injection vulnerability due to input validation failure when\n editing colors (CVE-2020-14295, boo#1173090)\n * Lack of escaping on template import can lead to XSS exposure\n\n- switch from cron to systemd timers (boo#1115436):\n + cacti-cron.timer\n + cacti-cron.service\n- avoid potential root escalation on systems with fs.protected_hardlinks=0\n (boo#1154087): handle directory permissions in file section instead\n of using chown during post installation\n- rewrote apache configuration to get rid of .htaccess files and \n explicitely disable directory permissions per default \n (only allow a limited, well-known set of directories)\n\n\nThis update was imported from the openSUSE:Leap:15.1:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-1106",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1106-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:1106-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4IXKYESUUIOBHBKL32YKWOWHSJKS7RN3/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:1106-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4IXKYESUUIOBHBKL32YKWOWHSJKS7RN3/"
},
{
"category": "self",
"summary": "SUSE Bug 1115436",
"url": "https://bugzilla.suse.com/1115436"
},
{
"category": "self",
"summary": "SUSE Bug 1154087",
"url": "https://bugzilla.suse.com/1154087"
},
{
"category": "self",
"summary": "SUSE Bug 1173090",
"url": "https://bugzilla.suse.com/1173090"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11022 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11022/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11023 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11023/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13625 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13625/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14295 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14295/"
}
],
"title": "Security update for cacti, cacti-spine",
"tracking": {
"current_release_date": "2020-07-27T21:28:47Z",
"generator": {
"date": "2020-07-27T21:28:47Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:1106-1",
"initial_release_date": "2020-07-27T21:28:47Z",
"revision_history": [
{
"date": "2020-07-27T21:28:47Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cacti-spine-1.2.13-bp151.4.12.1.aarch64",
"product": {
"name": "cacti-spine-1.2.13-bp151.4.12.1.aarch64",
"product_id": "cacti-spine-1.2.13-bp151.4.12.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cacti-1.2.13-bp151.4.12.1.noarch",
"product": {
"name": "cacti-1.2.13-bp151.4.12.1.noarch",
"product_id": "cacti-1.2.13-bp151.4.12.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cacti-spine-1.2.13-bp151.4.12.1.ppc64le",
"product": {
"name": "cacti-spine-1.2.13-bp151.4.12.1.ppc64le",
"product_id": "cacti-spine-1.2.13-bp151.4.12.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cacti-spine-1.2.13-bp151.4.12.1.s390x",
"product": {
"name": "cacti-spine-1.2.13-bp151.4.12.1.s390x",
"product_id": "cacti-spine-1.2.13-bp151.4.12.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cacti-spine-1.2.13-bp151.4.12.1.x86_64",
"product": {
"name": "cacti-spine-1.2.13-bp151.4.12.1.x86_64",
"product_id": "cacti-spine-1.2.13-bp151.4.12.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP1",
"product": {
"name": "SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-1.2.13-bp151.4.12.1.noarch as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:cacti-1.2.13-bp151.4.12.1.noarch"
},
"product_reference": "cacti-1.2.13-bp151.4.12.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.13-bp151.4.12.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.aarch64"
},
"product_reference": "cacti-spine-1.2.13-bp151.4.12.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.13-bp151.4.12.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.ppc64le"
},
"product_reference": "cacti-spine-1.2.13-bp151.4.12.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.13-bp151.4.12.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.s390x"
},
"product_reference": "cacti-spine-1.2.13-bp151.4.12.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.13-bp151.4.12.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.x86_64"
},
"product_reference": "cacti-spine-1.2.13-bp151.4.12.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-11022",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11022"
}
],
"notes": [
{
"category": "general",
"text": "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:cacti-1.2.13-bp151.4.12.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11022",
"url": "https://www.suse.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "SUSE Bug 1173090 for CVE-2020-11022",
"url": "https://bugzilla.suse.com/1173090"
},
{
"category": "external",
"summary": "SUSE Bug 1178434 for CVE-2020-11022",
"url": "https://bugzilla.suse.com/1178434"
},
{
"category": "external",
"summary": "SUSE Bug 1190663 for CVE-2020-11022",
"url": "https://bugzilla.suse.com/1190663"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:cacti-1.2.13-bp151.4.12.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:cacti-1.2.13-bp151.4.12.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-27T21:28:47Z",
"details": "moderate"
}
],
"title": "CVE-2020-11022"
},
{
"cve": "CVE-2020-11023",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11023"
}
],
"notes": [
{
"category": "general",
"text": "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing \u003coption\u003e elements from untrusted sources - even after sanitizing it - to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:cacti-1.2.13-bp151.4.12.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11023",
"url": "https://www.suse.com/security/cve/CVE-2020-11023"
},
{
"category": "external",
"summary": "SUSE Bug 1173090 for CVE-2020-11023",
"url": "https://bugzilla.suse.com/1173090"
},
{
"category": "external",
"summary": "SUSE Bug 1178434 for CVE-2020-11023",
"url": "https://bugzilla.suse.com/1178434"
},
{
"category": "external",
"summary": "SUSE Bug 1190660 for CVE-2020-11023",
"url": "https://bugzilla.suse.com/1190660"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:cacti-1.2.13-bp151.4.12.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:cacti-1.2.13-bp151.4.12.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-27T21:28:47Z",
"details": "moderate"
}
],
"title": "CVE-2020-11023"
},
{
"cve": "CVE-2020-13625",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13625"
}
],
"notes": [
{
"category": "general",
"text": "PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:cacti-1.2.13-bp151.4.12.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13625",
"url": "https://www.suse.com/security/cve/CVE-2020-13625"
},
{
"category": "external",
"summary": "SUSE Bug 1173090 for CVE-2020-13625",
"url": "https://bugzilla.suse.com/1173090"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:cacti-1.2.13-bp151.4.12.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:cacti-1.2.13-bp151.4.12.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-27T21:28:47Z",
"details": "important"
}
],
"title": "CVE-2020-13625"
},
{
"cve": "CVE-2020-14295",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14295"
}
],
"notes": [
{
"category": "general",
"text": "A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:cacti-1.2.13-bp151.4.12.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14295",
"url": "https://www.suse.com/security/cve/CVE-2020-14295"
},
{
"category": "external",
"summary": "SUSE Bug 1173090 for CVE-2020-14295",
"url": "https://bugzilla.suse.com/1173090"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:cacti-1.2.13-bp151.4.12.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:cacti-1.2.13-bp151.4.12.1.noarch",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.aarch64",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.ppc64le",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.s390x",
"SUSE Package Hub 15 SP1:cacti-spine-1.2.13-bp151.4.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-27T21:28:47Z",
"details": "important"
}
],
"title": "CVE-2020-14295"
}
]
}
OPENSUSE-SU-2020:1888-1
Vulnerability from csaf_opensuse - Published: 2020-11-09 19:24 - Updated: 2020-11-09 19:24Summary
Security update for otrs
Severity
Moderate
Notes
Title of the patch: Security update for otrs
Description of the patch: This update for otrs fixes the following issues:
- otrs was updated to 6.0.30 (OSA-2020-14 boo#1178434)
- CVE-2020-11022, CVE-2020-11023: Vulnerability in third-party library - jquery
OTRS uses jquery version 3.4.1, which is vulnerable to cross-site scripting
(XSS).
Patchnames: openSUSE-2020-1888
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.1 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:otrs-6.0.30-bp152.2.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:otrs-doc-6.0.30-bp152.2.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:otrs-itsm-6.0.30-bp152.2.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:otrs-6.0.30-bp152.2.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:otrs-doc-6.0.30-bp152.2.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:otrs-itsm-6.0.30-bp152.2.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:otrs-6.0.30-bp152.2.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:otrs-doc-6.0.30-bp152.2.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:otrs-itsm-6.0.30-bp152.2.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:otrs-6.0.30-bp152.2.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:otrs-doc-6.0.30-bp152.2.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:otrs-itsm-6.0.30-bp152.2.11.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:otrs-6.0.30-bp152.2.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:otrs-doc-6.0.30-bp152.2.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:otrs-itsm-6.0.30-bp152.2.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:otrs-6.0.30-bp152.2.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:otrs-doc-6.0.30-bp152.2.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:otrs-itsm-6.0.30-bp152.2.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:otrs-6.0.30-bp152.2.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:otrs-doc-6.0.30-bp152.2.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:otrs-itsm-6.0.30-bp152.2.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:otrs-6.0.30-bp152.2.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:otrs-doc-6.0.30-bp152.2.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:otrs-itsm-6.0.30-bp152.2.11.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
15 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for otrs",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for otrs fixes the following issues:\n\n- otrs was updated to 6.0.30 (OSA-2020-14 boo#1178434)\n - CVE-2020-11022, CVE-2020-11023: Vulnerability in third-party library - jquery\n OTRS uses jquery version 3.4.1, which is vulnerable to cross-site scripting \n (XSS).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-1888",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1888-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:1888-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Q4QSMZXUNVYKSR2VDCHWASQTIS4WW2JC/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:1888-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Q4QSMZXUNVYKSR2VDCHWASQTIS4WW2JC/"
},
{
"category": "self",
"summary": "SUSE Bug 1178434",
"url": "https://bugzilla.suse.com/1178434"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11022 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11022/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11023 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11023/"
}
],
"title": "Security update for otrs",
"tracking": {
"current_release_date": "2020-11-09T19:24:17Z",
"generator": {
"date": "2020-11-09T19:24:17Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:1888-1",
"initial_release_date": "2020-11-09T19:24:17Z",
"revision_history": [
{
"date": "2020-11-09T19:24:17Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "otrs-6.0.30-bp152.2.11.1.noarch",
"product": {
"name": "otrs-6.0.30-bp152.2.11.1.noarch",
"product_id": "otrs-6.0.30-bp152.2.11.1.noarch"
}
},
{
"category": "product_version",
"name": "otrs-doc-6.0.30-bp152.2.11.1.noarch",
"product": {
"name": "otrs-doc-6.0.30-bp152.2.11.1.noarch",
"product_id": "otrs-doc-6.0.30-bp152.2.11.1.noarch"
}
},
{
"category": "product_version",
"name": "otrs-itsm-6.0.30-bp152.2.11.1.noarch",
"product": {
"name": "otrs-itsm-6.0.30-bp152.2.11.1.noarch",
"product_id": "otrs-itsm-6.0.30-bp152.2.11.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP1",
"product": {
"name": "SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1"
}
},
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP2",
"product": {
"name": "SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "otrs-6.0.30-bp152.2.11.1.noarch as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:otrs-6.0.30-bp152.2.11.1.noarch"
},
"product_reference": "otrs-6.0.30-bp152.2.11.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "otrs-doc-6.0.30-bp152.2.11.1.noarch as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:otrs-doc-6.0.30-bp152.2.11.1.noarch"
},
"product_reference": "otrs-doc-6.0.30-bp152.2.11.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "otrs-itsm-6.0.30-bp152.2.11.1.noarch as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:otrs-itsm-6.0.30-bp152.2.11.1.noarch"
},
"product_reference": "otrs-itsm-6.0.30-bp152.2.11.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "otrs-6.0.30-bp152.2.11.1.noarch as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:otrs-6.0.30-bp152.2.11.1.noarch"
},
"product_reference": "otrs-6.0.30-bp152.2.11.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "otrs-doc-6.0.30-bp152.2.11.1.noarch as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:otrs-doc-6.0.30-bp152.2.11.1.noarch"
},
"product_reference": "otrs-doc-6.0.30-bp152.2.11.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "otrs-itsm-6.0.30-bp152.2.11.1.noarch as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:otrs-itsm-6.0.30-bp152.2.11.1.noarch"
},
"product_reference": "otrs-itsm-6.0.30-bp152.2.11.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "otrs-6.0.30-bp152.2.11.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:otrs-6.0.30-bp152.2.11.1.noarch"
},
"product_reference": "otrs-6.0.30-bp152.2.11.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "otrs-doc-6.0.30-bp152.2.11.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:otrs-doc-6.0.30-bp152.2.11.1.noarch"
},
"product_reference": "otrs-doc-6.0.30-bp152.2.11.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "otrs-itsm-6.0.30-bp152.2.11.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:otrs-itsm-6.0.30-bp152.2.11.1.noarch"
},
"product_reference": "otrs-itsm-6.0.30-bp152.2.11.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "otrs-6.0.30-bp152.2.11.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:otrs-6.0.30-bp152.2.11.1.noarch"
},
"product_reference": "otrs-6.0.30-bp152.2.11.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "otrs-doc-6.0.30-bp152.2.11.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:otrs-doc-6.0.30-bp152.2.11.1.noarch"
},
"product_reference": "otrs-doc-6.0.30-bp152.2.11.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "otrs-itsm-6.0.30-bp152.2.11.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:otrs-itsm-6.0.30-bp152.2.11.1.noarch"
},
"product_reference": "otrs-itsm-6.0.30-bp152.2.11.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-11022",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11022"
}
],
"notes": [
{
"category": "general",
"text": "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:otrs-6.0.30-bp152.2.11.1.noarch",
"SUSE Package Hub 15 SP1:otrs-doc-6.0.30-bp152.2.11.1.noarch",
"SUSE Package Hub 15 SP1:otrs-itsm-6.0.30-bp152.2.11.1.noarch",
"SUSE Package Hub 15 SP2:otrs-6.0.30-bp152.2.11.1.noarch",
"SUSE Package Hub 15 SP2:otrs-doc-6.0.30-bp152.2.11.1.noarch",
"SUSE Package Hub 15 SP2:otrs-itsm-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.1:otrs-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.1:otrs-doc-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.1:otrs-itsm-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.2:otrs-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.2:otrs-doc-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.2:otrs-itsm-6.0.30-bp152.2.11.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11022",
"url": "https://www.suse.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "SUSE Bug 1173090 for CVE-2020-11022",
"url": "https://bugzilla.suse.com/1173090"
},
{
"category": "external",
"summary": "SUSE Bug 1178434 for CVE-2020-11022",
"url": "https://bugzilla.suse.com/1178434"
},
{
"category": "external",
"summary": "SUSE Bug 1190663 for CVE-2020-11022",
"url": "https://bugzilla.suse.com/1190663"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:otrs-6.0.30-bp152.2.11.1.noarch",
"SUSE Package Hub 15 SP1:otrs-doc-6.0.30-bp152.2.11.1.noarch",
"SUSE Package Hub 15 SP1:otrs-itsm-6.0.30-bp152.2.11.1.noarch",
"SUSE Package Hub 15 SP2:otrs-6.0.30-bp152.2.11.1.noarch",
"SUSE Package Hub 15 SP2:otrs-doc-6.0.30-bp152.2.11.1.noarch",
"SUSE Package Hub 15 SP2:otrs-itsm-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.1:otrs-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.1:otrs-doc-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.1:otrs-itsm-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.2:otrs-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.2:otrs-doc-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.2:otrs-itsm-6.0.30-bp152.2.11.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:otrs-6.0.30-bp152.2.11.1.noarch",
"SUSE Package Hub 15 SP1:otrs-doc-6.0.30-bp152.2.11.1.noarch",
"SUSE Package Hub 15 SP1:otrs-itsm-6.0.30-bp152.2.11.1.noarch",
"SUSE Package Hub 15 SP2:otrs-6.0.30-bp152.2.11.1.noarch",
"SUSE Package Hub 15 SP2:otrs-doc-6.0.30-bp152.2.11.1.noarch",
"SUSE Package Hub 15 SP2:otrs-itsm-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.1:otrs-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.1:otrs-doc-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.1:otrs-itsm-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.2:otrs-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.2:otrs-doc-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.2:otrs-itsm-6.0.30-bp152.2.11.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T19:24:17Z",
"details": "moderate"
}
],
"title": "CVE-2020-11022"
},
{
"cve": "CVE-2020-11023",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11023"
}
],
"notes": [
{
"category": "general",
"text": "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing \u003coption\u003e elements from untrusted sources - even after sanitizing it - to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:otrs-6.0.30-bp152.2.11.1.noarch",
"SUSE Package Hub 15 SP1:otrs-doc-6.0.30-bp152.2.11.1.noarch",
"SUSE Package Hub 15 SP1:otrs-itsm-6.0.30-bp152.2.11.1.noarch",
"SUSE Package Hub 15 SP2:otrs-6.0.30-bp152.2.11.1.noarch",
"SUSE Package Hub 15 SP2:otrs-doc-6.0.30-bp152.2.11.1.noarch",
"SUSE Package Hub 15 SP2:otrs-itsm-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.1:otrs-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.1:otrs-doc-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.1:otrs-itsm-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.2:otrs-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.2:otrs-doc-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.2:otrs-itsm-6.0.30-bp152.2.11.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11023",
"url": "https://www.suse.com/security/cve/CVE-2020-11023"
},
{
"category": "external",
"summary": "SUSE Bug 1173090 for CVE-2020-11023",
"url": "https://bugzilla.suse.com/1173090"
},
{
"category": "external",
"summary": "SUSE Bug 1178434 for CVE-2020-11023",
"url": "https://bugzilla.suse.com/1178434"
},
{
"category": "external",
"summary": "SUSE Bug 1190660 for CVE-2020-11023",
"url": "https://bugzilla.suse.com/1190660"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:otrs-6.0.30-bp152.2.11.1.noarch",
"SUSE Package Hub 15 SP1:otrs-doc-6.0.30-bp152.2.11.1.noarch",
"SUSE Package Hub 15 SP1:otrs-itsm-6.0.30-bp152.2.11.1.noarch",
"SUSE Package Hub 15 SP2:otrs-6.0.30-bp152.2.11.1.noarch",
"SUSE Package Hub 15 SP2:otrs-doc-6.0.30-bp152.2.11.1.noarch",
"SUSE Package Hub 15 SP2:otrs-itsm-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.1:otrs-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.1:otrs-doc-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.1:otrs-itsm-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.2:otrs-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.2:otrs-doc-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.2:otrs-itsm-6.0.30-bp152.2.11.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:otrs-6.0.30-bp152.2.11.1.noarch",
"SUSE Package Hub 15 SP1:otrs-doc-6.0.30-bp152.2.11.1.noarch",
"SUSE Package Hub 15 SP1:otrs-itsm-6.0.30-bp152.2.11.1.noarch",
"SUSE Package Hub 15 SP2:otrs-6.0.30-bp152.2.11.1.noarch",
"SUSE Package Hub 15 SP2:otrs-doc-6.0.30-bp152.2.11.1.noarch",
"SUSE Package Hub 15 SP2:otrs-itsm-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.1:otrs-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.1:otrs-doc-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.1:otrs-itsm-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.2:otrs-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.2:otrs-doc-6.0.30-bp152.2.11.1.noarch",
"openSUSE Leap 15.2:otrs-itsm-6.0.30-bp152.2.11.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T19:24:17Z",
"details": "moderate"
}
],
"title": "CVE-2020-11023"
}
]
}
RHBA-2025:1079
Vulnerability from csaf_redhat - Published: 2025-02-24 03:42 - Updated: 2026-05-25 14:23Summary
Red Hat Bug Fix Advisory: Red Hat Quay v3.13.4 bug fix release
Severity
Moderate
Notes
Topic: Red Hat Quay 3.13.4 is now available with bug fixes.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Quay 3.13.4
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in jQuery. HTML containing \<option\> elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.
6.1 (Medium)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:0204fd4290da6989e8b28b57e99f4f92466b1f60b77b00347850f3b8c176d524_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:1341e9d89f30bb9e12e43563078c4fb7ef1319b00958f4d22985e0cbb519d50c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2966a2534f8c4613495d73cd864f92c9d94ec173c57d955708f37e888fac23f6_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:8c2d03c9b14aa2d9bbcffade943c94237523f52ddce814caaf6b0578aae6b1ab_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:97beaa8ac6dc90529ded16c9dcf9c3362d42efaa95d84ed50b7be9dd59a9e578_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:b44cb8d8e099f31ee358f19574d54b449086ab1617c03cb41616dbd6e11994c5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:1fa7b9904402ac996d9534351e784a25f27f08fc1e089a44c85d47431f368012_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8f3941a45070ffdf9a9d6c12588bf4c33346fb600333dddb719ee0e435210a68_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:db7c6a49d4150957f0cfb10ce3902722d7d901f41962bf4b960fb7ddf93a9a98_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:8338e1d9da6ebcfa8ac9e93709d44d2c6b3052cec3c1c316d6c50fc85a73f1cb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:b14253a941535ea6b1a6fd060b3482f74dda955cd0afa1d86421ae6b2e1ff3d9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:d45694397744073aaeb9e79e381b3dc3c13f163adf58cc16cfddebe033db80e2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:7f9c67dbaa841f3a96c70e020f341141f046955b575cff3f9070a45eefddf12f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:a27c1809b007085e59e8b9e15ec5fc55b5cfbdfcc23f5bba8ccf9ebd12a29562_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:c2e2addc62e0627fc82915fd59081a03773caae50c682f9169f9dcf131ae16e5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:77a5960828a06b16f9ac13e70778b6d0b310a9087b793a05c95bd57474b77238_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:af4f196e63cc1e47a081d9f9f70f41b91983d86bdf1a4d5a0b9f2d8e573e2d5f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:b5f8b35092db7d025a90613f3da0f7a72529181de54a08d7447bac24cb1e546d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:44c2dd325e8f0ca3e6bc60566a573c70a7b6a086aaa7c34c059bb527e5b1d926_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:468820f558c151257ef219a0a38a21436817f6393767b22617dfc8a0f3276f7c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:f08bbd7efc1137c3a3ff6f38488574b2a63c88f9071344eee43f5789babd2e1d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:551ae88034a4ccd9051fd8e4c4ad26b3fc3b91a9794cd1d08bd8758eba4e7121_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:6cc8cf175183a488c50d0f2bb2aff91180d70722ea6cf39967e53092adac69ff_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:d449ed97c243dcc9fa61b8e4fa818f108017c03da9ced0520ac356eee7e669c4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:647fcb8dd13bd96aac49f07e5535b369347665bf53a0a9491245ec2f8c531935_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:6ebb2498e2e9d70852e258739b8676d9928c68049c93318f2178eebac38b0ba5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7c6d2001422a4a1e76aabc0d8f71e9fbe896bcbe22c55d3c3a6d6eb738065553_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:26f0ef7faca0671bfac32eea1a1b0036df90c9c41bbf49a7efab6c633a928091_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:906688d8356f1931370d1f864b88ba53a6755a9c82de6134846907ad0bae48e4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:c66007a0049286bdd251715f40d13ea331c6778f3a089749746be26dc7dba334_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Moderate
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.13.4 is now available with bug fixes.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.13.4",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2025:1079",
"url": "https://access.redhat.com/errata/RHBA-2025:1079"
},
{
"category": "external",
"summary": "PROJQUAY-8577",
"url": "https://issues.redhat.com/browse/PROJQUAY-8577"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhba-2025_1079.json"
}
],
"title": "Red Hat Bug Fix Advisory: Red Hat Quay v3.13.4 bug fix release",
"tracking": {
"current_release_date": "2026-05-25T14:23:35+00:00",
"generator": {
"date": "2026-05-25T14:23:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHBA-2025:1079",
"initial_release_date": "2025-02-24T03:42:46+00:00",
"revision_history": [
{
"date": "2025-02-24T03:42:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-24T03:42:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-25T14:23:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Quay v3",
"product": {
"name": "Quay v3",
"product_id": "8Base-Quay-3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "quay/quay-bridge-operator-bundle@sha256:8c2d03c9b14aa2d9bbcffade943c94237523f52ddce814caaf6b0578aae6b1ab_amd64",
"product": {
"name": "quay/quay-bridge-operator-bundle@sha256:8c2d03c9b14aa2d9bbcffade943c94237523f52ddce814caaf6b0578aae6b1ab_amd64",
"product_id": "quay/quay-bridge-operator-bundle@sha256:8c2d03c9b14aa2d9bbcffade943c94237523f52ddce814caaf6b0578aae6b1ab_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256:8c2d03c9b14aa2d9bbcffade943c94237523f52ddce814caaf6b0578aae6b1ab?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-bundle\u0026tag=v3.13.4-2"
}
}
},
{
"category": "product_version",
"name": "quay/quay-bridge-operator-rhel8@sha256:8f3941a45070ffdf9a9d6c12588bf4c33346fb600333dddb719ee0e435210a68_amd64",
"product": {
"name": "quay/quay-bridge-operator-rhel8@sha256:8f3941a45070ffdf9a9d6c12588bf4c33346fb600333dddb719ee0e435210a68_amd64",
"product_id": "quay/quay-bridge-operator-rhel8@sha256:8f3941a45070ffdf9a9d6c12588bf4c33346fb600333dddb719ee0e435210a68_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256:8f3941a45070ffdf9a9d6c12588bf4c33346fb600333dddb719ee0e435210a68?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=v3.13.4-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-builder-rhel8@sha256:7f9c67dbaa841f3a96c70e020f341141f046955b575cff3f9070a45eefddf12f_amd64",
"product": {
"name": "quay/quay-builder-rhel8@sha256:7f9c67dbaa841f3a96c70e020f341141f046955b575cff3f9070a45eefddf12f_amd64",
"product_id": "quay/quay-builder-rhel8@sha256:7f9c67dbaa841f3a96c70e020f341141f046955b575cff3f9070a45eefddf12f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256:7f9c67dbaa841f3a96c70e020f341141f046955b575cff3f9070a45eefddf12f?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=v3.13.4-2"
}
}
},
{
"category": "product_version",
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:d45694397744073aaeb9e79e381b3dc3c13f163adf58cc16cfddebe033db80e2_amd64",
"product": {
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:d45694397744073aaeb9e79e381b3dc3c13f163adf58cc16cfddebe033db80e2_amd64",
"product_id": "quay/quay-builder-qemu-rhcos-rhel8@sha256:d45694397744073aaeb9e79e381b3dc3c13f163adf58cc16cfddebe033db80e2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256:d45694397744073aaeb9e79e381b3dc3c13f163adf58cc16cfddebe033db80e2?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=v3.13.4-1"
}
}
},
{
"category": "product_version",
"name": "quay/clair-rhel8@sha256:0204fd4290da6989e8b28b57e99f4f92466b1f60b77b00347850f3b8c176d524_amd64",
"product": {
"name": "quay/clair-rhel8@sha256:0204fd4290da6989e8b28b57e99f4f92466b1f60b77b00347850f3b8c176d524_amd64",
"product_id": "quay/clair-rhel8@sha256:0204fd4290da6989e8b28b57e99f4f92466b1f60b77b00347850f3b8c176d524_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256:0204fd4290da6989e8b28b57e99f4f92466b1f60b77b00347850f3b8c176d524?arch=amd64\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=v3.13.4-2"
}
}
},
{
"category": "product_version",
"name": "quay/quay-container-security-operator-bundle@sha256:af4f196e63cc1e47a081d9f9f70f41b91983d86bdf1a4d5a0b9f2d8e573e2d5f_amd64",
"product": {
"name": "quay/quay-container-security-operator-bundle@sha256:af4f196e63cc1e47a081d9f9f70f41b91983d86bdf1a4d5a0b9f2d8e573e2d5f_amd64",
"product_id": "quay/quay-container-security-operator-bundle@sha256:af4f196e63cc1e47a081d9f9f70f41b91983d86bdf1a4d5a0b9f2d8e573e2d5f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256:af4f196e63cc1e47a081d9f9f70f41b91983d86bdf1a4d5a0b9f2d8e573e2d5f?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=v3.13.4-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-container-security-operator-rhel8@sha256:468820f558c151257ef219a0a38a21436817f6393767b22617dfc8a0f3276f7c_amd64",
"product": {
"name": "quay/quay-container-security-operator-rhel8@sha256:468820f558c151257ef219a0a38a21436817f6393767b22617dfc8a0f3276f7c_amd64",
"product_id": "quay/quay-container-security-operator-rhel8@sha256:468820f558c151257ef219a0a38a21436817f6393767b22617dfc8a0f3276f7c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256:468820f558c151257ef219a0a38a21436817f6393767b22617dfc8a0f3276f7c?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=v3.13.4-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-operator-bundle@sha256:6cc8cf175183a488c50d0f2bb2aff91180d70722ea6cf39967e53092adac69ff_amd64",
"product": {
"name": "quay/quay-operator-bundle@sha256:6cc8cf175183a488c50d0f2bb2aff91180d70722ea6cf39967e53092adac69ff_amd64",
"product_id": "quay/quay-operator-bundle@sha256:6cc8cf175183a488c50d0f2bb2aff91180d70722ea6cf39967e53092adac69ff_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256:6cc8cf175183a488c50d0f2bb2aff91180d70722ea6cf39967e53092adac69ff?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=v3.13.4-9"
}
}
},
{
"category": "product_version",
"name": "quay/quay-operator-rhel8@sha256:6ebb2498e2e9d70852e258739b8676d9928c68049c93318f2178eebac38b0ba5_amd64",
"product": {
"name": "quay/quay-operator-rhel8@sha256:6ebb2498e2e9d70852e258739b8676d9928c68049c93318f2178eebac38b0ba5_amd64",
"product_id": "quay/quay-operator-rhel8@sha256:6ebb2498e2e9d70852e258739b8676d9928c68049c93318f2178eebac38b0ba5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256:6ebb2498e2e9d70852e258739b8676d9928c68049c93318f2178eebac38b0ba5?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=v3.13.4-3"
}
}
},
{
"category": "product_version",
"name": "quay/quay-rhel8@sha256:906688d8356f1931370d1f864b88ba53a6755a9c82de6134846907ad0bae48e4_amd64",
"product": {
"name": "quay/quay-rhel8@sha256:906688d8356f1931370d1f864b88ba53a6755a9c82de6134846907ad0bae48e4_amd64",
"product_id": "quay/quay-rhel8@sha256:906688d8356f1931370d1f864b88ba53a6755a9c82de6134846907ad0bae48e4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256:906688d8356f1931370d1f864b88ba53a6755a9c82de6134846907ad0bae48e4?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=v3.13.4-6"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "quay/quay-bridge-operator-bundle@sha256:97beaa8ac6dc90529ded16c9dcf9c3362d42efaa95d84ed50b7be9dd59a9e578_ppc64le",
"product": {
"name": "quay/quay-bridge-operator-bundle@sha256:97beaa8ac6dc90529ded16c9dcf9c3362d42efaa95d84ed50b7be9dd59a9e578_ppc64le",
"product_id": "quay/quay-bridge-operator-bundle@sha256:97beaa8ac6dc90529ded16c9dcf9c3362d42efaa95d84ed50b7be9dd59a9e578_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256:97beaa8ac6dc90529ded16c9dcf9c3362d42efaa95d84ed50b7be9dd59a9e578?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-bundle\u0026tag=v3.13.4-2"
}
}
},
{
"category": "product_version",
"name": "quay/quay-bridge-operator-rhel8@sha256:db7c6a49d4150957f0cfb10ce3902722d7d901f41962bf4b960fb7ddf93a9a98_ppc64le",
"product": {
"name": "quay/quay-bridge-operator-rhel8@sha256:db7c6a49d4150957f0cfb10ce3902722d7d901f41962bf4b960fb7ddf93a9a98_ppc64le",
"product_id": "quay/quay-bridge-operator-rhel8@sha256:db7c6a49d4150957f0cfb10ce3902722d7d901f41962bf4b960fb7ddf93a9a98_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256:db7c6a49d4150957f0cfb10ce3902722d7d901f41962bf4b960fb7ddf93a9a98?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=v3.13.4-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-builder-rhel8@sha256:a27c1809b007085e59e8b9e15ec5fc55b5cfbdfcc23f5bba8ccf9ebd12a29562_ppc64le",
"product": {
"name": "quay/quay-builder-rhel8@sha256:a27c1809b007085e59e8b9e15ec5fc55b5cfbdfcc23f5bba8ccf9ebd12a29562_ppc64le",
"product_id": "quay/quay-builder-rhel8@sha256:a27c1809b007085e59e8b9e15ec5fc55b5cfbdfcc23f5bba8ccf9ebd12a29562_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256:a27c1809b007085e59e8b9e15ec5fc55b5cfbdfcc23f5bba8ccf9ebd12a29562?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=v3.13.4-2"
}
}
},
{
"category": "product_version",
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:8338e1d9da6ebcfa8ac9e93709d44d2c6b3052cec3c1c316d6c50fc85a73f1cb_ppc64le",
"product": {
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:8338e1d9da6ebcfa8ac9e93709d44d2c6b3052cec3c1c316d6c50fc85a73f1cb_ppc64le",
"product_id": "quay/quay-builder-qemu-rhcos-rhel8@sha256:8338e1d9da6ebcfa8ac9e93709d44d2c6b3052cec3c1c316d6c50fc85a73f1cb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256:8338e1d9da6ebcfa8ac9e93709d44d2c6b3052cec3c1c316d6c50fc85a73f1cb?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=v3.13.4-1"
}
}
},
{
"category": "product_version",
"name": "quay/clair-rhel8@sha256:2966a2534f8c4613495d73cd864f92c9d94ec173c57d955708f37e888fac23f6_ppc64le",
"product": {
"name": "quay/clair-rhel8@sha256:2966a2534f8c4613495d73cd864f92c9d94ec173c57d955708f37e888fac23f6_ppc64le",
"product_id": "quay/clair-rhel8@sha256:2966a2534f8c4613495d73cd864f92c9d94ec173c57d955708f37e888fac23f6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256:2966a2534f8c4613495d73cd864f92c9d94ec173c57d955708f37e888fac23f6?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=v3.13.4-2"
}
}
},
{
"category": "product_version",
"name": "quay/quay-container-security-operator-bundle@sha256:77a5960828a06b16f9ac13e70778b6d0b310a9087b793a05c95bd57474b77238_ppc64le",
"product": {
"name": "quay/quay-container-security-operator-bundle@sha256:77a5960828a06b16f9ac13e70778b6d0b310a9087b793a05c95bd57474b77238_ppc64le",
"product_id": "quay/quay-container-security-operator-bundle@sha256:77a5960828a06b16f9ac13e70778b6d0b310a9087b793a05c95bd57474b77238_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256:77a5960828a06b16f9ac13e70778b6d0b310a9087b793a05c95bd57474b77238?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=v3.13.4-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-container-security-operator-rhel8@sha256:44c2dd325e8f0ca3e6bc60566a573c70a7b6a086aaa7c34c059bb527e5b1d926_ppc64le",
"product": {
"name": "quay/quay-container-security-operator-rhel8@sha256:44c2dd325e8f0ca3e6bc60566a573c70a7b6a086aaa7c34c059bb527e5b1d926_ppc64le",
"product_id": "quay/quay-container-security-operator-rhel8@sha256:44c2dd325e8f0ca3e6bc60566a573c70a7b6a086aaa7c34c059bb527e5b1d926_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256:44c2dd325e8f0ca3e6bc60566a573c70a7b6a086aaa7c34c059bb527e5b1d926?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=v3.13.4-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-operator-bundle@sha256:551ae88034a4ccd9051fd8e4c4ad26b3fc3b91a9794cd1d08bd8758eba4e7121_ppc64le",
"product": {
"name": "quay/quay-operator-bundle@sha256:551ae88034a4ccd9051fd8e4c4ad26b3fc3b91a9794cd1d08bd8758eba4e7121_ppc64le",
"product_id": "quay/quay-operator-bundle@sha256:551ae88034a4ccd9051fd8e4c4ad26b3fc3b91a9794cd1d08bd8758eba4e7121_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256:551ae88034a4ccd9051fd8e4c4ad26b3fc3b91a9794cd1d08bd8758eba4e7121?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=v3.13.4-9"
}
}
},
{
"category": "product_version",
"name": "quay/quay-operator-rhel8@sha256:647fcb8dd13bd96aac49f07e5535b369347665bf53a0a9491245ec2f8c531935_ppc64le",
"product": {
"name": "quay/quay-operator-rhel8@sha256:647fcb8dd13bd96aac49f07e5535b369347665bf53a0a9491245ec2f8c531935_ppc64le",
"product_id": "quay/quay-operator-rhel8@sha256:647fcb8dd13bd96aac49f07e5535b369347665bf53a0a9491245ec2f8c531935_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256:647fcb8dd13bd96aac49f07e5535b369347665bf53a0a9491245ec2f8c531935?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=v3.13.4-3"
}
}
},
{
"category": "product_version",
"name": "quay/quay-rhel8@sha256:c66007a0049286bdd251715f40d13ea331c6778f3a089749746be26dc7dba334_ppc64le",
"product": {
"name": "quay/quay-rhel8@sha256:c66007a0049286bdd251715f40d13ea331c6778f3a089749746be26dc7dba334_ppc64le",
"product_id": "quay/quay-rhel8@sha256:c66007a0049286bdd251715f40d13ea331c6778f3a089749746be26dc7dba334_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256:c66007a0049286bdd251715f40d13ea331c6778f3a089749746be26dc7dba334?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=v3.13.4-6"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "quay/quay-bridge-operator-bundle@sha256:b44cb8d8e099f31ee358f19574d54b449086ab1617c03cb41616dbd6e11994c5_s390x",
"product": {
"name": "quay/quay-bridge-operator-bundle@sha256:b44cb8d8e099f31ee358f19574d54b449086ab1617c03cb41616dbd6e11994c5_s390x",
"product_id": "quay/quay-bridge-operator-bundle@sha256:b44cb8d8e099f31ee358f19574d54b449086ab1617c03cb41616dbd6e11994c5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256:b44cb8d8e099f31ee358f19574d54b449086ab1617c03cb41616dbd6e11994c5?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-bundle\u0026tag=v3.13.4-2"
}
}
},
{
"category": "product_version",
"name": "quay/quay-bridge-operator-rhel8@sha256:1fa7b9904402ac996d9534351e784a25f27f08fc1e089a44c85d47431f368012_s390x",
"product": {
"name": "quay/quay-bridge-operator-rhel8@sha256:1fa7b9904402ac996d9534351e784a25f27f08fc1e089a44c85d47431f368012_s390x",
"product_id": "quay/quay-bridge-operator-rhel8@sha256:1fa7b9904402ac996d9534351e784a25f27f08fc1e089a44c85d47431f368012_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256:1fa7b9904402ac996d9534351e784a25f27f08fc1e089a44c85d47431f368012?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=v3.13.4-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-builder-rhel8@sha256:c2e2addc62e0627fc82915fd59081a03773caae50c682f9169f9dcf131ae16e5_s390x",
"product": {
"name": "quay/quay-builder-rhel8@sha256:c2e2addc62e0627fc82915fd59081a03773caae50c682f9169f9dcf131ae16e5_s390x",
"product_id": "quay/quay-builder-rhel8@sha256:c2e2addc62e0627fc82915fd59081a03773caae50c682f9169f9dcf131ae16e5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256:c2e2addc62e0627fc82915fd59081a03773caae50c682f9169f9dcf131ae16e5?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=v3.13.4-2"
}
}
},
{
"category": "product_version",
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:b14253a941535ea6b1a6fd060b3482f74dda955cd0afa1d86421ae6b2e1ff3d9_s390x",
"product": {
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:b14253a941535ea6b1a6fd060b3482f74dda955cd0afa1d86421ae6b2e1ff3d9_s390x",
"product_id": "quay/quay-builder-qemu-rhcos-rhel8@sha256:b14253a941535ea6b1a6fd060b3482f74dda955cd0afa1d86421ae6b2e1ff3d9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256:b14253a941535ea6b1a6fd060b3482f74dda955cd0afa1d86421ae6b2e1ff3d9?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=v3.13.4-1"
}
}
},
{
"category": "product_version",
"name": "quay/clair-rhel8@sha256:1341e9d89f30bb9e12e43563078c4fb7ef1319b00958f4d22985e0cbb519d50c_s390x",
"product": {
"name": "quay/clair-rhel8@sha256:1341e9d89f30bb9e12e43563078c4fb7ef1319b00958f4d22985e0cbb519d50c_s390x",
"product_id": "quay/clair-rhel8@sha256:1341e9d89f30bb9e12e43563078c4fb7ef1319b00958f4d22985e0cbb519d50c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256:1341e9d89f30bb9e12e43563078c4fb7ef1319b00958f4d22985e0cbb519d50c?arch=s390x\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=v3.13.4-2"
}
}
},
{
"category": "product_version",
"name": "quay/quay-container-security-operator-bundle@sha256:b5f8b35092db7d025a90613f3da0f7a72529181de54a08d7447bac24cb1e546d_s390x",
"product": {
"name": "quay/quay-container-security-operator-bundle@sha256:b5f8b35092db7d025a90613f3da0f7a72529181de54a08d7447bac24cb1e546d_s390x",
"product_id": "quay/quay-container-security-operator-bundle@sha256:b5f8b35092db7d025a90613f3da0f7a72529181de54a08d7447bac24cb1e546d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256:b5f8b35092db7d025a90613f3da0f7a72529181de54a08d7447bac24cb1e546d?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=v3.13.4-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-container-security-operator-rhel8@sha256:f08bbd7efc1137c3a3ff6f38488574b2a63c88f9071344eee43f5789babd2e1d_s390x",
"product": {
"name": "quay/quay-container-security-operator-rhel8@sha256:f08bbd7efc1137c3a3ff6f38488574b2a63c88f9071344eee43f5789babd2e1d_s390x",
"product_id": "quay/quay-container-security-operator-rhel8@sha256:f08bbd7efc1137c3a3ff6f38488574b2a63c88f9071344eee43f5789babd2e1d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256:f08bbd7efc1137c3a3ff6f38488574b2a63c88f9071344eee43f5789babd2e1d?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=v3.13.4-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-operator-bundle@sha256:d449ed97c243dcc9fa61b8e4fa818f108017c03da9ced0520ac356eee7e669c4_s390x",
"product": {
"name": "quay/quay-operator-bundle@sha256:d449ed97c243dcc9fa61b8e4fa818f108017c03da9ced0520ac356eee7e669c4_s390x",
"product_id": "quay/quay-operator-bundle@sha256:d449ed97c243dcc9fa61b8e4fa818f108017c03da9ced0520ac356eee7e669c4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256:d449ed97c243dcc9fa61b8e4fa818f108017c03da9ced0520ac356eee7e669c4?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=v3.13.4-9"
}
}
},
{
"category": "product_version",
"name": "quay/quay-operator-rhel8@sha256:7c6d2001422a4a1e76aabc0d8f71e9fbe896bcbe22c55d3c3a6d6eb738065553_s390x",
"product": {
"name": "quay/quay-operator-rhel8@sha256:7c6d2001422a4a1e76aabc0d8f71e9fbe896bcbe22c55d3c3a6d6eb738065553_s390x",
"product_id": "quay/quay-operator-rhel8@sha256:7c6d2001422a4a1e76aabc0d8f71e9fbe896bcbe22c55d3c3a6d6eb738065553_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256:7c6d2001422a4a1e76aabc0d8f71e9fbe896bcbe22c55d3c3a6d6eb738065553?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=v3.13.4-3"
}
}
},
{
"category": "product_version",
"name": "quay/quay-rhel8@sha256:26f0ef7faca0671bfac32eea1a1b0036df90c9c41bbf49a7efab6c633a928091_s390x",
"product": {
"name": "quay/quay-rhel8@sha256:26f0ef7faca0671bfac32eea1a1b0036df90c9c41bbf49a7efab6c633a928091_s390x",
"product_id": "quay/quay-rhel8@sha256:26f0ef7faca0671bfac32eea1a1b0036df90c9c41bbf49a7efab6c633a928091_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256:26f0ef7faca0671bfac32eea1a1b0036df90c9c41bbf49a7efab6c633a928091?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=v3.13.4-6"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/clair-rhel8@sha256:0204fd4290da6989e8b28b57e99f4f92466b1f60b77b00347850f3b8c176d524_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/clair-rhel8@sha256:0204fd4290da6989e8b28b57e99f4f92466b1f60b77b00347850f3b8c176d524_amd64"
},
"product_reference": "quay/clair-rhel8@sha256:0204fd4290da6989e8b28b57e99f4f92466b1f60b77b00347850f3b8c176d524_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/clair-rhel8@sha256:1341e9d89f30bb9e12e43563078c4fb7ef1319b00958f4d22985e0cbb519d50c_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/clair-rhel8@sha256:1341e9d89f30bb9e12e43563078c4fb7ef1319b00958f4d22985e0cbb519d50c_s390x"
},
"product_reference": "quay/clair-rhel8@sha256:1341e9d89f30bb9e12e43563078c4fb7ef1319b00958f4d22985e0cbb519d50c_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/clair-rhel8@sha256:2966a2534f8c4613495d73cd864f92c9d94ec173c57d955708f37e888fac23f6_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/clair-rhel8@sha256:2966a2534f8c4613495d73cd864f92c9d94ec173c57d955708f37e888fac23f6_ppc64le"
},
"product_reference": "quay/clair-rhel8@sha256:2966a2534f8c4613495d73cd864f92c9d94ec173c57d955708f37e888fac23f6_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-bridge-operator-bundle@sha256:8c2d03c9b14aa2d9bbcffade943c94237523f52ddce814caaf6b0578aae6b1ab_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:8c2d03c9b14aa2d9bbcffade943c94237523f52ddce814caaf6b0578aae6b1ab_amd64"
},
"product_reference": "quay/quay-bridge-operator-bundle@sha256:8c2d03c9b14aa2d9bbcffade943c94237523f52ddce814caaf6b0578aae6b1ab_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-bridge-operator-bundle@sha256:97beaa8ac6dc90529ded16c9dcf9c3362d42efaa95d84ed50b7be9dd59a9e578_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:97beaa8ac6dc90529ded16c9dcf9c3362d42efaa95d84ed50b7be9dd59a9e578_ppc64le"
},
"product_reference": "quay/quay-bridge-operator-bundle@sha256:97beaa8ac6dc90529ded16c9dcf9c3362d42efaa95d84ed50b7be9dd59a9e578_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-bridge-operator-bundle@sha256:b44cb8d8e099f31ee358f19574d54b449086ab1617c03cb41616dbd6e11994c5_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:b44cb8d8e099f31ee358f19574d54b449086ab1617c03cb41616dbd6e11994c5_s390x"
},
"product_reference": "quay/quay-bridge-operator-bundle@sha256:b44cb8d8e099f31ee358f19574d54b449086ab1617c03cb41616dbd6e11994c5_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-bridge-operator-rhel8@sha256:1fa7b9904402ac996d9534351e784a25f27f08fc1e089a44c85d47431f368012_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:1fa7b9904402ac996d9534351e784a25f27f08fc1e089a44c85d47431f368012_s390x"
},
"product_reference": "quay/quay-bridge-operator-rhel8@sha256:1fa7b9904402ac996d9534351e784a25f27f08fc1e089a44c85d47431f368012_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-bridge-operator-rhel8@sha256:8f3941a45070ffdf9a9d6c12588bf4c33346fb600333dddb719ee0e435210a68_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8f3941a45070ffdf9a9d6c12588bf4c33346fb600333dddb719ee0e435210a68_amd64"
},
"product_reference": "quay/quay-bridge-operator-rhel8@sha256:8f3941a45070ffdf9a9d6c12588bf4c33346fb600333dddb719ee0e435210a68_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-bridge-operator-rhel8@sha256:db7c6a49d4150957f0cfb10ce3902722d7d901f41962bf4b960fb7ddf93a9a98_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:db7c6a49d4150957f0cfb10ce3902722d7d901f41962bf4b960fb7ddf93a9a98_ppc64le"
},
"product_reference": "quay/quay-bridge-operator-rhel8@sha256:db7c6a49d4150957f0cfb10ce3902722d7d901f41962bf4b960fb7ddf93a9a98_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:8338e1d9da6ebcfa8ac9e93709d44d2c6b3052cec3c1c316d6c50fc85a73f1cb_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:8338e1d9da6ebcfa8ac9e93709d44d2c6b3052cec3c1c316d6c50fc85a73f1cb_ppc64le"
},
"product_reference": "quay/quay-builder-qemu-rhcos-rhel8@sha256:8338e1d9da6ebcfa8ac9e93709d44d2c6b3052cec3c1c316d6c50fc85a73f1cb_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:b14253a941535ea6b1a6fd060b3482f74dda955cd0afa1d86421ae6b2e1ff3d9_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:b14253a941535ea6b1a6fd060b3482f74dda955cd0afa1d86421ae6b2e1ff3d9_s390x"
},
"product_reference": "quay/quay-builder-qemu-rhcos-rhel8@sha256:b14253a941535ea6b1a6fd060b3482f74dda955cd0afa1d86421ae6b2e1ff3d9_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:d45694397744073aaeb9e79e381b3dc3c13f163adf58cc16cfddebe033db80e2_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:d45694397744073aaeb9e79e381b3dc3c13f163adf58cc16cfddebe033db80e2_amd64"
},
"product_reference": "quay/quay-builder-qemu-rhcos-rhel8@sha256:d45694397744073aaeb9e79e381b3dc3c13f163adf58cc16cfddebe033db80e2_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-builder-rhel8@sha256:7f9c67dbaa841f3a96c70e020f341141f046955b575cff3f9070a45eefddf12f_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-builder-rhel8@sha256:7f9c67dbaa841f3a96c70e020f341141f046955b575cff3f9070a45eefddf12f_amd64"
},
"product_reference": "quay/quay-builder-rhel8@sha256:7f9c67dbaa841f3a96c70e020f341141f046955b575cff3f9070a45eefddf12f_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-builder-rhel8@sha256:a27c1809b007085e59e8b9e15ec5fc55b5cfbdfcc23f5bba8ccf9ebd12a29562_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-builder-rhel8@sha256:a27c1809b007085e59e8b9e15ec5fc55b5cfbdfcc23f5bba8ccf9ebd12a29562_ppc64le"
},
"product_reference": "quay/quay-builder-rhel8@sha256:a27c1809b007085e59e8b9e15ec5fc55b5cfbdfcc23f5bba8ccf9ebd12a29562_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-builder-rhel8@sha256:c2e2addc62e0627fc82915fd59081a03773caae50c682f9169f9dcf131ae16e5_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-builder-rhel8@sha256:c2e2addc62e0627fc82915fd59081a03773caae50c682f9169f9dcf131ae16e5_s390x"
},
"product_reference": "quay/quay-builder-rhel8@sha256:c2e2addc62e0627fc82915fd59081a03773caae50c682f9169f9dcf131ae16e5_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-container-security-operator-bundle@sha256:77a5960828a06b16f9ac13e70778b6d0b310a9087b793a05c95bd57474b77238_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:77a5960828a06b16f9ac13e70778b6d0b310a9087b793a05c95bd57474b77238_ppc64le"
},
"product_reference": "quay/quay-container-security-operator-bundle@sha256:77a5960828a06b16f9ac13e70778b6d0b310a9087b793a05c95bd57474b77238_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-container-security-operator-bundle@sha256:af4f196e63cc1e47a081d9f9f70f41b91983d86bdf1a4d5a0b9f2d8e573e2d5f_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:af4f196e63cc1e47a081d9f9f70f41b91983d86bdf1a4d5a0b9f2d8e573e2d5f_amd64"
},
"product_reference": "quay/quay-container-security-operator-bundle@sha256:af4f196e63cc1e47a081d9f9f70f41b91983d86bdf1a4d5a0b9f2d8e573e2d5f_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-container-security-operator-bundle@sha256:b5f8b35092db7d025a90613f3da0f7a72529181de54a08d7447bac24cb1e546d_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:b5f8b35092db7d025a90613f3da0f7a72529181de54a08d7447bac24cb1e546d_s390x"
},
"product_reference": "quay/quay-container-security-operator-bundle@sha256:b5f8b35092db7d025a90613f3da0f7a72529181de54a08d7447bac24cb1e546d_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-container-security-operator-rhel8@sha256:44c2dd325e8f0ca3e6bc60566a573c70a7b6a086aaa7c34c059bb527e5b1d926_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:44c2dd325e8f0ca3e6bc60566a573c70a7b6a086aaa7c34c059bb527e5b1d926_ppc64le"
},
"product_reference": "quay/quay-container-security-operator-rhel8@sha256:44c2dd325e8f0ca3e6bc60566a573c70a7b6a086aaa7c34c059bb527e5b1d926_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-container-security-operator-rhel8@sha256:468820f558c151257ef219a0a38a21436817f6393767b22617dfc8a0f3276f7c_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:468820f558c151257ef219a0a38a21436817f6393767b22617dfc8a0f3276f7c_amd64"
},
"product_reference": "quay/quay-container-security-operator-rhel8@sha256:468820f558c151257ef219a0a38a21436817f6393767b22617dfc8a0f3276f7c_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-container-security-operator-rhel8@sha256:f08bbd7efc1137c3a3ff6f38488574b2a63c88f9071344eee43f5789babd2e1d_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:f08bbd7efc1137c3a3ff6f38488574b2a63c88f9071344eee43f5789babd2e1d_s390x"
},
"product_reference": "quay/quay-container-security-operator-rhel8@sha256:f08bbd7efc1137c3a3ff6f38488574b2a63c88f9071344eee43f5789babd2e1d_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-operator-bundle@sha256:551ae88034a4ccd9051fd8e4c4ad26b3fc3b91a9794cd1d08bd8758eba4e7121_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-operator-bundle@sha256:551ae88034a4ccd9051fd8e4c4ad26b3fc3b91a9794cd1d08bd8758eba4e7121_ppc64le"
},
"product_reference": "quay/quay-operator-bundle@sha256:551ae88034a4ccd9051fd8e4c4ad26b3fc3b91a9794cd1d08bd8758eba4e7121_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-operator-bundle@sha256:6cc8cf175183a488c50d0f2bb2aff91180d70722ea6cf39967e53092adac69ff_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-operator-bundle@sha256:6cc8cf175183a488c50d0f2bb2aff91180d70722ea6cf39967e53092adac69ff_amd64"
},
"product_reference": "quay/quay-operator-bundle@sha256:6cc8cf175183a488c50d0f2bb2aff91180d70722ea6cf39967e53092adac69ff_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-operator-bundle@sha256:d449ed97c243dcc9fa61b8e4fa818f108017c03da9ced0520ac356eee7e669c4_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-operator-bundle@sha256:d449ed97c243dcc9fa61b8e4fa818f108017c03da9ced0520ac356eee7e669c4_s390x"
},
"product_reference": "quay/quay-operator-bundle@sha256:d449ed97c243dcc9fa61b8e4fa818f108017c03da9ced0520ac356eee7e669c4_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-operator-rhel8@sha256:647fcb8dd13bd96aac49f07e5535b369347665bf53a0a9491245ec2f8c531935_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-operator-rhel8@sha256:647fcb8dd13bd96aac49f07e5535b369347665bf53a0a9491245ec2f8c531935_ppc64le"
},
"product_reference": "quay/quay-operator-rhel8@sha256:647fcb8dd13bd96aac49f07e5535b369347665bf53a0a9491245ec2f8c531935_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-operator-rhel8@sha256:6ebb2498e2e9d70852e258739b8676d9928c68049c93318f2178eebac38b0ba5_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-operator-rhel8@sha256:6ebb2498e2e9d70852e258739b8676d9928c68049c93318f2178eebac38b0ba5_amd64"
},
"product_reference": "quay/quay-operator-rhel8@sha256:6ebb2498e2e9d70852e258739b8676d9928c68049c93318f2178eebac38b0ba5_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-operator-rhel8@sha256:7c6d2001422a4a1e76aabc0d8f71e9fbe896bcbe22c55d3c3a6d6eb738065553_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7c6d2001422a4a1e76aabc0d8f71e9fbe896bcbe22c55d3c3a6d6eb738065553_s390x"
},
"product_reference": "quay/quay-operator-rhel8@sha256:7c6d2001422a4a1e76aabc0d8f71e9fbe896bcbe22c55d3c3a6d6eb738065553_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-rhel8@sha256:26f0ef7faca0671bfac32eea1a1b0036df90c9c41bbf49a7efab6c633a928091_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-rhel8@sha256:26f0ef7faca0671bfac32eea1a1b0036df90c9c41bbf49a7efab6c633a928091_s390x"
},
"product_reference": "quay/quay-rhel8@sha256:26f0ef7faca0671bfac32eea1a1b0036df90c9c41bbf49a7efab6c633a928091_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-rhel8@sha256:906688d8356f1931370d1f864b88ba53a6755a9c82de6134846907ad0bae48e4_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-rhel8@sha256:906688d8356f1931370d1f864b88ba53a6755a9c82de6134846907ad0bae48e4_amd64"
},
"product_reference": "quay/quay-rhel8@sha256:906688d8356f1931370d1f864b88ba53a6755a9c82de6134846907ad0bae48e4_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-rhel8@sha256:c66007a0049286bdd251715f40d13ea331c6778f3a089749746be26dc7dba334_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-rhel8@sha256:c66007a0049286bdd251715f40d13ea331c6778f3a089749746be26dc7dba334_ppc64le"
},
"product_reference": "quay/quay-rhel8@sha256:c66007a0049286bdd251715f40d13ea331c6778f3a089749746be26dc7dba334_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.\n\nMultiple Red Hat offerings use doxygen to build documentation. During this process an affected jquery.js file can be included in the resulting package. The \u0027gcc\u0027 and \u0027tbb\u0027 packages were potentially vulnerable via this method.\n\nOpenShift Container Platform 4 is not affected because even though it uses the \u0027gcc\u0027 component, vulnerable code is limited within the libstdc++-docs rpm package, which is not shipped.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/clair-rhel8@sha256:0204fd4290da6989e8b28b57e99f4f92466b1f60b77b00347850f3b8c176d524_amd64",
"8Base-Quay-3:quay/clair-rhel8@sha256:1341e9d89f30bb9e12e43563078c4fb7ef1319b00958f4d22985e0cbb519d50c_s390x",
"8Base-Quay-3:quay/clair-rhel8@sha256:2966a2534f8c4613495d73cd864f92c9d94ec173c57d955708f37e888fac23f6_ppc64le",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:8c2d03c9b14aa2d9bbcffade943c94237523f52ddce814caaf6b0578aae6b1ab_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:97beaa8ac6dc90529ded16c9dcf9c3362d42efaa95d84ed50b7be9dd59a9e578_ppc64le",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:b44cb8d8e099f31ee358f19574d54b449086ab1617c03cb41616dbd6e11994c5_s390x",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:1fa7b9904402ac996d9534351e784a25f27f08fc1e089a44c85d47431f368012_s390x",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8f3941a45070ffdf9a9d6c12588bf4c33346fb600333dddb719ee0e435210a68_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:db7c6a49d4150957f0cfb10ce3902722d7d901f41962bf4b960fb7ddf93a9a98_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:8338e1d9da6ebcfa8ac9e93709d44d2c6b3052cec3c1c316d6c50fc85a73f1cb_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:b14253a941535ea6b1a6fd060b3482f74dda955cd0afa1d86421ae6b2e1ff3d9_s390x",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:d45694397744073aaeb9e79e381b3dc3c13f163adf58cc16cfddebe033db80e2_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:7f9c67dbaa841f3a96c70e020f341141f046955b575cff3f9070a45eefddf12f_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:a27c1809b007085e59e8b9e15ec5fc55b5cfbdfcc23f5bba8ccf9ebd12a29562_ppc64le",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:c2e2addc62e0627fc82915fd59081a03773caae50c682f9169f9dcf131ae16e5_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:77a5960828a06b16f9ac13e70778b6d0b310a9087b793a05c95bd57474b77238_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:af4f196e63cc1e47a081d9f9f70f41b91983d86bdf1a4d5a0b9f2d8e573e2d5f_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:b5f8b35092db7d025a90613f3da0f7a72529181de54a08d7447bac24cb1e546d_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:44c2dd325e8f0ca3e6bc60566a573c70a7b6a086aaa7c34c059bb527e5b1d926_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:468820f558c151257ef219a0a38a21436817f6393767b22617dfc8a0f3276f7c_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:f08bbd7efc1137c3a3ff6f38488574b2a63c88f9071344eee43f5789babd2e1d_s390x",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:551ae88034a4ccd9051fd8e4c4ad26b3fc3b91a9794cd1d08bd8758eba4e7121_ppc64le",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:6cc8cf175183a488c50d0f2bb2aff91180d70722ea6cf39967e53092adac69ff_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:d449ed97c243dcc9fa61b8e4fa818f108017c03da9ced0520ac356eee7e669c4_s390x",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:647fcb8dd13bd96aac49f07e5535b369347665bf53a0a9491245ec2f8c531935_ppc64le",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:6ebb2498e2e9d70852e258739b8676d9928c68049c93318f2178eebac38b0ba5_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:7c6d2001422a4a1e76aabc0d8f71e9fbe896bcbe22c55d3c3a6d6eb738065553_s390x",
"8Base-Quay-3:quay/quay-rhel8@sha256:26f0ef7faca0671bfac32eea1a1b0036df90c9c41bbf49a7efab6c633a928091_s390x",
"8Base-Quay-3:quay/quay-rhel8@sha256:906688d8356f1931370d1f864b88ba53a6755a9c82de6134846907ad0bae48e4_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:c66007a0049286bdd251715f40d13ea331c6778f3a089749746be26dc7dba334_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11023"
},
{
"category": "external",
"summary": "RHBZ#1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2020-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T03:42:46+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:0204fd4290da6989e8b28b57e99f4f92466b1f60b77b00347850f3b8c176d524_amd64",
"8Base-Quay-3:quay/clair-rhel8@sha256:1341e9d89f30bb9e12e43563078c4fb7ef1319b00958f4d22985e0cbb519d50c_s390x",
"8Base-Quay-3:quay/clair-rhel8@sha256:2966a2534f8c4613495d73cd864f92c9d94ec173c57d955708f37e888fac23f6_ppc64le",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:8c2d03c9b14aa2d9bbcffade943c94237523f52ddce814caaf6b0578aae6b1ab_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:97beaa8ac6dc90529ded16c9dcf9c3362d42efaa95d84ed50b7be9dd59a9e578_ppc64le",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:b44cb8d8e099f31ee358f19574d54b449086ab1617c03cb41616dbd6e11994c5_s390x",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:1fa7b9904402ac996d9534351e784a25f27f08fc1e089a44c85d47431f368012_s390x",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8f3941a45070ffdf9a9d6c12588bf4c33346fb600333dddb719ee0e435210a68_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:db7c6a49d4150957f0cfb10ce3902722d7d901f41962bf4b960fb7ddf93a9a98_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:8338e1d9da6ebcfa8ac9e93709d44d2c6b3052cec3c1c316d6c50fc85a73f1cb_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:b14253a941535ea6b1a6fd060b3482f74dda955cd0afa1d86421ae6b2e1ff3d9_s390x",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:d45694397744073aaeb9e79e381b3dc3c13f163adf58cc16cfddebe033db80e2_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:7f9c67dbaa841f3a96c70e020f341141f046955b575cff3f9070a45eefddf12f_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:a27c1809b007085e59e8b9e15ec5fc55b5cfbdfcc23f5bba8ccf9ebd12a29562_ppc64le",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:c2e2addc62e0627fc82915fd59081a03773caae50c682f9169f9dcf131ae16e5_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:77a5960828a06b16f9ac13e70778b6d0b310a9087b793a05c95bd57474b77238_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:af4f196e63cc1e47a081d9f9f70f41b91983d86bdf1a4d5a0b9f2d8e573e2d5f_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:b5f8b35092db7d025a90613f3da0f7a72529181de54a08d7447bac24cb1e546d_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:44c2dd325e8f0ca3e6bc60566a573c70a7b6a086aaa7c34c059bb527e5b1d926_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:468820f558c151257ef219a0a38a21436817f6393767b22617dfc8a0f3276f7c_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:f08bbd7efc1137c3a3ff6f38488574b2a63c88f9071344eee43f5789babd2e1d_s390x",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:551ae88034a4ccd9051fd8e4c4ad26b3fc3b91a9794cd1d08bd8758eba4e7121_ppc64le",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:6cc8cf175183a488c50d0f2bb2aff91180d70722ea6cf39967e53092adac69ff_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:d449ed97c243dcc9fa61b8e4fa818f108017c03da9ced0520ac356eee7e669c4_s390x",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:647fcb8dd13bd96aac49f07e5535b369347665bf53a0a9491245ec2f8c531935_ppc64le",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:6ebb2498e2e9d70852e258739b8676d9928c68049c93318f2178eebac38b0ba5_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:7c6d2001422a4a1e76aabc0d8f71e9fbe896bcbe22c55d3c3a6d6eb738065553_s390x",
"8Base-Quay-3:quay/quay-rhel8@sha256:26f0ef7faca0671bfac32eea1a1b0036df90c9c41bbf49a7efab6c633a928091_s390x",
"8Base-Quay-3:quay/quay-rhel8@sha256:906688d8356f1931370d1f864b88ba53a6755a9c82de6134846907ad0bae48e4_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:c66007a0049286bdd251715f40d13ea331c6778f3a089749746be26dc7dba334_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2025:1079"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:0204fd4290da6989e8b28b57e99f4f92466b1f60b77b00347850f3b8c176d524_amd64",
"8Base-Quay-3:quay/clair-rhel8@sha256:1341e9d89f30bb9e12e43563078c4fb7ef1319b00958f4d22985e0cbb519d50c_s390x",
"8Base-Quay-3:quay/clair-rhel8@sha256:2966a2534f8c4613495d73cd864f92c9d94ec173c57d955708f37e888fac23f6_ppc64le",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:8c2d03c9b14aa2d9bbcffade943c94237523f52ddce814caaf6b0578aae6b1ab_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:97beaa8ac6dc90529ded16c9dcf9c3362d42efaa95d84ed50b7be9dd59a9e578_ppc64le",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:b44cb8d8e099f31ee358f19574d54b449086ab1617c03cb41616dbd6e11994c5_s390x",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:1fa7b9904402ac996d9534351e784a25f27f08fc1e089a44c85d47431f368012_s390x",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8f3941a45070ffdf9a9d6c12588bf4c33346fb600333dddb719ee0e435210a68_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:db7c6a49d4150957f0cfb10ce3902722d7d901f41962bf4b960fb7ddf93a9a98_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:8338e1d9da6ebcfa8ac9e93709d44d2c6b3052cec3c1c316d6c50fc85a73f1cb_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:b14253a941535ea6b1a6fd060b3482f74dda955cd0afa1d86421ae6b2e1ff3d9_s390x",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:d45694397744073aaeb9e79e381b3dc3c13f163adf58cc16cfddebe033db80e2_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:7f9c67dbaa841f3a96c70e020f341141f046955b575cff3f9070a45eefddf12f_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:a27c1809b007085e59e8b9e15ec5fc55b5cfbdfcc23f5bba8ccf9ebd12a29562_ppc64le",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:c2e2addc62e0627fc82915fd59081a03773caae50c682f9169f9dcf131ae16e5_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:77a5960828a06b16f9ac13e70778b6d0b310a9087b793a05c95bd57474b77238_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:af4f196e63cc1e47a081d9f9f70f41b91983d86bdf1a4d5a0b9f2d8e573e2d5f_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:b5f8b35092db7d025a90613f3da0f7a72529181de54a08d7447bac24cb1e546d_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:44c2dd325e8f0ca3e6bc60566a573c70a7b6a086aaa7c34c059bb527e5b1d926_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:468820f558c151257ef219a0a38a21436817f6393767b22617dfc8a0f3276f7c_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:f08bbd7efc1137c3a3ff6f38488574b2a63c88f9071344eee43f5789babd2e1d_s390x",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:551ae88034a4ccd9051fd8e4c4ad26b3fc3b91a9794cd1d08bd8758eba4e7121_ppc64le",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:6cc8cf175183a488c50d0f2bb2aff91180d70722ea6cf39967e53092adac69ff_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:d449ed97c243dcc9fa61b8e4fa818f108017c03da9ced0520ac356eee7e669c4_s390x",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:647fcb8dd13bd96aac49f07e5535b369347665bf53a0a9491245ec2f8c531935_ppc64le",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:6ebb2498e2e9d70852e258739b8676d9928c68049c93318f2178eebac38b0ba5_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:7c6d2001422a4a1e76aabc0d8f71e9fbe896bcbe22c55d3c3a6d6eb738065553_s390x",
"8Base-Quay-3:quay/quay-rhel8@sha256:26f0ef7faca0671bfac32eea1a1b0036df90c9c41bbf49a7efab6c633a928091_s390x",
"8Base-Quay-3:quay/quay-rhel8@sha256:906688d8356f1931370d1f864b88ba53a6755a9c82de6134846907ad0bae48e4_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:c66007a0049286bdd251715f40d13ea331c6778f3a089749746be26dc7dba334_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-Quay-3:quay/clair-rhel8@sha256:0204fd4290da6989e8b28b57e99f4f92466b1f60b77b00347850f3b8c176d524_amd64",
"8Base-Quay-3:quay/clair-rhel8@sha256:1341e9d89f30bb9e12e43563078c4fb7ef1319b00958f4d22985e0cbb519d50c_s390x",
"8Base-Quay-3:quay/clair-rhel8@sha256:2966a2534f8c4613495d73cd864f92c9d94ec173c57d955708f37e888fac23f6_ppc64le",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:8c2d03c9b14aa2d9bbcffade943c94237523f52ddce814caaf6b0578aae6b1ab_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:97beaa8ac6dc90529ded16c9dcf9c3362d42efaa95d84ed50b7be9dd59a9e578_ppc64le",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:b44cb8d8e099f31ee358f19574d54b449086ab1617c03cb41616dbd6e11994c5_s390x",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:1fa7b9904402ac996d9534351e784a25f27f08fc1e089a44c85d47431f368012_s390x",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8f3941a45070ffdf9a9d6c12588bf4c33346fb600333dddb719ee0e435210a68_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:db7c6a49d4150957f0cfb10ce3902722d7d901f41962bf4b960fb7ddf93a9a98_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:8338e1d9da6ebcfa8ac9e93709d44d2c6b3052cec3c1c316d6c50fc85a73f1cb_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:b14253a941535ea6b1a6fd060b3482f74dda955cd0afa1d86421ae6b2e1ff3d9_s390x",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:d45694397744073aaeb9e79e381b3dc3c13f163adf58cc16cfddebe033db80e2_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:7f9c67dbaa841f3a96c70e020f341141f046955b575cff3f9070a45eefddf12f_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:a27c1809b007085e59e8b9e15ec5fc55b5cfbdfcc23f5bba8ccf9ebd12a29562_ppc64le",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:c2e2addc62e0627fc82915fd59081a03773caae50c682f9169f9dcf131ae16e5_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:77a5960828a06b16f9ac13e70778b6d0b310a9087b793a05c95bd57474b77238_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:af4f196e63cc1e47a081d9f9f70f41b91983d86bdf1a4d5a0b9f2d8e573e2d5f_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:b5f8b35092db7d025a90613f3da0f7a72529181de54a08d7447bac24cb1e546d_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:44c2dd325e8f0ca3e6bc60566a573c70a7b6a086aaa7c34c059bb527e5b1d926_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:468820f558c151257ef219a0a38a21436817f6393767b22617dfc8a0f3276f7c_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:f08bbd7efc1137c3a3ff6f38488574b2a63c88f9071344eee43f5789babd2e1d_s390x",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:551ae88034a4ccd9051fd8e4c4ad26b3fc3b91a9794cd1d08bd8758eba4e7121_ppc64le",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:6cc8cf175183a488c50d0f2bb2aff91180d70722ea6cf39967e53092adac69ff_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:d449ed97c243dcc9fa61b8e4fa818f108017c03da9ced0520ac356eee7e669c4_s390x",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:647fcb8dd13bd96aac49f07e5535b369347665bf53a0a9491245ec2f8c531935_ppc64le",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:6ebb2498e2e9d70852e258739b8676d9928c68049c93318f2178eebac38b0ba5_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:7c6d2001422a4a1e76aabc0d8f71e9fbe896bcbe22c55d3c3a6d6eb738065553_s390x",
"8Base-Quay-3:quay/quay-rhel8@sha256:26f0ef7faca0671bfac32eea1a1b0036df90c9c41bbf49a7efab6c633a928091_s390x",
"8Base-Quay-3:quay/quay-rhel8@sha256:906688d8356f1931370d1f864b88ba53a6755a9c82de6134846907ad0bae48e4_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:c66007a0049286bdd251715f40d13ea331c6778f3a089749746be26dc7dba334_ppc64le"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-01-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods"
}
]
}
RHBA-2025:1597
Vulnerability from csaf_redhat - Published: 2025-02-24 06:54 - Updated: 2026-05-25 14:23Summary
Red Hat Bug Fix Advisory: Red Hat Quay v3.9.10 bug fix release
Severity
Moderate
Notes
Topic: Red Hat Quay 3.9.10 is now available with bug fixes.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Quay 3.9.10
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in jQuery. HTML containing \<option\> elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.
6.1 (Medium)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:be5aa55fd2dac0cf68de95b4838d9d4036a74498b0105e51700de04ea927178d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:2e29f557653b8b39d560ad20d04fa3059a82a8e7a91a38759abbf0ad5e407277_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:98579eac921a1f826a0076bce00630df914bc828846cb266871330fb84465026_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:4516ea12db56b25d13631446b6d6cbd9f8feac7e4aff6eb25ac0e360e3a4fa01_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:e7a5ff90f004faeeda52d504f7d4396e2952f5b0021c69d5176e189b25eafec0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:367ea9ce8fd4214c1c88d4954501aed7573ab5d6c914815a5f16c65d14f95636_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:65b1b3bd0d998b41a80b47d4ec4b2f78dea39e1e68d06c110ac39103f5f09984_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:923b0084f2f6c0c8e097c12fd0b381314b1f2f407ab77a49b97d837c88c8d641_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:4305f51c514c95b6a03b5f6390c624dfed6fed361d6e7b0e6f270912e6aeb7c8_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:222815636c389658b5692de815033013bc6cd7760a169eff664b2caabf44ec24_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.9.10 is now available with bug fixes.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.9.10",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2025:1597",
"url": "https://access.redhat.com/errata/RHBA-2025:1597"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhba-2025_1597.json"
}
],
"title": "Red Hat Bug Fix Advisory: Red Hat Quay v3.9.10 bug fix release",
"tracking": {
"current_release_date": "2026-05-25T14:23:37+00:00",
"generator": {
"date": "2026-05-25T14:23:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHBA-2025:1597",
"initial_release_date": "2025-02-24T06:54:10+00:00",
"revision_history": [
{
"date": "2025-02-24T06:54:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-24T06:54:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-25T14:23:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Quay v3",
"product": {
"name": "Quay v3",
"product_id": "8Base-Quay-3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "quay/quay-bridge-operator-bundle@sha256:2e29f557653b8b39d560ad20d04fa3059a82a8e7a91a38759abbf0ad5e407277_amd64",
"product": {
"name": "quay/quay-bridge-operator-bundle@sha256:2e29f557653b8b39d560ad20d04fa3059a82a8e7a91a38759abbf0ad5e407277_amd64",
"product_id": "quay/quay-bridge-operator-bundle@sha256:2e29f557653b8b39d560ad20d04fa3059a82a8e7a91a38759abbf0ad5e407277_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256:2e29f557653b8b39d560ad20d04fa3059a82a8e7a91a38759abbf0ad5e407277?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-bundle\u0026tag=v3.9.10-7"
}
}
},
{
"category": "product_version",
"name": "quay/quay-bridge-operator-rhel8@sha256:98579eac921a1f826a0076bce00630df914bc828846cb266871330fb84465026_amd64",
"product": {
"name": "quay/quay-bridge-operator-rhel8@sha256:98579eac921a1f826a0076bce00630df914bc828846cb266871330fb84465026_amd64",
"product_id": "quay/quay-bridge-operator-rhel8@sha256:98579eac921a1f826a0076bce00630df914bc828846cb266871330fb84465026_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256:98579eac921a1f826a0076bce00630df914bc828846cb266871330fb84465026?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=v3.9.10-3"
}
}
},
{
"category": "product_version",
"name": "quay/quay-builder-rhel8@sha256:e7a5ff90f004faeeda52d504f7d4396e2952f5b0021c69d5176e189b25eafec0_amd64",
"product": {
"name": "quay/quay-builder-rhel8@sha256:e7a5ff90f004faeeda52d504f7d4396e2952f5b0021c69d5176e189b25eafec0_amd64",
"product_id": "quay/quay-builder-rhel8@sha256:e7a5ff90f004faeeda52d504f7d4396e2952f5b0021c69d5176e189b25eafec0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256:e7a5ff90f004faeeda52d504f7d4396e2952f5b0021c69d5176e189b25eafec0?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=v3.9.10-7"
}
}
},
{
"category": "product_version",
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:4516ea12db56b25d13631446b6d6cbd9f8feac7e4aff6eb25ac0e360e3a4fa01_amd64",
"product": {
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:4516ea12db56b25d13631446b6d6cbd9f8feac7e4aff6eb25ac0e360e3a4fa01_amd64",
"product_id": "quay/quay-builder-qemu-rhcos-rhel8@sha256:4516ea12db56b25d13631446b6d6cbd9f8feac7e4aff6eb25ac0e360e3a4fa01_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256:4516ea12db56b25d13631446b6d6cbd9f8feac7e4aff6eb25ac0e360e3a4fa01?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=v3.9.10-4"
}
}
},
{
"category": "product_version",
"name": "quay/clair-rhel8@sha256:be5aa55fd2dac0cf68de95b4838d9d4036a74498b0105e51700de04ea927178d_amd64",
"product": {
"name": "quay/clair-rhel8@sha256:be5aa55fd2dac0cf68de95b4838d9d4036a74498b0105e51700de04ea927178d_amd64",
"product_id": "quay/clair-rhel8@sha256:be5aa55fd2dac0cf68de95b4838d9d4036a74498b0105e51700de04ea927178d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256:be5aa55fd2dac0cf68de95b4838d9d4036a74498b0105e51700de04ea927178d?arch=amd64\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=v3.9.10-3"
}
}
},
{
"category": "product_version",
"name": "quay/quay-container-security-operator-bundle@sha256:367ea9ce8fd4214c1c88d4954501aed7573ab5d6c914815a5f16c65d14f95636_amd64",
"product": {
"name": "quay/quay-container-security-operator-bundle@sha256:367ea9ce8fd4214c1c88d4954501aed7573ab5d6c914815a5f16c65d14f95636_amd64",
"product_id": "quay/quay-container-security-operator-bundle@sha256:367ea9ce8fd4214c1c88d4954501aed7573ab5d6c914815a5f16c65d14f95636_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256:367ea9ce8fd4214c1c88d4954501aed7573ab5d6c914815a5f16c65d14f95636?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=v3.9.10-2"
}
}
},
{
"category": "product_version",
"name": "quay/quay-container-security-operator-rhel8@sha256:65b1b3bd0d998b41a80b47d4ec4b2f78dea39e1e68d06c110ac39103f5f09984_amd64",
"product": {
"name": "quay/quay-container-security-operator-rhel8@sha256:65b1b3bd0d998b41a80b47d4ec4b2f78dea39e1e68d06c110ac39103f5f09984_amd64",
"product_id": "quay/quay-container-security-operator-rhel8@sha256:65b1b3bd0d998b41a80b47d4ec4b2f78dea39e1e68d06c110ac39103f5f09984_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256:65b1b3bd0d998b41a80b47d4ec4b2f78dea39e1e68d06c110ac39103f5f09984?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=v3.9.10-2"
}
}
},
{
"category": "product_version",
"name": "quay/quay-operator-bundle@sha256:923b0084f2f6c0c8e097c12fd0b381314b1f2f407ab77a49b97d837c88c8d641_amd64",
"product": {
"name": "quay/quay-operator-bundle@sha256:923b0084f2f6c0c8e097c12fd0b381314b1f2f407ab77a49b97d837c88c8d641_amd64",
"product_id": "quay/quay-operator-bundle@sha256:923b0084f2f6c0c8e097c12fd0b381314b1f2f407ab77a49b97d837c88c8d641_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256:923b0084f2f6c0c8e097c12fd0b381314b1f2f407ab77a49b97d837c88c8d641?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=v3.9.10-16"
}
}
},
{
"category": "product_version",
"name": "quay/quay-operator-rhel8@sha256:4305f51c514c95b6a03b5f6390c624dfed6fed361d6e7b0e6f270912e6aeb7c8_amd64",
"product": {
"name": "quay/quay-operator-rhel8@sha256:4305f51c514c95b6a03b5f6390c624dfed6fed361d6e7b0e6f270912e6aeb7c8_amd64",
"product_id": "quay/quay-operator-rhel8@sha256:4305f51c514c95b6a03b5f6390c624dfed6fed361d6e7b0e6f270912e6aeb7c8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256:4305f51c514c95b6a03b5f6390c624dfed6fed361d6e7b0e6f270912e6aeb7c8?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=v3.9.10-2"
}
}
},
{
"category": "product_version",
"name": "quay/quay-rhel8@sha256:222815636c389658b5692de815033013bc6cd7760a169eff664b2caabf44ec24_amd64",
"product": {
"name": "quay/quay-rhel8@sha256:222815636c389658b5692de815033013bc6cd7760a169eff664b2caabf44ec24_amd64",
"product_id": "quay/quay-rhel8@sha256:222815636c389658b5692de815033013bc6cd7760a169eff664b2caabf44ec24_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256:222815636c389658b5692de815033013bc6cd7760a169eff664b2caabf44ec24?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=v3.9.10-7"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/clair-rhel8@sha256:be5aa55fd2dac0cf68de95b4838d9d4036a74498b0105e51700de04ea927178d_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/clair-rhel8@sha256:be5aa55fd2dac0cf68de95b4838d9d4036a74498b0105e51700de04ea927178d_amd64"
},
"product_reference": "quay/clair-rhel8@sha256:be5aa55fd2dac0cf68de95b4838d9d4036a74498b0105e51700de04ea927178d_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-bridge-operator-bundle@sha256:2e29f557653b8b39d560ad20d04fa3059a82a8e7a91a38759abbf0ad5e407277_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:2e29f557653b8b39d560ad20d04fa3059a82a8e7a91a38759abbf0ad5e407277_amd64"
},
"product_reference": "quay/quay-bridge-operator-bundle@sha256:2e29f557653b8b39d560ad20d04fa3059a82a8e7a91a38759abbf0ad5e407277_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-bridge-operator-rhel8@sha256:98579eac921a1f826a0076bce00630df914bc828846cb266871330fb84465026_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:98579eac921a1f826a0076bce00630df914bc828846cb266871330fb84465026_amd64"
},
"product_reference": "quay/quay-bridge-operator-rhel8@sha256:98579eac921a1f826a0076bce00630df914bc828846cb266871330fb84465026_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:4516ea12db56b25d13631446b6d6cbd9f8feac7e4aff6eb25ac0e360e3a4fa01_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:4516ea12db56b25d13631446b6d6cbd9f8feac7e4aff6eb25ac0e360e3a4fa01_amd64"
},
"product_reference": "quay/quay-builder-qemu-rhcos-rhel8@sha256:4516ea12db56b25d13631446b6d6cbd9f8feac7e4aff6eb25ac0e360e3a4fa01_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-builder-rhel8@sha256:e7a5ff90f004faeeda52d504f7d4396e2952f5b0021c69d5176e189b25eafec0_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-builder-rhel8@sha256:e7a5ff90f004faeeda52d504f7d4396e2952f5b0021c69d5176e189b25eafec0_amd64"
},
"product_reference": "quay/quay-builder-rhel8@sha256:e7a5ff90f004faeeda52d504f7d4396e2952f5b0021c69d5176e189b25eafec0_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-container-security-operator-bundle@sha256:367ea9ce8fd4214c1c88d4954501aed7573ab5d6c914815a5f16c65d14f95636_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:367ea9ce8fd4214c1c88d4954501aed7573ab5d6c914815a5f16c65d14f95636_amd64"
},
"product_reference": "quay/quay-container-security-operator-bundle@sha256:367ea9ce8fd4214c1c88d4954501aed7573ab5d6c914815a5f16c65d14f95636_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-container-security-operator-rhel8@sha256:65b1b3bd0d998b41a80b47d4ec4b2f78dea39e1e68d06c110ac39103f5f09984_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:65b1b3bd0d998b41a80b47d4ec4b2f78dea39e1e68d06c110ac39103f5f09984_amd64"
},
"product_reference": "quay/quay-container-security-operator-rhel8@sha256:65b1b3bd0d998b41a80b47d4ec4b2f78dea39e1e68d06c110ac39103f5f09984_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-operator-bundle@sha256:923b0084f2f6c0c8e097c12fd0b381314b1f2f407ab77a49b97d837c88c8d641_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-operator-bundle@sha256:923b0084f2f6c0c8e097c12fd0b381314b1f2f407ab77a49b97d837c88c8d641_amd64"
},
"product_reference": "quay/quay-operator-bundle@sha256:923b0084f2f6c0c8e097c12fd0b381314b1f2f407ab77a49b97d837c88c8d641_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-operator-rhel8@sha256:4305f51c514c95b6a03b5f6390c624dfed6fed361d6e7b0e6f270912e6aeb7c8_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-operator-rhel8@sha256:4305f51c514c95b6a03b5f6390c624dfed6fed361d6e7b0e6f270912e6aeb7c8_amd64"
},
"product_reference": "quay/quay-operator-rhel8@sha256:4305f51c514c95b6a03b5f6390c624dfed6fed361d6e7b0e6f270912e6aeb7c8_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-rhel8@sha256:222815636c389658b5692de815033013bc6cd7760a169eff664b2caabf44ec24_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-rhel8@sha256:222815636c389658b5692de815033013bc6cd7760a169eff664b2caabf44ec24_amd64"
},
"product_reference": "quay/quay-rhel8@sha256:222815636c389658b5692de815033013bc6cd7760a169eff664b2caabf44ec24_amd64",
"relates_to_product_reference": "8Base-Quay-3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.\n\nMultiple Red Hat offerings use doxygen to build documentation. During this process an affected jquery.js file can be included in the resulting package. The \u0027gcc\u0027 and \u0027tbb\u0027 packages were potentially vulnerable via this method.\n\nOpenShift Container Platform 4 is not affected because even though it uses the \u0027gcc\u0027 component, vulnerable code is limited within the libstdc++-docs rpm package, which is not shipped.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/clair-rhel8@sha256:be5aa55fd2dac0cf68de95b4838d9d4036a74498b0105e51700de04ea927178d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:2e29f557653b8b39d560ad20d04fa3059a82a8e7a91a38759abbf0ad5e407277_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:98579eac921a1f826a0076bce00630df914bc828846cb266871330fb84465026_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:4516ea12db56b25d13631446b6d6cbd9f8feac7e4aff6eb25ac0e360e3a4fa01_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:e7a5ff90f004faeeda52d504f7d4396e2952f5b0021c69d5176e189b25eafec0_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:367ea9ce8fd4214c1c88d4954501aed7573ab5d6c914815a5f16c65d14f95636_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:65b1b3bd0d998b41a80b47d4ec4b2f78dea39e1e68d06c110ac39103f5f09984_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:923b0084f2f6c0c8e097c12fd0b381314b1f2f407ab77a49b97d837c88c8d641_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:4305f51c514c95b6a03b5f6390c624dfed6fed361d6e7b0e6f270912e6aeb7c8_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:222815636c389658b5692de815033013bc6cd7760a169eff664b2caabf44ec24_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11023"
},
{
"category": "external",
"summary": "RHBZ#1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2020-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T06:54:10+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:be5aa55fd2dac0cf68de95b4838d9d4036a74498b0105e51700de04ea927178d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:2e29f557653b8b39d560ad20d04fa3059a82a8e7a91a38759abbf0ad5e407277_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:98579eac921a1f826a0076bce00630df914bc828846cb266871330fb84465026_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:4516ea12db56b25d13631446b6d6cbd9f8feac7e4aff6eb25ac0e360e3a4fa01_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:e7a5ff90f004faeeda52d504f7d4396e2952f5b0021c69d5176e189b25eafec0_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:367ea9ce8fd4214c1c88d4954501aed7573ab5d6c914815a5f16c65d14f95636_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:65b1b3bd0d998b41a80b47d4ec4b2f78dea39e1e68d06c110ac39103f5f09984_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:923b0084f2f6c0c8e097c12fd0b381314b1f2f407ab77a49b97d837c88c8d641_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:4305f51c514c95b6a03b5f6390c624dfed6fed361d6e7b0e6f270912e6aeb7c8_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:222815636c389658b5692de815033013bc6cd7760a169eff664b2caabf44ec24_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2025:1597"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:be5aa55fd2dac0cf68de95b4838d9d4036a74498b0105e51700de04ea927178d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:2e29f557653b8b39d560ad20d04fa3059a82a8e7a91a38759abbf0ad5e407277_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:98579eac921a1f826a0076bce00630df914bc828846cb266871330fb84465026_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:4516ea12db56b25d13631446b6d6cbd9f8feac7e4aff6eb25ac0e360e3a4fa01_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:e7a5ff90f004faeeda52d504f7d4396e2952f5b0021c69d5176e189b25eafec0_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:367ea9ce8fd4214c1c88d4954501aed7573ab5d6c914815a5f16c65d14f95636_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:65b1b3bd0d998b41a80b47d4ec4b2f78dea39e1e68d06c110ac39103f5f09984_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:923b0084f2f6c0c8e097c12fd0b381314b1f2f407ab77a49b97d837c88c8d641_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:4305f51c514c95b6a03b5f6390c624dfed6fed361d6e7b0e6f270912e6aeb7c8_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:222815636c389658b5692de815033013bc6cd7760a169eff664b2caabf44ec24_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-Quay-3:quay/clair-rhel8@sha256:be5aa55fd2dac0cf68de95b4838d9d4036a74498b0105e51700de04ea927178d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:2e29f557653b8b39d560ad20d04fa3059a82a8e7a91a38759abbf0ad5e407277_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:98579eac921a1f826a0076bce00630df914bc828846cb266871330fb84465026_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:4516ea12db56b25d13631446b6d6cbd9f8feac7e4aff6eb25ac0e360e3a4fa01_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:e7a5ff90f004faeeda52d504f7d4396e2952f5b0021c69d5176e189b25eafec0_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:367ea9ce8fd4214c1c88d4954501aed7573ab5d6c914815a5f16c65d14f95636_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:65b1b3bd0d998b41a80b47d4ec4b2f78dea39e1e68d06c110ac39103f5f09984_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:923b0084f2f6c0c8e097c12fd0b381314b1f2f407ab77a49b97d837c88c8d641_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:4305f51c514c95b6a03b5f6390c624dfed6fed361d6e7b0e6f270912e6aeb7c8_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:222815636c389658b5692de815033013bc6cd7760a169eff664b2caabf44ec24_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-01-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods"
}
]
}
RHBA-2025:1598
Vulnerability from csaf_redhat - Published: 2025-02-24 03:44 - Updated: 2026-05-25 14:23Summary
Red Hat Bug Fix Advisory: Red Hat Quay v3.12.8 bug fix release
Severity
Moderate
Notes
Topic: Red Hat Quay 3.12.8 is now available with bug fixes.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Quay 3.12.8
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in jQuery. HTML containing \<option\> elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.
6.1 (Medium)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:8c4dc7ffe59ab71bafc90e57b4c8f31879e18127d7c688ad13fc74b218b81b90_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:bf9818512c7fe88272fb8f7fc4a255d6bc5e3842582e4fd891558a89d406d8e9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:cdda23eec3cf0caf153089fb59be85ecaa50a3918ef78e0f11892045f9918ef3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:5a20c2d291a56f0d660071f7d4636ca0bbcf094e9cc4380e64901fcf49e30ea8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:689ff61a796a64d8c00aa430f34ffcceed2d89a3a3cc087b805f1fae33e80ea6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:9b37ea0b977e20326facc581b6980b187cfc0d5e5ed6eb1e6a6c8794321ec994_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8f7ea21b962abb00500141db4abf43d7c80ed585cbddcbe37c491bdbca1690d7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:bdda4ec419724ce68af416eaebb2b6e4be16ea2c33595be506cf2fd5beef4056_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:fd0d3139530d2a99a3e053d07266d14dccd73ac18e7ef073619de415069520dd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:af6a7a92aa23a114da79903c205499c3843de181c8fab0195fb6c5d493fa1168_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:b91aec3d3f9cf8a4204e6e13e27035802693a8517b14e59db2535fe789e7a33e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:bfc9435099f0b0cde9b43df3982b6164e08bdf7dc0691af197555f029cf78563_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:6fdbffa2ddf6f5ede8c00755c5d6f57c494ddea63b59f6e288dc5217c7d81050_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:edaa246672ae95f8a7c7fa00ec6aade33204ff37128cdec7b390c0d8f6573f13_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:f86fda437718ae80028a49aa919790ea19dabc38f8d41431a4366ae5001e46e9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:4ea1ef2482482789b30017f5221d7f64875e5550664da63098c8151a51bd3ede_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:c81af92a6092273dea45a9dee56bbb8a246b566402497b1746fa4817a3cece39_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:d8039e2970871d4d252f38d18587a5a7f0cdee34cceb15645e52f37b8d943f59_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:46322de9eeb0681da5ab4d83432ce7a8791ae604e59ec162fcf96319cc248d02_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:5d63f41839d712a348c91d7a90593ba332cab8e77f2238cc885792af9b45e89a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:6a5acdbb57f870efddfb93095522c3640f9ad6256c54a20f4790874d13322560_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:6cea661a5c6e0a5927b3a5a06129fc03e6678132faf9e3da5f498d8457fb2211_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:a91bb0d5e3becd59cadf51d323d1063ff675d277f9dfc7670570b1754badfacb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:ea077de1039e87e20f699ab2a68fa4f825898f7164bf071cc9404653789e352f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0702ae5634f99cb0775acdf0c9173a2a119816dd4e593462a9b0573ace330e2b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:9659a3fe53bbf44d60fea61c970daa8356f27b0a9bba4233157c5856cc338a6b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:ee4755634f7be2e4a68ef4ae4d89cde8964d1ea62fa233b10f7456ff82cbe9fc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:1a839e21cba19ea055e39f944620264bacb434fb1b6f2120fc3b8d7c3a29aae0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:ab2aac7247b0d75e6fcd2e5788067cf9130075c93c917da8145e5b1629d96d72_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:e0dd2dcd0b89ba9969136ae3ae5df87fe22e061031f1d1bd1b260782a7069ea7_s390x | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.12.8 is now available with bug fixes.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.12.8",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2025:1598",
"url": "https://access.redhat.com/errata/RHBA-2025:1598"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhba-2025_1598.json"
}
],
"title": "Red Hat Bug Fix Advisory: Red Hat Quay v3.12.8 bug fix release",
"tracking": {
"current_release_date": "2026-05-25T14:23:39+00:00",
"generator": {
"date": "2026-05-25T14:23:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHBA-2025:1598",
"initial_release_date": "2025-02-24T03:44:11+00:00",
"revision_history": [
{
"date": "2025-02-24T03:44:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-24T03:44:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-25T14:23:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Quay v3",
"product": {
"name": "Quay v3",
"product_id": "8Base-Quay-3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "quay/quay-bridge-operator-bundle@sha256:5a20c2d291a56f0d660071f7d4636ca0bbcf094e9cc4380e64901fcf49e30ea8_ppc64le",
"product": {
"name": "quay/quay-bridge-operator-bundle@sha256:5a20c2d291a56f0d660071f7d4636ca0bbcf094e9cc4380e64901fcf49e30ea8_ppc64le",
"product_id": "quay/quay-bridge-operator-bundle@sha256:5a20c2d291a56f0d660071f7d4636ca0bbcf094e9cc4380e64901fcf49e30ea8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256:5a20c2d291a56f0d660071f7d4636ca0bbcf094e9cc4380e64901fcf49e30ea8?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-bundle\u0026tag=v3.12.8-3"
}
}
},
{
"category": "product_version",
"name": "quay/quay-bridge-operator-rhel8@sha256:fd0d3139530d2a99a3e053d07266d14dccd73ac18e7ef073619de415069520dd_ppc64le",
"product": {
"name": "quay/quay-bridge-operator-rhel8@sha256:fd0d3139530d2a99a3e053d07266d14dccd73ac18e7ef073619de415069520dd_ppc64le",
"product_id": "quay/quay-bridge-operator-rhel8@sha256:fd0d3139530d2a99a3e053d07266d14dccd73ac18e7ef073619de415069520dd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256:fd0d3139530d2a99a3e053d07266d14dccd73ac18e7ef073619de415069520dd?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=v3.12.8-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-builder-rhel8@sha256:f86fda437718ae80028a49aa919790ea19dabc38f8d41431a4366ae5001e46e9_ppc64le",
"product": {
"name": "quay/quay-builder-rhel8@sha256:f86fda437718ae80028a49aa919790ea19dabc38f8d41431a4366ae5001e46e9_ppc64le",
"product_id": "quay/quay-builder-rhel8@sha256:f86fda437718ae80028a49aa919790ea19dabc38f8d41431a4366ae5001e46e9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256:f86fda437718ae80028a49aa919790ea19dabc38f8d41431a4366ae5001e46e9?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=v3.12.8-2"
}
}
},
{
"category": "product_version",
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:b91aec3d3f9cf8a4204e6e13e27035802693a8517b14e59db2535fe789e7a33e_ppc64le",
"product": {
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:b91aec3d3f9cf8a4204e6e13e27035802693a8517b14e59db2535fe789e7a33e_ppc64le",
"product_id": "quay/quay-builder-qemu-rhcos-rhel8@sha256:b91aec3d3f9cf8a4204e6e13e27035802693a8517b14e59db2535fe789e7a33e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256:b91aec3d3f9cf8a4204e6e13e27035802693a8517b14e59db2535fe789e7a33e?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=v3.12.8-1"
}
}
},
{
"category": "product_version",
"name": "quay/clair-rhel8@sha256:bf9818512c7fe88272fb8f7fc4a255d6bc5e3842582e4fd891558a89d406d8e9_ppc64le",
"product": {
"name": "quay/clair-rhel8@sha256:bf9818512c7fe88272fb8f7fc4a255d6bc5e3842582e4fd891558a89d406d8e9_ppc64le",
"product_id": "quay/clair-rhel8@sha256:bf9818512c7fe88272fb8f7fc4a255d6bc5e3842582e4fd891558a89d406d8e9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256:bf9818512c7fe88272fb8f7fc4a255d6bc5e3842582e4fd891558a89d406d8e9?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=v3.12.8-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-container-security-operator-bundle@sha256:c81af92a6092273dea45a9dee56bbb8a246b566402497b1746fa4817a3cece39_ppc64le",
"product": {
"name": "quay/quay-container-security-operator-bundle@sha256:c81af92a6092273dea45a9dee56bbb8a246b566402497b1746fa4817a3cece39_ppc64le",
"product_id": "quay/quay-container-security-operator-bundle@sha256:c81af92a6092273dea45a9dee56bbb8a246b566402497b1746fa4817a3cece39_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256:c81af92a6092273dea45a9dee56bbb8a246b566402497b1746fa4817a3cece39?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=v3.12.8-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-container-security-operator-rhel8@sha256:6a5acdbb57f870efddfb93095522c3640f9ad6256c54a20f4790874d13322560_ppc64le",
"product": {
"name": "quay/quay-container-security-operator-rhel8@sha256:6a5acdbb57f870efddfb93095522c3640f9ad6256c54a20f4790874d13322560_ppc64le",
"product_id": "quay/quay-container-security-operator-rhel8@sha256:6a5acdbb57f870efddfb93095522c3640f9ad6256c54a20f4790874d13322560_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256:6a5acdbb57f870efddfb93095522c3640f9ad6256c54a20f4790874d13322560?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=v3.12.8-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-operator-bundle@sha256:6cea661a5c6e0a5927b3a5a06129fc03e6678132faf9e3da5f498d8457fb2211_ppc64le",
"product": {
"name": "quay/quay-operator-bundle@sha256:6cea661a5c6e0a5927b3a5a06129fc03e6678132faf9e3da5f498d8457fb2211_ppc64le",
"product_id": "quay/quay-operator-bundle@sha256:6cea661a5c6e0a5927b3a5a06129fc03e6678132faf9e3da5f498d8457fb2211_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256:6cea661a5c6e0a5927b3a5a06129fc03e6678132faf9e3da5f498d8457fb2211?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=v3.12.8-4"
}
}
},
{
"category": "product_version",
"name": "quay/quay-operator-rhel8@sha256:ee4755634f7be2e4a68ef4ae4d89cde8964d1ea62fa233b10f7456ff82cbe9fc_ppc64le",
"product": {
"name": "quay/quay-operator-rhel8@sha256:ee4755634f7be2e4a68ef4ae4d89cde8964d1ea62fa233b10f7456ff82cbe9fc_ppc64le",
"product_id": "quay/quay-operator-rhel8@sha256:ee4755634f7be2e4a68ef4ae4d89cde8964d1ea62fa233b10f7456ff82cbe9fc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256:ee4755634f7be2e4a68ef4ae4d89cde8964d1ea62fa233b10f7456ff82cbe9fc?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=v3.12.8-2"
}
}
},
{
"category": "product_version",
"name": "quay/quay-rhel8@sha256:ab2aac7247b0d75e6fcd2e5788067cf9130075c93c917da8145e5b1629d96d72_ppc64le",
"product": {
"name": "quay/quay-rhel8@sha256:ab2aac7247b0d75e6fcd2e5788067cf9130075c93c917da8145e5b1629d96d72_ppc64le",
"product_id": "quay/quay-rhel8@sha256:ab2aac7247b0d75e6fcd2e5788067cf9130075c93c917da8145e5b1629d96d72_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256:ab2aac7247b0d75e6fcd2e5788067cf9130075c93c917da8145e5b1629d96d72?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=v3.12.8-2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "quay/quay-bridge-operator-bundle@sha256:9b37ea0b977e20326facc581b6980b187cfc0d5e5ed6eb1e6a6c8794321ec994_s390x",
"product": {
"name": "quay/quay-bridge-operator-bundle@sha256:9b37ea0b977e20326facc581b6980b187cfc0d5e5ed6eb1e6a6c8794321ec994_s390x",
"product_id": "quay/quay-bridge-operator-bundle@sha256:9b37ea0b977e20326facc581b6980b187cfc0d5e5ed6eb1e6a6c8794321ec994_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256:9b37ea0b977e20326facc581b6980b187cfc0d5e5ed6eb1e6a6c8794321ec994?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-bundle\u0026tag=v3.12.8-3"
}
}
},
{
"category": "product_version",
"name": "quay/quay-bridge-operator-rhel8@sha256:bdda4ec419724ce68af416eaebb2b6e4be16ea2c33595be506cf2fd5beef4056_s390x",
"product": {
"name": "quay/quay-bridge-operator-rhel8@sha256:bdda4ec419724ce68af416eaebb2b6e4be16ea2c33595be506cf2fd5beef4056_s390x",
"product_id": "quay/quay-bridge-operator-rhel8@sha256:bdda4ec419724ce68af416eaebb2b6e4be16ea2c33595be506cf2fd5beef4056_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256:bdda4ec419724ce68af416eaebb2b6e4be16ea2c33595be506cf2fd5beef4056?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=v3.12.8-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-builder-rhel8@sha256:edaa246672ae95f8a7c7fa00ec6aade33204ff37128cdec7b390c0d8f6573f13_s390x",
"product": {
"name": "quay/quay-builder-rhel8@sha256:edaa246672ae95f8a7c7fa00ec6aade33204ff37128cdec7b390c0d8f6573f13_s390x",
"product_id": "quay/quay-builder-rhel8@sha256:edaa246672ae95f8a7c7fa00ec6aade33204ff37128cdec7b390c0d8f6573f13_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256:edaa246672ae95f8a7c7fa00ec6aade33204ff37128cdec7b390c0d8f6573f13?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=v3.12.8-2"
}
}
},
{
"category": "product_version",
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:bfc9435099f0b0cde9b43df3982b6164e08bdf7dc0691af197555f029cf78563_s390x",
"product": {
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:bfc9435099f0b0cde9b43df3982b6164e08bdf7dc0691af197555f029cf78563_s390x",
"product_id": "quay/quay-builder-qemu-rhcos-rhel8@sha256:bfc9435099f0b0cde9b43df3982b6164e08bdf7dc0691af197555f029cf78563_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256:bfc9435099f0b0cde9b43df3982b6164e08bdf7dc0691af197555f029cf78563?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=v3.12.8-1"
}
}
},
{
"category": "product_version",
"name": "quay/clair-rhel8@sha256:8c4dc7ffe59ab71bafc90e57b4c8f31879e18127d7c688ad13fc74b218b81b90_s390x",
"product": {
"name": "quay/clair-rhel8@sha256:8c4dc7ffe59ab71bafc90e57b4c8f31879e18127d7c688ad13fc74b218b81b90_s390x",
"product_id": "quay/clair-rhel8@sha256:8c4dc7ffe59ab71bafc90e57b4c8f31879e18127d7c688ad13fc74b218b81b90_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256:8c4dc7ffe59ab71bafc90e57b4c8f31879e18127d7c688ad13fc74b218b81b90?arch=s390x\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=v3.12.8-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-container-security-operator-bundle@sha256:d8039e2970871d4d252f38d18587a5a7f0cdee34cceb15645e52f37b8d943f59_s390x",
"product": {
"name": "quay/quay-container-security-operator-bundle@sha256:d8039e2970871d4d252f38d18587a5a7f0cdee34cceb15645e52f37b8d943f59_s390x",
"product_id": "quay/quay-container-security-operator-bundle@sha256:d8039e2970871d4d252f38d18587a5a7f0cdee34cceb15645e52f37b8d943f59_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256:d8039e2970871d4d252f38d18587a5a7f0cdee34cceb15645e52f37b8d943f59?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=v3.12.8-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-container-security-operator-rhel8@sha256:46322de9eeb0681da5ab4d83432ce7a8791ae604e59ec162fcf96319cc248d02_s390x",
"product": {
"name": "quay/quay-container-security-operator-rhel8@sha256:46322de9eeb0681da5ab4d83432ce7a8791ae604e59ec162fcf96319cc248d02_s390x",
"product_id": "quay/quay-container-security-operator-rhel8@sha256:46322de9eeb0681da5ab4d83432ce7a8791ae604e59ec162fcf96319cc248d02_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256:46322de9eeb0681da5ab4d83432ce7a8791ae604e59ec162fcf96319cc248d02?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=v3.12.8-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-operator-bundle@sha256:a91bb0d5e3becd59cadf51d323d1063ff675d277f9dfc7670570b1754badfacb_s390x",
"product": {
"name": "quay/quay-operator-bundle@sha256:a91bb0d5e3becd59cadf51d323d1063ff675d277f9dfc7670570b1754badfacb_s390x",
"product_id": "quay/quay-operator-bundle@sha256:a91bb0d5e3becd59cadf51d323d1063ff675d277f9dfc7670570b1754badfacb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256:a91bb0d5e3becd59cadf51d323d1063ff675d277f9dfc7670570b1754badfacb?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=v3.12.8-4"
}
}
},
{
"category": "product_version",
"name": "quay/quay-operator-rhel8@sha256:9659a3fe53bbf44d60fea61c970daa8356f27b0a9bba4233157c5856cc338a6b_s390x",
"product": {
"name": "quay/quay-operator-rhel8@sha256:9659a3fe53bbf44d60fea61c970daa8356f27b0a9bba4233157c5856cc338a6b_s390x",
"product_id": "quay/quay-operator-rhel8@sha256:9659a3fe53bbf44d60fea61c970daa8356f27b0a9bba4233157c5856cc338a6b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256:9659a3fe53bbf44d60fea61c970daa8356f27b0a9bba4233157c5856cc338a6b?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=v3.12.8-2"
}
}
},
{
"category": "product_version",
"name": "quay/quay-rhel8@sha256:e0dd2dcd0b89ba9969136ae3ae5df87fe22e061031f1d1bd1b260782a7069ea7_s390x",
"product": {
"name": "quay/quay-rhel8@sha256:e0dd2dcd0b89ba9969136ae3ae5df87fe22e061031f1d1bd1b260782a7069ea7_s390x",
"product_id": "quay/quay-rhel8@sha256:e0dd2dcd0b89ba9969136ae3ae5df87fe22e061031f1d1bd1b260782a7069ea7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256:e0dd2dcd0b89ba9969136ae3ae5df87fe22e061031f1d1bd1b260782a7069ea7?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=v3.12.8-2"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "quay/quay-bridge-operator-bundle@sha256:689ff61a796a64d8c00aa430f34ffcceed2d89a3a3cc087b805f1fae33e80ea6_amd64",
"product": {
"name": "quay/quay-bridge-operator-bundle@sha256:689ff61a796a64d8c00aa430f34ffcceed2d89a3a3cc087b805f1fae33e80ea6_amd64",
"product_id": "quay/quay-bridge-operator-bundle@sha256:689ff61a796a64d8c00aa430f34ffcceed2d89a3a3cc087b805f1fae33e80ea6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256:689ff61a796a64d8c00aa430f34ffcceed2d89a3a3cc087b805f1fae33e80ea6?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-bundle\u0026tag=v3.12.8-3"
}
}
},
{
"category": "product_version",
"name": "quay/quay-bridge-operator-rhel8@sha256:8f7ea21b962abb00500141db4abf43d7c80ed585cbddcbe37c491bdbca1690d7_amd64",
"product": {
"name": "quay/quay-bridge-operator-rhel8@sha256:8f7ea21b962abb00500141db4abf43d7c80ed585cbddcbe37c491bdbca1690d7_amd64",
"product_id": "quay/quay-bridge-operator-rhel8@sha256:8f7ea21b962abb00500141db4abf43d7c80ed585cbddcbe37c491bdbca1690d7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256:8f7ea21b962abb00500141db4abf43d7c80ed585cbddcbe37c491bdbca1690d7?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=v3.12.8-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-builder-rhel8@sha256:6fdbffa2ddf6f5ede8c00755c5d6f57c494ddea63b59f6e288dc5217c7d81050_amd64",
"product": {
"name": "quay/quay-builder-rhel8@sha256:6fdbffa2ddf6f5ede8c00755c5d6f57c494ddea63b59f6e288dc5217c7d81050_amd64",
"product_id": "quay/quay-builder-rhel8@sha256:6fdbffa2ddf6f5ede8c00755c5d6f57c494ddea63b59f6e288dc5217c7d81050_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256:6fdbffa2ddf6f5ede8c00755c5d6f57c494ddea63b59f6e288dc5217c7d81050?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=v3.12.8-2"
}
}
},
{
"category": "product_version",
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:af6a7a92aa23a114da79903c205499c3843de181c8fab0195fb6c5d493fa1168_amd64",
"product": {
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:af6a7a92aa23a114da79903c205499c3843de181c8fab0195fb6c5d493fa1168_amd64",
"product_id": "quay/quay-builder-qemu-rhcos-rhel8@sha256:af6a7a92aa23a114da79903c205499c3843de181c8fab0195fb6c5d493fa1168_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256:af6a7a92aa23a114da79903c205499c3843de181c8fab0195fb6c5d493fa1168?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=v3.12.8-1"
}
}
},
{
"category": "product_version",
"name": "quay/clair-rhel8@sha256:cdda23eec3cf0caf153089fb59be85ecaa50a3918ef78e0f11892045f9918ef3_amd64",
"product": {
"name": "quay/clair-rhel8@sha256:cdda23eec3cf0caf153089fb59be85ecaa50a3918ef78e0f11892045f9918ef3_amd64",
"product_id": "quay/clair-rhel8@sha256:cdda23eec3cf0caf153089fb59be85ecaa50a3918ef78e0f11892045f9918ef3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256:cdda23eec3cf0caf153089fb59be85ecaa50a3918ef78e0f11892045f9918ef3?arch=amd64\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=v3.12.8-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-container-security-operator-bundle@sha256:4ea1ef2482482789b30017f5221d7f64875e5550664da63098c8151a51bd3ede_amd64",
"product": {
"name": "quay/quay-container-security-operator-bundle@sha256:4ea1ef2482482789b30017f5221d7f64875e5550664da63098c8151a51bd3ede_amd64",
"product_id": "quay/quay-container-security-operator-bundle@sha256:4ea1ef2482482789b30017f5221d7f64875e5550664da63098c8151a51bd3ede_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256:4ea1ef2482482789b30017f5221d7f64875e5550664da63098c8151a51bd3ede?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=v3.12.8-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-container-security-operator-rhel8@sha256:5d63f41839d712a348c91d7a90593ba332cab8e77f2238cc885792af9b45e89a_amd64",
"product": {
"name": "quay/quay-container-security-operator-rhel8@sha256:5d63f41839d712a348c91d7a90593ba332cab8e77f2238cc885792af9b45e89a_amd64",
"product_id": "quay/quay-container-security-operator-rhel8@sha256:5d63f41839d712a348c91d7a90593ba332cab8e77f2238cc885792af9b45e89a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256:5d63f41839d712a348c91d7a90593ba332cab8e77f2238cc885792af9b45e89a?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=v3.12.8-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-operator-bundle@sha256:ea077de1039e87e20f699ab2a68fa4f825898f7164bf071cc9404653789e352f_amd64",
"product": {
"name": "quay/quay-operator-bundle@sha256:ea077de1039e87e20f699ab2a68fa4f825898f7164bf071cc9404653789e352f_amd64",
"product_id": "quay/quay-operator-bundle@sha256:ea077de1039e87e20f699ab2a68fa4f825898f7164bf071cc9404653789e352f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256:ea077de1039e87e20f699ab2a68fa4f825898f7164bf071cc9404653789e352f?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=v3.12.8-4"
}
}
},
{
"category": "product_version",
"name": "quay/quay-operator-rhel8@sha256:0702ae5634f99cb0775acdf0c9173a2a119816dd4e593462a9b0573ace330e2b_amd64",
"product": {
"name": "quay/quay-operator-rhel8@sha256:0702ae5634f99cb0775acdf0c9173a2a119816dd4e593462a9b0573ace330e2b_amd64",
"product_id": "quay/quay-operator-rhel8@sha256:0702ae5634f99cb0775acdf0c9173a2a119816dd4e593462a9b0573ace330e2b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256:0702ae5634f99cb0775acdf0c9173a2a119816dd4e593462a9b0573ace330e2b?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=v3.12.8-2"
}
}
},
{
"category": "product_version",
"name": "quay/quay-rhel8@sha256:1a839e21cba19ea055e39f944620264bacb434fb1b6f2120fc3b8d7c3a29aae0_amd64",
"product": {
"name": "quay/quay-rhel8@sha256:1a839e21cba19ea055e39f944620264bacb434fb1b6f2120fc3b8d7c3a29aae0_amd64",
"product_id": "quay/quay-rhel8@sha256:1a839e21cba19ea055e39f944620264bacb434fb1b6f2120fc3b8d7c3a29aae0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256:1a839e21cba19ea055e39f944620264bacb434fb1b6f2120fc3b8d7c3a29aae0?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=v3.12.8-2"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/clair-rhel8@sha256:8c4dc7ffe59ab71bafc90e57b4c8f31879e18127d7c688ad13fc74b218b81b90_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/clair-rhel8@sha256:8c4dc7ffe59ab71bafc90e57b4c8f31879e18127d7c688ad13fc74b218b81b90_s390x"
},
"product_reference": "quay/clair-rhel8@sha256:8c4dc7ffe59ab71bafc90e57b4c8f31879e18127d7c688ad13fc74b218b81b90_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/clair-rhel8@sha256:bf9818512c7fe88272fb8f7fc4a255d6bc5e3842582e4fd891558a89d406d8e9_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/clair-rhel8@sha256:bf9818512c7fe88272fb8f7fc4a255d6bc5e3842582e4fd891558a89d406d8e9_ppc64le"
},
"product_reference": "quay/clair-rhel8@sha256:bf9818512c7fe88272fb8f7fc4a255d6bc5e3842582e4fd891558a89d406d8e9_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/clair-rhel8@sha256:cdda23eec3cf0caf153089fb59be85ecaa50a3918ef78e0f11892045f9918ef3_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/clair-rhel8@sha256:cdda23eec3cf0caf153089fb59be85ecaa50a3918ef78e0f11892045f9918ef3_amd64"
},
"product_reference": "quay/clair-rhel8@sha256:cdda23eec3cf0caf153089fb59be85ecaa50a3918ef78e0f11892045f9918ef3_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-bridge-operator-bundle@sha256:5a20c2d291a56f0d660071f7d4636ca0bbcf094e9cc4380e64901fcf49e30ea8_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:5a20c2d291a56f0d660071f7d4636ca0bbcf094e9cc4380e64901fcf49e30ea8_ppc64le"
},
"product_reference": "quay/quay-bridge-operator-bundle@sha256:5a20c2d291a56f0d660071f7d4636ca0bbcf094e9cc4380e64901fcf49e30ea8_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-bridge-operator-bundle@sha256:689ff61a796a64d8c00aa430f34ffcceed2d89a3a3cc087b805f1fae33e80ea6_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:689ff61a796a64d8c00aa430f34ffcceed2d89a3a3cc087b805f1fae33e80ea6_amd64"
},
"product_reference": "quay/quay-bridge-operator-bundle@sha256:689ff61a796a64d8c00aa430f34ffcceed2d89a3a3cc087b805f1fae33e80ea6_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-bridge-operator-bundle@sha256:9b37ea0b977e20326facc581b6980b187cfc0d5e5ed6eb1e6a6c8794321ec994_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:9b37ea0b977e20326facc581b6980b187cfc0d5e5ed6eb1e6a6c8794321ec994_s390x"
},
"product_reference": "quay/quay-bridge-operator-bundle@sha256:9b37ea0b977e20326facc581b6980b187cfc0d5e5ed6eb1e6a6c8794321ec994_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-bridge-operator-rhel8@sha256:8f7ea21b962abb00500141db4abf43d7c80ed585cbddcbe37c491bdbca1690d7_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8f7ea21b962abb00500141db4abf43d7c80ed585cbddcbe37c491bdbca1690d7_amd64"
},
"product_reference": "quay/quay-bridge-operator-rhel8@sha256:8f7ea21b962abb00500141db4abf43d7c80ed585cbddcbe37c491bdbca1690d7_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-bridge-operator-rhel8@sha256:bdda4ec419724ce68af416eaebb2b6e4be16ea2c33595be506cf2fd5beef4056_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:bdda4ec419724ce68af416eaebb2b6e4be16ea2c33595be506cf2fd5beef4056_s390x"
},
"product_reference": "quay/quay-bridge-operator-rhel8@sha256:bdda4ec419724ce68af416eaebb2b6e4be16ea2c33595be506cf2fd5beef4056_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-bridge-operator-rhel8@sha256:fd0d3139530d2a99a3e053d07266d14dccd73ac18e7ef073619de415069520dd_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:fd0d3139530d2a99a3e053d07266d14dccd73ac18e7ef073619de415069520dd_ppc64le"
},
"product_reference": "quay/quay-bridge-operator-rhel8@sha256:fd0d3139530d2a99a3e053d07266d14dccd73ac18e7ef073619de415069520dd_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:af6a7a92aa23a114da79903c205499c3843de181c8fab0195fb6c5d493fa1168_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:af6a7a92aa23a114da79903c205499c3843de181c8fab0195fb6c5d493fa1168_amd64"
},
"product_reference": "quay/quay-builder-qemu-rhcos-rhel8@sha256:af6a7a92aa23a114da79903c205499c3843de181c8fab0195fb6c5d493fa1168_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:b91aec3d3f9cf8a4204e6e13e27035802693a8517b14e59db2535fe789e7a33e_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:b91aec3d3f9cf8a4204e6e13e27035802693a8517b14e59db2535fe789e7a33e_ppc64le"
},
"product_reference": "quay/quay-builder-qemu-rhcos-rhel8@sha256:b91aec3d3f9cf8a4204e6e13e27035802693a8517b14e59db2535fe789e7a33e_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:bfc9435099f0b0cde9b43df3982b6164e08bdf7dc0691af197555f029cf78563_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:bfc9435099f0b0cde9b43df3982b6164e08bdf7dc0691af197555f029cf78563_s390x"
},
"product_reference": "quay/quay-builder-qemu-rhcos-rhel8@sha256:bfc9435099f0b0cde9b43df3982b6164e08bdf7dc0691af197555f029cf78563_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-builder-rhel8@sha256:6fdbffa2ddf6f5ede8c00755c5d6f57c494ddea63b59f6e288dc5217c7d81050_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-builder-rhel8@sha256:6fdbffa2ddf6f5ede8c00755c5d6f57c494ddea63b59f6e288dc5217c7d81050_amd64"
},
"product_reference": "quay/quay-builder-rhel8@sha256:6fdbffa2ddf6f5ede8c00755c5d6f57c494ddea63b59f6e288dc5217c7d81050_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-builder-rhel8@sha256:edaa246672ae95f8a7c7fa00ec6aade33204ff37128cdec7b390c0d8f6573f13_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-builder-rhel8@sha256:edaa246672ae95f8a7c7fa00ec6aade33204ff37128cdec7b390c0d8f6573f13_s390x"
},
"product_reference": "quay/quay-builder-rhel8@sha256:edaa246672ae95f8a7c7fa00ec6aade33204ff37128cdec7b390c0d8f6573f13_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-builder-rhel8@sha256:f86fda437718ae80028a49aa919790ea19dabc38f8d41431a4366ae5001e46e9_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-builder-rhel8@sha256:f86fda437718ae80028a49aa919790ea19dabc38f8d41431a4366ae5001e46e9_ppc64le"
},
"product_reference": "quay/quay-builder-rhel8@sha256:f86fda437718ae80028a49aa919790ea19dabc38f8d41431a4366ae5001e46e9_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-container-security-operator-bundle@sha256:4ea1ef2482482789b30017f5221d7f64875e5550664da63098c8151a51bd3ede_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:4ea1ef2482482789b30017f5221d7f64875e5550664da63098c8151a51bd3ede_amd64"
},
"product_reference": "quay/quay-container-security-operator-bundle@sha256:4ea1ef2482482789b30017f5221d7f64875e5550664da63098c8151a51bd3ede_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-container-security-operator-bundle@sha256:c81af92a6092273dea45a9dee56bbb8a246b566402497b1746fa4817a3cece39_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:c81af92a6092273dea45a9dee56bbb8a246b566402497b1746fa4817a3cece39_ppc64le"
},
"product_reference": "quay/quay-container-security-operator-bundle@sha256:c81af92a6092273dea45a9dee56bbb8a246b566402497b1746fa4817a3cece39_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-container-security-operator-bundle@sha256:d8039e2970871d4d252f38d18587a5a7f0cdee34cceb15645e52f37b8d943f59_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:d8039e2970871d4d252f38d18587a5a7f0cdee34cceb15645e52f37b8d943f59_s390x"
},
"product_reference": "quay/quay-container-security-operator-bundle@sha256:d8039e2970871d4d252f38d18587a5a7f0cdee34cceb15645e52f37b8d943f59_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-container-security-operator-rhel8@sha256:46322de9eeb0681da5ab4d83432ce7a8791ae604e59ec162fcf96319cc248d02_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:46322de9eeb0681da5ab4d83432ce7a8791ae604e59ec162fcf96319cc248d02_s390x"
},
"product_reference": "quay/quay-container-security-operator-rhel8@sha256:46322de9eeb0681da5ab4d83432ce7a8791ae604e59ec162fcf96319cc248d02_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-container-security-operator-rhel8@sha256:5d63f41839d712a348c91d7a90593ba332cab8e77f2238cc885792af9b45e89a_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:5d63f41839d712a348c91d7a90593ba332cab8e77f2238cc885792af9b45e89a_amd64"
},
"product_reference": "quay/quay-container-security-operator-rhel8@sha256:5d63f41839d712a348c91d7a90593ba332cab8e77f2238cc885792af9b45e89a_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-container-security-operator-rhel8@sha256:6a5acdbb57f870efddfb93095522c3640f9ad6256c54a20f4790874d13322560_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:6a5acdbb57f870efddfb93095522c3640f9ad6256c54a20f4790874d13322560_ppc64le"
},
"product_reference": "quay/quay-container-security-operator-rhel8@sha256:6a5acdbb57f870efddfb93095522c3640f9ad6256c54a20f4790874d13322560_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-operator-bundle@sha256:6cea661a5c6e0a5927b3a5a06129fc03e6678132faf9e3da5f498d8457fb2211_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-operator-bundle@sha256:6cea661a5c6e0a5927b3a5a06129fc03e6678132faf9e3da5f498d8457fb2211_ppc64le"
},
"product_reference": "quay/quay-operator-bundle@sha256:6cea661a5c6e0a5927b3a5a06129fc03e6678132faf9e3da5f498d8457fb2211_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-operator-bundle@sha256:a91bb0d5e3becd59cadf51d323d1063ff675d277f9dfc7670570b1754badfacb_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-operator-bundle@sha256:a91bb0d5e3becd59cadf51d323d1063ff675d277f9dfc7670570b1754badfacb_s390x"
},
"product_reference": "quay/quay-operator-bundle@sha256:a91bb0d5e3becd59cadf51d323d1063ff675d277f9dfc7670570b1754badfacb_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-operator-bundle@sha256:ea077de1039e87e20f699ab2a68fa4f825898f7164bf071cc9404653789e352f_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-operator-bundle@sha256:ea077de1039e87e20f699ab2a68fa4f825898f7164bf071cc9404653789e352f_amd64"
},
"product_reference": "quay/quay-operator-bundle@sha256:ea077de1039e87e20f699ab2a68fa4f825898f7164bf071cc9404653789e352f_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-operator-rhel8@sha256:0702ae5634f99cb0775acdf0c9173a2a119816dd4e593462a9b0573ace330e2b_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0702ae5634f99cb0775acdf0c9173a2a119816dd4e593462a9b0573ace330e2b_amd64"
},
"product_reference": "quay/quay-operator-rhel8@sha256:0702ae5634f99cb0775acdf0c9173a2a119816dd4e593462a9b0573ace330e2b_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-operator-rhel8@sha256:9659a3fe53bbf44d60fea61c970daa8356f27b0a9bba4233157c5856cc338a6b_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-operator-rhel8@sha256:9659a3fe53bbf44d60fea61c970daa8356f27b0a9bba4233157c5856cc338a6b_s390x"
},
"product_reference": "quay/quay-operator-rhel8@sha256:9659a3fe53bbf44d60fea61c970daa8356f27b0a9bba4233157c5856cc338a6b_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-operator-rhel8@sha256:ee4755634f7be2e4a68ef4ae4d89cde8964d1ea62fa233b10f7456ff82cbe9fc_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-operator-rhel8@sha256:ee4755634f7be2e4a68ef4ae4d89cde8964d1ea62fa233b10f7456ff82cbe9fc_ppc64le"
},
"product_reference": "quay/quay-operator-rhel8@sha256:ee4755634f7be2e4a68ef4ae4d89cde8964d1ea62fa233b10f7456ff82cbe9fc_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-rhel8@sha256:1a839e21cba19ea055e39f944620264bacb434fb1b6f2120fc3b8d7c3a29aae0_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-rhel8@sha256:1a839e21cba19ea055e39f944620264bacb434fb1b6f2120fc3b8d7c3a29aae0_amd64"
},
"product_reference": "quay/quay-rhel8@sha256:1a839e21cba19ea055e39f944620264bacb434fb1b6f2120fc3b8d7c3a29aae0_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-rhel8@sha256:ab2aac7247b0d75e6fcd2e5788067cf9130075c93c917da8145e5b1629d96d72_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-rhel8@sha256:ab2aac7247b0d75e6fcd2e5788067cf9130075c93c917da8145e5b1629d96d72_ppc64le"
},
"product_reference": "quay/quay-rhel8@sha256:ab2aac7247b0d75e6fcd2e5788067cf9130075c93c917da8145e5b1629d96d72_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-rhel8@sha256:e0dd2dcd0b89ba9969136ae3ae5df87fe22e061031f1d1bd1b260782a7069ea7_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-rhel8@sha256:e0dd2dcd0b89ba9969136ae3ae5df87fe22e061031f1d1bd1b260782a7069ea7_s390x"
},
"product_reference": "quay/quay-rhel8@sha256:e0dd2dcd0b89ba9969136ae3ae5df87fe22e061031f1d1bd1b260782a7069ea7_s390x",
"relates_to_product_reference": "8Base-Quay-3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.\n\nMultiple Red Hat offerings use doxygen to build documentation. During this process an affected jquery.js file can be included in the resulting package. The \u0027gcc\u0027 and \u0027tbb\u0027 packages were potentially vulnerable via this method.\n\nOpenShift Container Platform 4 is not affected because even though it uses the \u0027gcc\u0027 component, vulnerable code is limited within the libstdc++-docs rpm package, which is not shipped.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/clair-rhel8@sha256:8c4dc7ffe59ab71bafc90e57b4c8f31879e18127d7c688ad13fc74b218b81b90_s390x",
"8Base-Quay-3:quay/clair-rhel8@sha256:bf9818512c7fe88272fb8f7fc4a255d6bc5e3842582e4fd891558a89d406d8e9_ppc64le",
"8Base-Quay-3:quay/clair-rhel8@sha256:cdda23eec3cf0caf153089fb59be85ecaa50a3918ef78e0f11892045f9918ef3_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:5a20c2d291a56f0d660071f7d4636ca0bbcf094e9cc4380e64901fcf49e30ea8_ppc64le",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:689ff61a796a64d8c00aa430f34ffcceed2d89a3a3cc087b805f1fae33e80ea6_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:9b37ea0b977e20326facc581b6980b187cfc0d5e5ed6eb1e6a6c8794321ec994_s390x",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8f7ea21b962abb00500141db4abf43d7c80ed585cbddcbe37c491bdbca1690d7_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:bdda4ec419724ce68af416eaebb2b6e4be16ea2c33595be506cf2fd5beef4056_s390x",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:fd0d3139530d2a99a3e053d07266d14dccd73ac18e7ef073619de415069520dd_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:af6a7a92aa23a114da79903c205499c3843de181c8fab0195fb6c5d493fa1168_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:b91aec3d3f9cf8a4204e6e13e27035802693a8517b14e59db2535fe789e7a33e_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:bfc9435099f0b0cde9b43df3982b6164e08bdf7dc0691af197555f029cf78563_s390x",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:6fdbffa2ddf6f5ede8c00755c5d6f57c494ddea63b59f6e288dc5217c7d81050_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:edaa246672ae95f8a7c7fa00ec6aade33204ff37128cdec7b390c0d8f6573f13_s390x",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:f86fda437718ae80028a49aa919790ea19dabc38f8d41431a4366ae5001e46e9_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:4ea1ef2482482789b30017f5221d7f64875e5550664da63098c8151a51bd3ede_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:c81af92a6092273dea45a9dee56bbb8a246b566402497b1746fa4817a3cece39_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:d8039e2970871d4d252f38d18587a5a7f0cdee34cceb15645e52f37b8d943f59_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:46322de9eeb0681da5ab4d83432ce7a8791ae604e59ec162fcf96319cc248d02_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:5d63f41839d712a348c91d7a90593ba332cab8e77f2238cc885792af9b45e89a_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:6a5acdbb57f870efddfb93095522c3640f9ad6256c54a20f4790874d13322560_ppc64le",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:6cea661a5c6e0a5927b3a5a06129fc03e6678132faf9e3da5f498d8457fb2211_ppc64le",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:a91bb0d5e3becd59cadf51d323d1063ff675d277f9dfc7670570b1754badfacb_s390x",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:ea077de1039e87e20f699ab2a68fa4f825898f7164bf071cc9404653789e352f_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0702ae5634f99cb0775acdf0c9173a2a119816dd4e593462a9b0573ace330e2b_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:9659a3fe53bbf44d60fea61c970daa8356f27b0a9bba4233157c5856cc338a6b_s390x",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:ee4755634f7be2e4a68ef4ae4d89cde8964d1ea62fa233b10f7456ff82cbe9fc_ppc64le",
"8Base-Quay-3:quay/quay-rhel8@sha256:1a839e21cba19ea055e39f944620264bacb434fb1b6f2120fc3b8d7c3a29aae0_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:ab2aac7247b0d75e6fcd2e5788067cf9130075c93c917da8145e5b1629d96d72_ppc64le",
"8Base-Quay-3:quay/quay-rhel8@sha256:e0dd2dcd0b89ba9969136ae3ae5df87fe22e061031f1d1bd1b260782a7069ea7_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11023"
},
{
"category": "external",
"summary": "RHBZ#1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2020-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T03:44:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:8c4dc7ffe59ab71bafc90e57b4c8f31879e18127d7c688ad13fc74b218b81b90_s390x",
"8Base-Quay-3:quay/clair-rhel8@sha256:bf9818512c7fe88272fb8f7fc4a255d6bc5e3842582e4fd891558a89d406d8e9_ppc64le",
"8Base-Quay-3:quay/clair-rhel8@sha256:cdda23eec3cf0caf153089fb59be85ecaa50a3918ef78e0f11892045f9918ef3_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:5a20c2d291a56f0d660071f7d4636ca0bbcf094e9cc4380e64901fcf49e30ea8_ppc64le",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:689ff61a796a64d8c00aa430f34ffcceed2d89a3a3cc087b805f1fae33e80ea6_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:9b37ea0b977e20326facc581b6980b187cfc0d5e5ed6eb1e6a6c8794321ec994_s390x",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8f7ea21b962abb00500141db4abf43d7c80ed585cbddcbe37c491bdbca1690d7_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:bdda4ec419724ce68af416eaebb2b6e4be16ea2c33595be506cf2fd5beef4056_s390x",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:fd0d3139530d2a99a3e053d07266d14dccd73ac18e7ef073619de415069520dd_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:af6a7a92aa23a114da79903c205499c3843de181c8fab0195fb6c5d493fa1168_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:b91aec3d3f9cf8a4204e6e13e27035802693a8517b14e59db2535fe789e7a33e_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:bfc9435099f0b0cde9b43df3982b6164e08bdf7dc0691af197555f029cf78563_s390x",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:6fdbffa2ddf6f5ede8c00755c5d6f57c494ddea63b59f6e288dc5217c7d81050_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:edaa246672ae95f8a7c7fa00ec6aade33204ff37128cdec7b390c0d8f6573f13_s390x",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:f86fda437718ae80028a49aa919790ea19dabc38f8d41431a4366ae5001e46e9_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:4ea1ef2482482789b30017f5221d7f64875e5550664da63098c8151a51bd3ede_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:c81af92a6092273dea45a9dee56bbb8a246b566402497b1746fa4817a3cece39_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:d8039e2970871d4d252f38d18587a5a7f0cdee34cceb15645e52f37b8d943f59_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:46322de9eeb0681da5ab4d83432ce7a8791ae604e59ec162fcf96319cc248d02_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:5d63f41839d712a348c91d7a90593ba332cab8e77f2238cc885792af9b45e89a_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:6a5acdbb57f870efddfb93095522c3640f9ad6256c54a20f4790874d13322560_ppc64le",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:6cea661a5c6e0a5927b3a5a06129fc03e6678132faf9e3da5f498d8457fb2211_ppc64le",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:a91bb0d5e3becd59cadf51d323d1063ff675d277f9dfc7670570b1754badfacb_s390x",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:ea077de1039e87e20f699ab2a68fa4f825898f7164bf071cc9404653789e352f_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0702ae5634f99cb0775acdf0c9173a2a119816dd4e593462a9b0573ace330e2b_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:9659a3fe53bbf44d60fea61c970daa8356f27b0a9bba4233157c5856cc338a6b_s390x",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:ee4755634f7be2e4a68ef4ae4d89cde8964d1ea62fa233b10f7456ff82cbe9fc_ppc64le",
"8Base-Quay-3:quay/quay-rhel8@sha256:1a839e21cba19ea055e39f944620264bacb434fb1b6f2120fc3b8d7c3a29aae0_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:ab2aac7247b0d75e6fcd2e5788067cf9130075c93c917da8145e5b1629d96d72_ppc64le",
"8Base-Quay-3:quay/quay-rhel8@sha256:e0dd2dcd0b89ba9969136ae3ae5df87fe22e061031f1d1bd1b260782a7069ea7_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2025:1598"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:8c4dc7ffe59ab71bafc90e57b4c8f31879e18127d7c688ad13fc74b218b81b90_s390x",
"8Base-Quay-3:quay/clair-rhel8@sha256:bf9818512c7fe88272fb8f7fc4a255d6bc5e3842582e4fd891558a89d406d8e9_ppc64le",
"8Base-Quay-3:quay/clair-rhel8@sha256:cdda23eec3cf0caf153089fb59be85ecaa50a3918ef78e0f11892045f9918ef3_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:5a20c2d291a56f0d660071f7d4636ca0bbcf094e9cc4380e64901fcf49e30ea8_ppc64le",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:689ff61a796a64d8c00aa430f34ffcceed2d89a3a3cc087b805f1fae33e80ea6_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:9b37ea0b977e20326facc581b6980b187cfc0d5e5ed6eb1e6a6c8794321ec994_s390x",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8f7ea21b962abb00500141db4abf43d7c80ed585cbddcbe37c491bdbca1690d7_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:bdda4ec419724ce68af416eaebb2b6e4be16ea2c33595be506cf2fd5beef4056_s390x",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:fd0d3139530d2a99a3e053d07266d14dccd73ac18e7ef073619de415069520dd_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:af6a7a92aa23a114da79903c205499c3843de181c8fab0195fb6c5d493fa1168_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:b91aec3d3f9cf8a4204e6e13e27035802693a8517b14e59db2535fe789e7a33e_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:bfc9435099f0b0cde9b43df3982b6164e08bdf7dc0691af197555f029cf78563_s390x",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:6fdbffa2ddf6f5ede8c00755c5d6f57c494ddea63b59f6e288dc5217c7d81050_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:edaa246672ae95f8a7c7fa00ec6aade33204ff37128cdec7b390c0d8f6573f13_s390x",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:f86fda437718ae80028a49aa919790ea19dabc38f8d41431a4366ae5001e46e9_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:4ea1ef2482482789b30017f5221d7f64875e5550664da63098c8151a51bd3ede_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:c81af92a6092273dea45a9dee56bbb8a246b566402497b1746fa4817a3cece39_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:d8039e2970871d4d252f38d18587a5a7f0cdee34cceb15645e52f37b8d943f59_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:46322de9eeb0681da5ab4d83432ce7a8791ae604e59ec162fcf96319cc248d02_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:5d63f41839d712a348c91d7a90593ba332cab8e77f2238cc885792af9b45e89a_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:6a5acdbb57f870efddfb93095522c3640f9ad6256c54a20f4790874d13322560_ppc64le",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:6cea661a5c6e0a5927b3a5a06129fc03e6678132faf9e3da5f498d8457fb2211_ppc64le",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:a91bb0d5e3becd59cadf51d323d1063ff675d277f9dfc7670570b1754badfacb_s390x",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:ea077de1039e87e20f699ab2a68fa4f825898f7164bf071cc9404653789e352f_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0702ae5634f99cb0775acdf0c9173a2a119816dd4e593462a9b0573ace330e2b_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:9659a3fe53bbf44d60fea61c970daa8356f27b0a9bba4233157c5856cc338a6b_s390x",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:ee4755634f7be2e4a68ef4ae4d89cde8964d1ea62fa233b10f7456ff82cbe9fc_ppc64le",
"8Base-Quay-3:quay/quay-rhel8@sha256:1a839e21cba19ea055e39f944620264bacb434fb1b6f2120fc3b8d7c3a29aae0_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:ab2aac7247b0d75e6fcd2e5788067cf9130075c93c917da8145e5b1629d96d72_ppc64le",
"8Base-Quay-3:quay/quay-rhel8@sha256:e0dd2dcd0b89ba9969136ae3ae5df87fe22e061031f1d1bd1b260782a7069ea7_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-Quay-3:quay/clair-rhel8@sha256:8c4dc7ffe59ab71bafc90e57b4c8f31879e18127d7c688ad13fc74b218b81b90_s390x",
"8Base-Quay-3:quay/clair-rhel8@sha256:bf9818512c7fe88272fb8f7fc4a255d6bc5e3842582e4fd891558a89d406d8e9_ppc64le",
"8Base-Quay-3:quay/clair-rhel8@sha256:cdda23eec3cf0caf153089fb59be85ecaa50a3918ef78e0f11892045f9918ef3_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:5a20c2d291a56f0d660071f7d4636ca0bbcf094e9cc4380e64901fcf49e30ea8_ppc64le",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:689ff61a796a64d8c00aa430f34ffcceed2d89a3a3cc087b805f1fae33e80ea6_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:9b37ea0b977e20326facc581b6980b187cfc0d5e5ed6eb1e6a6c8794321ec994_s390x",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8f7ea21b962abb00500141db4abf43d7c80ed585cbddcbe37c491bdbca1690d7_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:bdda4ec419724ce68af416eaebb2b6e4be16ea2c33595be506cf2fd5beef4056_s390x",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:fd0d3139530d2a99a3e053d07266d14dccd73ac18e7ef073619de415069520dd_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:af6a7a92aa23a114da79903c205499c3843de181c8fab0195fb6c5d493fa1168_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:b91aec3d3f9cf8a4204e6e13e27035802693a8517b14e59db2535fe789e7a33e_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:bfc9435099f0b0cde9b43df3982b6164e08bdf7dc0691af197555f029cf78563_s390x",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:6fdbffa2ddf6f5ede8c00755c5d6f57c494ddea63b59f6e288dc5217c7d81050_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:edaa246672ae95f8a7c7fa00ec6aade33204ff37128cdec7b390c0d8f6573f13_s390x",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:f86fda437718ae80028a49aa919790ea19dabc38f8d41431a4366ae5001e46e9_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:4ea1ef2482482789b30017f5221d7f64875e5550664da63098c8151a51bd3ede_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:c81af92a6092273dea45a9dee56bbb8a246b566402497b1746fa4817a3cece39_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:d8039e2970871d4d252f38d18587a5a7f0cdee34cceb15645e52f37b8d943f59_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:46322de9eeb0681da5ab4d83432ce7a8791ae604e59ec162fcf96319cc248d02_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:5d63f41839d712a348c91d7a90593ba332cab8e77f2238cc885792af9b45e89a_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:6a5acdbb57f870efddfb93095522c3640f9ad6256c54a20f4790874d13322560_ppc64le",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:6cea661a5c6e0a5927b3a5a06129fc03e6678132faf9e3da5f498d8457fb2211_ppc64le",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:a91bb0d5e3becd59cadf51d323d1063ff675d277f9dfc7670570b1754badfacb_s390x",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:ea077de1039e87e20f699ab2a68fa4f825898f7164bf071cc9404653789e352f_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0702ae5634f99cb0775acdf0c9173a2a119816dd4e593462a9b0573ace330e2b_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:9659a3fe53bbf44d60fea61c970daa8356f27b0a9bba4233157c5856cc338a6b_s390x",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:ee4755634f7be2e4a68ef4ae4d89cde8964d1ea62fa233b10f7456ff82cbe9fc_ppc64le",
"8Base-Quay-3:quay/quay-rhel8@sha256:1a839e21cba19ea055e39f944620264bacb434fb1b6f2120fc3b8d7c3a29aae0_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:ab2aac7247b0d75e6fcd2e5788067cf9130075c93c917da8145e5b1629d96d72_ppc64le",
"8Base-Quay-3:quay/quay-rhel8@sha256:e0dd2dcd0b89ba9969136ae3ae5df87fe22e061031f1d1bd1b260782a7069ea7_s390x"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-01-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods"
}
]
}
RHBA-2025:1599
Vulnerability from csaf_redhat - Published: 2025-02-24 04:06 - Updated: 2026-05-25 14:23Summary
Red Hat Bug Fix Advisory: Red Hat Quay v3.11.9 bug fix release
Severity
Moderate
Notes
Topic: Red Hat Quay 3.11.9 is now available with bug fixes.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Quay 3.11.9
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in jQuery. HTML containing \<option\> elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.
6.1 (Medium)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:222ccf497cd725a8a519bf5bb70114aaaeae202ab6261773de68739f8288e5a9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:312ea2faf145194b69cdedfe8c889db88c3522e39b34df375b10a50b606e5f67_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:fdd0128c0b0a6092b75ca1019a8a0acc19aba085ff52f33befdc62677f05dab8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:342df26dec42be016f35f5cdea13ab67dfb431d200f96ab4073170207f916fb9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:a211e80601adefb01aa19f50882bf5dddafc21bd35c47c4d4e044172bd70cbe4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:f255b26a3e2156e2bdd1877ab2e2bf6c98e8cbafed05fa307aa8b52c04d091b1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:10630145c20a6e142b4a49ca42990467f6378e1832985df5c9c4f1deefeb5ad0_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:6134fd306361614404008d9c8d38d41a88e5d496fe27d7e359f46d6f30fe9dc3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:81ff35e4cc924a4136abf7299395877a784e2fa181e481efe3340712626144c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:55c3cfa5a04215f29b1497a84ce38bed48ec335f0c1ee14adda129e360709a15_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:7c619cc603d57e44d861856c5162e84923d87787c17613857e8d51f3ef4050c3_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:bab6d6b27ad3ed42bc816af7e5253fd9be45c13b4d272008593271e569e2c8fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:5f81ddef9a2437c724d293b3accd3ca0187e2c3d409257d39b7f1dbdfdb1b47e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:76284d20210b23e0bd924fcd87090257896ba77a8dcdab1a01564982db444664_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:9b540206059435c7ff3ab298bec1e84d779894842b5c678a0c1773547548a1fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:03eee647fc3ebd47a6883b72d7000d8e6b7632ed76dd416de1ec67f36de23cb2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:7a9781bf54a72ea7cf61965043a0fdce7c5f1e5cbd9bfbd1203c94510c4e96b8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:c5432bdaf5a4f76d8bbe1e0f15f68d55aef859b373373a4128062808792e1ef9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:2dfaef2d69f72a3efe4ad941f29da00258a18b88aaeb3435afe4c78fceddf847_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:3987efeb2b67b08b078ede3772ea302369ef7ac7bd2f7f8830274acf96e48f26_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:87a61f2a4a1fedf6df76829ac3ada602136c3252ba8c6ca08023bd5afab165ad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:03d6966a76dc2caf6e9cfc009342be32fa9824e6f191ce5b19fcbe5fb45c2ffb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7abf56ac447f36f85b0c3da70cca5c85826241b2fbcef9abc7ed734cf993e574_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:eb72dbb111fb0488643bd09b451e6e884c2af236dcad2863ab5be873d50573a6_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:238b10259a1a84c5782f296d01ac83a5e6a80a61374567ccfeded07bca1e22c1_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:6247ee46a1499030df1fb53bb4bb7247cf320f69aa5df0fe0e0e1b5757348b19_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7cc512e89aaaacde997a4908e52f33173f0f3e4178f6449572d49da8b50e10d6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:4964472329ea4d13842732a2de187443a1f383928041044d5621219912440d65_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:6bfe9f567cd30744104c7481a1af5c16f5861fe5617053a66a686218e351aca5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:e70a526be79ce6188d1bac292b28abbad9f417312d5057ad88982ca6d665b987_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.11.9 is now available with bug fixes.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.11.9",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2025:1599",
"url": "https://access.redhat.com/errata/RHBA-2025:1599"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhba-2025_1599.json"
}
],
"title": "Red Hat Bug Fix Advisory: Red Hat Quay v3.11.9 bug fix release",
"tracking": {
"current_release_date": "2026-05-25T14:23:40+00:00",
"generator": {
"date": "2026-05-25T14:23:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHBA-2025:1599",
"initial_release_date": "2025-02-24T04:06:56+00:00",
"revision_history": [
{
"date": "2025-02-24T04:06:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-24T04:06:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-25T14:23:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Quay v3",
"product": {
"name": "Quay v3",
"product_id": "8Base-Quay-3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "quay/quay-bridge-operator-bundle@sha256:a211e80601adefb01aa19f50882bf5dddafc21bd35c47c4d4e044172bd70cbe4_s390x",
"product": {
"name": "quay/quay-bridge-operator-bundle@sha256:a211e80601adefb01aa19f50882bf5dddafc21bd35c47c4d4e044172bd70cbe4_s390x",
"product_id": "quay/quay-bridge-operator-bundle@sha256:a211e80601adefb01aa19f50882bf5dddafc21bd35c47c4d4e044172bd70cbe4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256:a211e80601adefb01aa19f50882bf5dddafc21bd35c47c4d4e044172bd70cbe4?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-bundle\u0026tag=v3.11.9-2"
}
}
},
{
"category": "product_version",
"name": "quay/quay-bridge-operator-rhel8@sha256:10630145c20a6e142b4a49ca42990467f6378e1832985df5c9c4f1deefeb5ad0_s390x",
"product": {
"name": "quay/quay-bridge-operator-rhel8@sha256:10630145c20a6e142b4a49ca42990467f6378e1832985df5c9c4f1deefeb5ad0_s390x",
"product_id": "quay/quay-bridge-operator-rhel8@sha256:10630145c20a6e142b4a49ca42990467f6378e1832985df5c9c4f1deefeb5ad0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256:10630145c20a6e142b4a49ca42990467f6378e1832985df5c9c4f1deefeb5ad0?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=v3.11.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-builder-rhel8@sha256:76284d20210b23e0bd924fcd87090257896ba77a8dcdab1a01564982db444664_s390x",
"product": {
"name": "quay/quay-builder-rhel8@sha256:76284d20210b23e0bd924fcd87090257896ba77a8dcdab1a01564982db444664_s390x",
"product_id": "quay/quay-builder-rhel8@sha256:76284d20210b23e0bd924fcd87090257896ba77a8dcdab1a01564982db444664_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256:76284d20210b23e0bd924fcd87090257896ba77a8dcdab1a01564982db444664?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=v3.11.9-3"
}
}
},
{
"category": "product_version",
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:7c619cc603d57e44d861856c5162e84923d87787c17613857e8d51f3ef4050c3_s390x",
"product": {
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:7c619cc603d57e44d861856c5162e84923d87787c17613857e8d51f3ef4050c3_s390x",
"product_id": "quay/quay-builder-qemu-rhcos-rhel8@sha256:7c619cc603d57e44d861856c5162e84923d87787c17613857e8d51f3ef4050c3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256:7c619cc603d57e44d861856c5162e84923d87787c17613857e8d51f3ef4050c3?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=v3.11.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/clair-rhel8@sha256:222ccf497cd725a8a519bf5bb70114aaaeae202ab6261773de68739f8288e5a9_s390x",
"product": {
"name": "quay/clair-rhel8@sha256:222ccf497cd725a8a519bf5bb70114aaaeae202ab6261773de68739f8288e5a9_s390x",
"product_id": "quay/clair-rhel8@sha256:222ccf497cd725a8a519bf5bb70114aaaeae202ab6261773de68739f8288e5a9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256:222ccf497cd725a8a519bf5bb70114aaaeae202ab6261773de68739f8288e5a9?arch=s390x\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=v3.11.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-container-security-operator-bundle@sha256:c5432bdaf5a4f76d8bbe1e0f15f68d55aef859b373373a4128062808792e1ef9_s390x",
"product": {
"name": "quay/quay-container-security-operator-bundle@sha256:c5432bdaf5a4f76d8bbe1e0f15f68d55aef859b373373a4128062808792e1ef9_s390x",
"product_id": "quay/quay-container-security-operator-bundle@sha256:c5432bdaf5a4f76d8bbe1e0f15f68d55aef859b373373a4128062808792e1ef9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256:c5432bdaf5a4f76d8bbe1e0f15f68d55aef859b373373a4128062808792e1ef9?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=v3.11.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-container-security-operator-rhel8@sha256:3987efeb2b67b08b078ede3772ea302369ef7ac7bd2f7f8830274acf96e48f26_s390x",
"product": {
"name": "quay/quay-container-security-operator-rhel8@sha256:3987efeb2b67b08b078ede3772ea302369ef7ac7bd2f7f8830274acf96e48f26_s390x",
"product_id": "quay/quay-container-security-operator-rhel8@sha256:3987efeb2b67b08b078ede3772ea302369ef7ac7bd2f7f8830274acf96e48f26_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256:3987efeb2b67b08b078ede3772ea302369ef7ac7bd2f7f8830274acf96e48f26?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=v3.11.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-operator-bundle@sha256:7abf56ac447f36f85b0c3da70cca5c85826241b2fbcef9abc7ed734cf993e574_s390x",
"product": {
"name": "quay/quay-operator-bundle@sha256:7abf56ac447f36f85b0c3da70cca5c85826241b2fbcef9abc7ed734cf993e574_s390x",
"product_id": "quay/quay-operator-bundle@sha256:7abf56ac447f36f85b0c3da70cca5c85826241b2fbcef9abc7ed734cf993e574_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256:7abf56ac447f36f85b0c3da70cca5c85826241b2fbcef9abc7ed734cf993e574?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=v3.11.9-8"
}
}
},
{
"category": "product_version",
"name": "quay/quay-operator-rhel8@sha256:7cc512e89aaaacde997a4908e52f33173f0f3e4178f6449572d49da8b50e10d6_s390x",
"product": {
"name": "quay/quay-operator-rhel8@sha256:7cc512e89aaaacde997a4908e52f33173f0f3e4178f6449572d49da8b50e10d6_s390x",
"product_id": "quay/quay-operator-rhel8@sha256:7cc512e89aaaacde997a4908e52f33173f0f3e4178f6449572d49da8b50e10d6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256:7cc512e89aaaacde997a4908e52f33173f0f3e4178f6449572d49da8b50e10d6?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=v3.11.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-rhel8@sha256:4964472329ea4d13842732a2de187443a1f383928041044d5621219912440d65_s390x",
"product": {
"name": "quay/quay-rhel8@sha256:4964472329ea4d13842732a2de187443a1f383928041044d5621219912440d65_s390x",
"product_id": "quay/quay-rhel8@sha256:4964472329ea4d13842732a2de187443a1f383928041044d5621219912440d65_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256:4964472329ea4d13842732a2de187443a1f383928041044d5621219912440d65?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=v3.11.9-5"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "quay/quay-bridge-operator-bundle@sha256:342df26dec42be016f35f5cdea13ab67dfb431d200f96ab4073170207f916fb9_ppc64le",
"product": {
"name": "quay/quay-bridge-operator-bundle@sha256:342df26dec42be016f35f5cdea13ab67dfb431d200f96ab4073170207f916fb9_ppc64le",
"product_id": "quay/quay-bridge-operator-bundle@sha256:342df26dec42be016f35f5cdea13ab67dfb431d200f96ab4073170207f916fb9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256:342df26dec42be016f35f5cdea13ab67dfb431d200f96ab4073170207f916fb9?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-bundle\u0026tag=v3.11.9-2"
}
}
},
{
"category": "product_version",
"name": "quay/quay-bridge-operator-rhel8@sha256:81ff35e4cc924a4136abf7299395877a784e2fa181e481efe3340712626144c3_ppc64le",
"product": {
"name": "quay/quay-bridge-operator-rhel8@sha256:81ff35e4cc924a4136abf7299395877a784e2fa181e481efe3340712626144c3_ppc64le",
"product_id": "quay/quay-bridge-operator-rhel8@sha256:81ff35e4cc924a4136abf7299395877a784e2fa181e481efe3340712626144c3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256:81ff35e4cc924a4136abf7299395877a784e2fa181e481efe3340712626144c3?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=v3.11.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-builder-rhel8@sha256:5f81ddef9a2437c724d293b3accd3ca0187e2c3d409257d39b7f1dbdfdb1b47e_ppc64le",
"product": {
"name": "quay/quay-builder-rhel8@sha256:5f81ddef9a2437c724d293b3accd3ca0187e2c3d409257d39b7f1dbdfdb1b47e_ppc64le",
"product_id": "quay/quay-builder-rhel8@sha256:5f81ddef9a2437c724d293b3accd3ca0187e2c3d409257d39b7f1dbdfdb1b47e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256:5f81ddef9a2437c724d293b3accd3ca0187e2c3d409257d39b7f1dbdfdb1b47e?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=v3.11.9-3"
}
}
},
{
"category": "product_version",
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:55c3cfa5a04215f29b1497a84ce38bed48ec335f0c1ee14adda129e360709a15_ppc64le",
"product": {
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:55c3cfa5a04215f29b1497a84ce38bed48ec335f0c1ee14adda129e360709a15_ppc64le",
"product_id": "quay/quay-builder-qemu-rhcos-rhel8@sha256:55c3cfa5a04215f29b1497a84ce38bed48ec335f0c1ee14adda129e360709a15_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256:55c3cfa5a04215f29b1497a84ce38bed48ec335f0c1ee14adda129e360709a15?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=v3.11.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/clair-rhel8@sha256:fdd0128c0b0a6092b75ca1019a8a0acc19aba085ff52f33befdc62677f05dab8_ppc64le",
"product": {
"name": "quay/clair-rhel8@sha256:fdd0128c0b0a6092b75ca1019a8a0acc19aba085ff52f33befdc62677f05dab8_ppc64le",
"product_id": "quay/clair-rhel8@sha256:fdd0128c0b0a6092b75ca1019a8a0acc19aba085ff52f33befdc62677f05dab8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256:fdd0128c0b0a6092b75ca1019a8a0acc19aba085ff52f33befdc62677f05dab8?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=v3.11.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-container-security-operator-bundle@sha256:7a9781bf54a72ea7cf61965043a0fdce7c5f1e5cbd9bfbd1203c94510c4e96b8_ppc64le",
"product": {
"name": "quay/quay-container-security-operator-bundle@sha256:7a9781bf54a72ea7cf61965043a0fdce7c5f1e5cbd9bfbd1203c94510c4e96b8_ppc64le",
"product_id": "quay/quay-container-security-operator-bundle@sha256:7a9781bf54a72ea7cf61965043a0fdce7c5f1e5cbd9bfbd1203c94510c4e96b8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256:7a9781bf54a72ea7cf61965043a0fdce7c5f1e5cbd9bfbd1203c94510c4e96b8?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=v3.11.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-container-security-operator-rhel8@sha256:2dfaef2d69f72a3efe4ad941f29da00258a18b88aaeb3435afe4c78fceddf847_ppc64le",
"product": {
"name": "quay/quay-container-security-operator-rhel8@sha256:2dfaef2d69f72a3efe4ad941f29da00258a18b88aaeb3435afe4c78fceddf847_ppc64le",
"product_id": "quay/quay-container-security-operator-rhel8@sha256:2dfaef2d69f72a3efe4ad941f29da00258a18b88aaeb3435afe4c78fceddf847_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256:2dfaef2d69f72a3efe4ad941f29da00258a18b88aaeb3435afe4c78fceddf847?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=v3.11.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-operator-bundle@sha256:eb72dbb111fb0488643bd09b451e6e884c2af236dcad2863ab5be873d50573a6_ppc64le",
"product": {
"name": "quay/quay-operator-bundle@sha256:eb72dbb111fb0488643bd09b451e6e884c2af236dcad2863ab5be873d50573a6_ppc64le",
"product_id": "quay/quay-operator-bundle@sha256:eb72dbb111fb0488643bd09b451e6e884c2af236dcad2863ab5be873d50573a6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256:eb72dbb111fb0488643bd09b451e6e884c2af236dcad2863ab5be873d50573a6?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=v3.11.9-8"
}
}
},
{
"category": "product_version",
"name": "quay/quay-operator-rhel8@sha256:238b10259a1a84c5782f296d01ac83a5e6a80a61374567ccfeded07bca1e22c1_ppc64le",
"product": {
"name": "quay/quay-operator-rhel8@sha256:238b10259a1a84c5782f296d01ac83a5e6a80a61374567ccfeded07bca1e22c1_ppc64le",
"product_id": "quay/quay-operator-rhel8@sha256:238b10259a1a84c5782f296d01ac83a5e6a80a61374567ccfeded07bca1e22c1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256:238b10259a1a84c5782f296d01ac83a5e6a80a61374567ccfeded07bca1e22c1?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=v3.11.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-rhel8@sha256:e70a526be79ce6188d1bac292b28abbad9f417312d5057ad88982ca6d665b987_ppc64le",
"product": {
"name": "quay/quay-rhel8@sha256:e70a526be79ce6188d1bac292b28abbad9f417312d5057ad88982ca6d665b987_ppc64le",
"product_id": "quay/quay-rhel8@sha256:e70a526be79ce6188d1bac292b28abbad9f417312d5057ad88982ca6d665b987_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256:e70a526be79ce6188d1bac292b28abbad9f417312d5057ad88982ca6d665b987?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=v3.11.9-5"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "quay/quay-bridge-operator-bundle@sha256:f255b26a3e2156e2bdd1877ab2e2bf6c98e8cbafed05fa307aa8b52c04d091b1_amd64",
"product": {
"name": "quay/quay-bridge-operator-bundle@sha256:f255b26a3e2156e2bdd1877ab2e2bf6c98e8cbafed05fa307aa8b52c04d091b1_amd64",
"product_id": "quay/quay-bridge-operator-bundle@sha256:f255b26a3e2156e2bdd1877ab2e2bf6c98e8cbafed05fa307aa8b52c04d091b1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256:f255b26a3e2156e2bdd1877ab2e2bf6c98e8cbafed05fa307aa8b52c04d091b1?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-bundle\u0026tag=v3.11.9-2"
}
}
},
{
"category": "product_version",
"name": "quay/quay-bridge-operator-rhel8@sha256:6134fd306361614404008d9c8d38d41a88e5d496fe27d7e359f46d6f30fe9dc3_amd64",
"product": {
"name": "quay/quay-bridge-operator-rhel8@sha256:6134fd306361614404008d9c8d38d41a88e5d496fe27d7e359f46d6f30fe9dc3_amd64",
"product_id": "quay/quay-bridge-operator-rhel8@sha256:6134fd306361614404008d9c8d38d41a88e5d496fe27d7e359f46d6f30fe9dc3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256:6134fd306361614404008d9c8d38d41a88e5d496fe27d7e359f46d6f30fe9dc3?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=v3.11.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-builder-rhel8@sha256:9b540206059435c7ff3ab298bec1e84d779894842b5c678a0c1773547548a1fa_amd64",
"product": {
"name": "quay/quay-builder-rhel8@sha256:9b540206059435c7ff3ab298bec1e84d779894842b5c678a0c1773547548a1fa_amd64",
"product_id": "quay/quay-builder-rhel8@sha256:9b540206059435c7ff3ab298bec1e84d779894842b5c678a0c1773547548a1fa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256:9b540206059435c7ff3ab298bec1e84d779894842b5c678a0c1773547548a1fa?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=v3.11.9-3"
}
}
},
{
"category": "product_version",
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:bab6d6b27ad3ed42bc816af7e5253fd9be45c13b4d272008593271e569e2c8fa_amd64",
"product": {
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:bab6d6b27ad3ed42bc816af7e5253fd9be45c13b4d272008593271e569e2c8fa_amd64",
"product_id": "quay/quay-builder-qemu-rhcos-rhel8@sha256:bab6d6b27ad3ed42bc816af7e5253fd9be45c13b4d272008593271e569e2c8fa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256:bab6d6b27ad3ed42bc816af7e5253fd9be45c13b4d272008593271e569e2c8fa?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=v3.11.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/clair-rhel8@sha256:312ea2faf145194b69cdedfe8c889db88c3522e39b34df375b10a50b606e5f67_amd64",
"product": {
"name": "quay/clair-rhel8@sha256:312ea2faf145194b69cdedfe8c889db88c3522e39b34df375b10a50b606e5f67_amd64",
"product_id": "quay/clair-rhel8@sha256:312ea2faf145194b69cdedfe8c889db88c3522e39b34df375b10a50b606e5f67_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256:312ea2faf145194b69cdedfe8c889db88c3522e39b34df375b10a50b606e5f67?arch=amd64\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=v3.11.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-container-security-operator-bundle@sha256:03eee647fc3ebd47a6883b72d7000d8e6b7632ed76dd416de1ec67f36de23cb2_amd64",
"product": {
"name": "quay/quay-container-security-operator-bundle@sha256:03eee647fc3ebd47a6883b72d7000d8e6b7632ed76dd416de1ec67f36de23cb2_amd64",
"product_id": "quay/quay-container-security-operator-bundle@sha256:03eee647fc3ebd47a6883b72d7000d8e6b7632ed76dd416de1ec67f36de23cb2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256:03eee647fc3ebd47a6883b72d7000d8e6b7632ed76dd416de1ec67f36de23cb2?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=v3.11.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-container-security-operator-rhel8@sha256:87a61f2a4a1fedf6df76829ac3ada602136c3252ba8c6ca08023bd5afab165ad_amd64",
"product": {
"name": "quay/quay-container-security-operator-rhel8@sha256:87a61f2a4a1fedf6df76829ac3ada602136c3252ba8c6ca08023bd5afab165ad_amd64",
"product_id": "quay/quay-container-security-operator-rhel8@sha256:87a61f2a4a1fedf6df76829ac3ada602136c3252ba8c6ca08023bd5afab165ad_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256:87a61f2a4a1fedf6df76829ac3ada602136c3252ba8c6ca08023bd5afab165ad?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=v3.11.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-operator-bundle@sha256:03d6966a76dc2caf6e9cfc009342be32fa9824e6f191ce5b19fcbe5fb45c2ffb_amd64",
"product": {
"name": "quay/quay-operator-bundle@sha256:03d6966a76dc2caf6e9cfc009342be32fa9824e6f191ce5b19fcbe5fb45c2ffb_amd64",
"product_id": "quay/quay-operator-bundle@sha256:03d6966a76dc2caf6e9cfc009342be32fa9824e6f191ce5b19fcbe5fb45c2ffb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256:03d6966a76dc2caf6e9cfc009342be32fa9824e6f191ce5b19fcbe5fb45c2ffb?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=v3.11.9-8"
}
}
},
{
"category": "product_version",
"name": "quay/quay-operator-rhel8@sha256:6247ee46a1499030df1fb53bb4bb7247cf320f69aa5df0fe0e0e1b5757348b19_amd64",
"product": {
"name": "quay/quay-operator-rhel8@sha256:6247ee46a1499030df1fb53bb4bb7247cf320f69aa5df0fe0e0e1b5757348b19_amd64",
"product_id": "quay/quay-operator-rhel8@sha256:6247ee46a1499030df1fb53bb4bb7247cf320f69aa5df0fe0e0e1b5757348b19_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256:6247ee46a1499030df1fb53bb4bb7247cf320f69aa5df0fe0e0e1b5757348b19?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=v3.11.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-rhel8@sha256:6bfe9f567cd30744104c7481a1af5c16f5861fe5617053a66a686218e351aca5_amd64",
"product": {
"name": "quay/quay-rhel8@sha256:6bfe9f567cd30744104c7481a1af5c16f5861fe5617053a66a686218e351aca5_amd64",
"product_id": "quay/quay-rhel8@sha256:6bfe9f567cd30744104c7481a1af5c16f5861fe5617053a66a686218e351aca5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256:6bfe9f567cd30744104c7481a1af5c16f5861fe5617053a66a686218e351aca5?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=v3.11.9-5"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/clair-rhel8@sha256:222ccf497cd725a8a519bf5bb70114aaaeae202ab6261773de68739f8288e5a9_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/clair-rhel8@sha256:222ccf497cd725a8a519bf5bb70114aaaeae202ab6261773de68739f8288e5a9_s390x"
},
"product_reference": "quay/clair-rhel8@sha256:222ccf497cd725a8a519bf5bb70114aaaeae202ab6261773de68739f8288e5a9_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/clair-rhel8@sha256:312ea2faf145194b69cdedfe8c889db88c3522e39b34df375b10a50b606e5f67_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/clair-rhel8@sha256:312ea2faf145194b69cdedfe8c889db88c3522e39b34df375b10a50b606e5f67_amd64"
},
"product_reference": "quay/clair-rhel8@sha256:312ea2faf145194b69cdedfe8c889db88c3522e39b34df375b10a50b606e5f67_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/clair-rhel8@sha256:fdd0128c0b0a6092b75ca1019a8a0acc19aba085ff52f33befdc62677f05dab8_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/clair-rhel8@sha256:fdd0128c0b0a6092b75ca1019a8a0acc19aba085ff52f33befdc62677f05dab8_ppc64le"
},
"product_reference": "quay/clair-rhel8@sha256:fdd0128c0b0a6092b75ca1019a8a0acc19aba085ff52f33befdc62677f05dab8_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-bridge-operator-bundle@sha256:342df26dec42be016f35f5cdea13ab67dfb431d200f96ab4073170207f916fb9_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:342df26dec42be016f35f5cdea13ab67dfb431d200f96ab4073170207f916fb9_ppc64le"
},
"product_reference": "quay/quay-bridge-operator-bundle@sha256:342df26dec42be016f35f5cdea13ab67dfb431d200f96ab4073170207f916fb9_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-bridge-operator-bundle@sha256:a211e80601adefb01aa19f50882bf5dddafc21bd35c47c4d4e044172bd70cbe4_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:a211e80601adefb01aa19f50882bf5dddafc21bd35c47c4d4e044172bd70cbe4_s390x"
},
"product_reference": "quay/quay-bridge-operator-bundle@sha256:a211e80601adefb01aa19f50882bf5dddafc21bd35c47c4d4e044172bd70cbe4_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-bridge-operator-bundle@sha256:f255b26a3e2156e2bdd1877ab2e2bf6c98e8cbafed05fa307aa8b52c04d091b1_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:f255b26a3e2156e2bdd1877ab2e2bf6c98e8cbafed05fa307aa8b52c04d091b1_amd64"
},
"product_reference": "quay/quay-bridge-operator-bundle@sha256:f255b26a3e2156e2bdd1877ab2e2bf6c98e8cbafed05fa307aa8b52c04d091b1_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-bridge-operator-rhel8@sha256:10630145c20a6e142b4a49ca42990467f6378e1832985df5c9c4f1deefeb5ad0_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:10630145c20a6e142b4a49ca42990467f6378e1832985df5c9c4f1deefeb5ad0_s390x"
},
"product_reference": "quay/quay-bridge-operator-rhel8@sha256:10630145c20a6e142b4a49ca42990467f6378e1832985df5c9c4f1deefeb5ad0_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-bridge-operator-rhel8@sha256:6134fd306361614404008d9c8d38d41a88e5d496fe27d7e359f46d6f30fe9dc3_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:6134fd306361614404008d9c8d38d41a88e5d496fe27d7e359f46d6f30fe9dc3_amd64"
},
"product_reference": "quay/quay-bridge-operator-rhel8@sha256:6134fd306361614404008d9c8d38d41a88e5d496fe27d7e359f46d6f30fe9dc3_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-bridge-operator-rhel8@sha256:81ff35e4cc924a4136abf7299395877a784e2fa181e481efe3340712626144c3_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:81ff35e4cc924a4136abf7299395877a784e2fa181e481efe3340712626144c3_ppc64le"
},
"product_reference": "quay/quay-bridge-operator-rhel8@sha256:81ff35e4cc924a4136abf7299395877a784e2fa181e481efe3340712626144c3_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:55c3cfa5a04215f29b1497a84ce38bed48ec335f0c1ee14adda129e360709a15_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:55c3cfa5a04215f29b1497a84ce38bed48ec335f0c1ee14adda129e360709a15_ppc64le"
},
"product_reference": "quay/quay-builder-qemu-rhcos-rhel8@sha256:55c3cfa5a04215f29b1497a84ce38bed48ec335f0c1ee14adda129e360709a15_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:7c619cc603d57e44d861856c5162e84923d87787c17613857e8d51f3ef4050c3_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:7c619cc603d57e44d861856c5162e84923d87787c17613857e8d51f3ef4050c3_s390x"
},
"product_reference": "quay/quay-builder-qemu-rhcos-rhel8@sha256:7c619cc603d57e44d861856c5162e84923d87787c17613857e8d51f3ef4050c3_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:bab6d6b27ad3ed42bc816af7e5253fd9be45c13b4d272008593271e569e2c8fa_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:bab6d6b27ad3ed42bc816af7e5253fd9be45c13b4d272008593271e569e2c8fa_amd64"
},
"product_reference": "quay/quay-builder-qemu-rhcos-rhel8@sha256:bab6d6b27ad3ed42bc816af7e5253fd9be45c13b4d272008593271e569e2c8fa_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-builder-rhel8@sha256:5f81ddef9a2437c724d293b3accd3ca0187e2c3d409257d39b7f1dbdfdb1b47e_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-builder-rhel8@sha256:5f81ddef9a2437c724d293b3accd3ca0187e2c3d409257d39b7f1dbdfdb1b47e_ppc64le"
},
"product_reference": "quay/quay-builder-rhel8@sha256:5f81ddef9a2437c724d293b3accd3ca0187e2c3d409257d39b7f1dbdfdb1b47e_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-builder-rhel8@sha256:76284d20210b23e0bd924fcd87090257896ba77a8dcdab1a01564982db444664_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-builder-rhel8@sha256:76284d20210b23e0bd924fcd87090257896ba77a8dcdab1a01564982db444664_s390x"
},
"product_reference": "quay/quay-builder-rhel8@sha256:76284d20210b23e0bd924fcd87090257896ba77a8dcdab1a01564982db444664_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-builder-rhel8@sha256:9b540206059435c7ff3ab298bec1e84d779894842b5c678a0c1773547548a1fa_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-builder-rhel8@sha256:9b540206059435c7ff3ab298bec1e84d779894842b5c678a0c1773547548a1fa_amd64"
},
"product_reference": "quay/quay-builder-rhel8@sha256:9b540206059435c7ff3ab298bec1e84d779894842b5c678a0c1773547548a1fa_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-container-security-operator-bundle@sha256:03eee647fc3ebd47a6883b72d7000d8e6b7632ed76dd416de1ec67f36de23cb2_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:03eee647fc3ebd47a6883b72d7000d8e6b7632ed76dd416de1ec67f36de23cb2_amd64"
},
"product_reference": "quay/quay-container-security-operator-bundle@sha256:03eee647fc3ebd47a6883b72d7000d8e6b7632ed76dd416de1ec67f36de23cb2_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-container-security-operator-bundle@sha256:7a9781bf54a72ea7cf61965043a0fdce7c5f1e5cbd9bfbd1203c94510c4e96b8_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:7a9781bf54a72ea7cf61965043a0fdce7c5f1e5cbd9bfbd1203c94510c4e96b8_ppc64le"
},
"product_reference": "quay/quay-container-security-operator-bundle@sha256:7a9781bf54a72ea7cf61965043a0fdce7c5f1e5cbd9bfbd1203c94510c4e96b8_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-container-security-operator-bundle@sha256:c5432bdaf5a4f76d8bbe1e0f15f68d55aef859b373373a4128062808792e1ef9_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:c5432bdaf5a4f76d8bbe1e0f15f68d55aef859b373373a4128062808792e1ef9_s390x"
},
"product_reference": "quay/quay-container-security-operator-bundle@sha256:c5432bdaf5a4f76d8bbe1e0f15f68d55aef859b373373a4128062808792e1ef9_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-container-security-operator-rhel8@sha256:2dfaef2d69f72a3efe4ad941f29da00258a18b88aaeb3435afe4c78fceddf847_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:2dfaef2d69f72a3efe4ad941f29da00258a18b88aaeb3435afe4c78fceddf847_ppc64le"
},
"product_reference": "quay/quay-container-security-operator-rhel8@sha256:2dfaef2d69f72a3efe4ad941f29da00258a18b88aaeb3435afe4c78fceddf847_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-container-security-operator-rhel8@sha256:3987efeb2b67b08b078ede3772ea302369ef7ac7bd2f7f8830274acf96e48f26_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:3987efeb2b67b08b078ede3772ea302369ef7ac7bd2f7f8830274acf96e48f26_s390x"
},
"product_reference": "quay/quay-container-security-operator-rhel8@sha256:3987efeb2b67b08b078ede3772ea302369ef7ac7bd2f7f8830274acf96e48f26_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-container-security-operator-rhel8@sha256:87a61f2a4a1fedf6df76829ac3ada602136c3252ba8c6ca08023bd5afab165ad_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:87a61f2a4a1fedf6df76829ac3ada602136c3252ba8c6ca08023bd5afab165ad_amd64"
},
"product_reference": "quay/quay-container-security-operator-rhel8@sha256:87a61f2a4a1fedf6df76829ac3ada602136c3252ba8c6ca08023bd5afab165ad_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-operator-bundle@sha256:03d6966a76dc2caf6e9cfc009342be32fa9824e6f191ce5b19fcbe5fb45c2ffb_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-operator-bundle@sha256:03d6966a76dc2caf6e9cfc009342be32fa9824e6f191ce5b19fcbe5fb45c2ffb_amd64"
},
"product_reference": "quay/quay-operator-bundle@sha256:03d6966a76dc2caf6e9cfc009342be32fa9824e6f191ce5b19fcbe5fb45c2ffb_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-operator-bundle@sha256:7abf56ac447f36f85b0c3da70cca5c85826241b2fbcef9abc7ed734cf993e574_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-operator-bundle@sha256:7abf56ac447f36f85b0c3da70cca5c85826241b2fbcef9abc7ed734cf993e574_s390x"
},
"product_reference": "quay/quay-operator-bundle@sha256:7abf56ac447f36f85b0c3da70cca5c85826241b2fbcef9abc7ed734cf993e574_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-operator-bundle@sha256:eb72dbb111fb0488643bd09b451e6e884c2af236dcad2863ab5be873d50573a6_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-operator-bundle@sha256:eb72dbb111fb0488643bd09b451e6e884c2af236dcad2863ab5be873d50573a6_ppc64le"
},
"product_reference": "quay/quay-operator-bundle@sha256:eb72dbb111fb0488643bd09b451e6e884c2af236dcad2863ab5be873d50573a6_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-operator-rhel8@sha256:238b10259a1a84c5782f296d01ac83a5e6a80a61374567ccfeded07bca1e22c1_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-operator-rhel8@sha256:238b10259a1a84c5782f296d01ac83a5e6a80a61374567ccfeded07bca1e22c1_ppc64le"
},
"product_reference": "quay/quay-operator-rhel8@sha256:238b10259a1a84c5782f296d01ac83a5e6a80a61374567ccfeded07bca1e22c1_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-operator-rhel8@sha256:6247ee46a1499030df1fb53bb4bb7247cf320f69aa5df0fe0e0e1b5757348b19_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-operator-rhel8@sha256:6247ee46a1499030df1fb53bb4bb7247cf320f69aa5df0fe0e0e1b5757348b19_amd64"
},
"product_reference": "quay/quay-operator-rhel8@sha256:6247ee46a1499030df1fb53bb4bb7247cf320f69aa5df0fe0e0e1b5757348b19_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-operator-rhel8@sha256:7cc512e89aaaacde997a4908e52f33173f0f3e4178f6449572d49da8b50e10d6_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7cc512e89aaaacde997a4908e52f33173f0f3e4178f6449572d49da8b50e10d6_s390x"
},
"product_reference": "quay/quay-operator-rhel8@sha256:7cc512e89aaaacde997a4908e52f33173f0f3e4178f6449572d49da8b50e10d6_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-rhel8@sha256:4964472329ea4d13842732a2de187443a1f383928041044d5621219912440d65_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-rhel8@sha256:4964472329ea4d13842732a2de187443a1f383928041044d5621219912440d65_s390x"
},
"product_reference": "quay/quay-rhel8@sha256:4964472329ea4d13842732a2de187443a1f383928041044d5621219912440d65_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-rhel8@sha256:6bfe9f567cd30744104c7481a1af5c16f5861fe5617053a66a686218e351aca5_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-rhel8@sha256:6bfe9f567cd30744104c7481a1af5c16f5861fe5617053a66a686218e351aca5_amd64"
},
"product_reference": "quay/quay-rhel8@sha256:6bfe9f567cd30744104c7481a1af5c16f5861fe5617053a66a686218e351aca5_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-rhel8@sha256:e70a526be79ce6188d1bac292b28abbad9f417312d5057ad88982ca6d665b987_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-rhel8@sha256:e70a526be79ce6188d1bac292b28abbad9f417312d5057ad88982ca6d665b987_ppc64le"
},
"product_reference": "quay/quay-rhel8@sha256:e70a526be79ce6188d1bac292b28abbad9f417312d5057ad88982ca6d665b987_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.\n\nMultiple Red Hat offerings use doxygen to build documentation. During this process an affected jquery.js file can be included in the resulting package. The \u0027gcc\u0027 and \u0027tbb\u0027 packages were potentially vulnerable via this method.\n\nOpenShift Container Platform 4 is not affected because even though it uses the \u0027gcc\u0027 component, vulnerable code is limited within the libstdc++-docs rpm package, which is not shipped.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/clair-rhel8@sha256:222ccf497cd725a8a519bf5bb70114aaaeae202ab6261773de68739f8288e5a9_s390x",
"8Base-Quay-3:quay/clair-rhel8@sha256:312ea2faf145194b69cdedfe8c889db88c3522e39b34df375b10a50b606e5f67_amd64",
"8Base-Quay-3:quay/clair-rhel8@sha256:fdd0128c0b0a6092b75ca1019a8a0acc19aba085ff52f33befdc62677f05dab8_ppc64le",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:342df26dec42be016f35f5cdea13ab67dfb431d200f96ab4073170207f916fb9_ppc64le",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:a211e80601adefb01aa19f50882bf5dddafc21bd35c47c4d4e044172bd70cbe4_s390x",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:f255b26a3e2156e2bdd1877ab2e2bf6c98e8cbafed05fa307aa8b52c04d091b1_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:10630145c20a6e142b4a49ca42990467f6378e1832985df5c9c4f1deefeb5ad0_s390x",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:6134fd306361614404008d9c8d38d41a88e5d496fe27d7e359f46d6f30fe9dc3_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:81ff35e4cc924a4136abf7299395877a784e2fa181e481efe3340712626144c3_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:55c3cfa5a04215f29b1497a84ce38bed48ec335f0c1ee14adda129e360709a15_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:7c619cc603d57e44d861856c5162e84923d87787c17613857e8d51f3ef4050c3_s390x",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:bab6d6b27ad3ed42bc816af7e5253fd9be45c13b4d272008593271e569e2c8fa_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:5f81ddef9a2437c724d293b3accd3ca0187e2c3d409257d39b7f1dbdfdb1b47e_ppc64le",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:76284d20210b23e0bd924fcd87090257896ba77a8dcdab1a01564982db444664_s390x",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:9b540206059435c7ff3ab298bec1e84d779894842b5c678a0c1773547548a1fa_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:03eee647fc3ebd47a6883b72d7000d8e6b7632ed76dd416de1ec67f36de23cb2_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:7a9781bf54a72ea7cf61965043a0fdce7c5f1e5cbd9bfbd1203c94510c4e96b8_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:c5432bdaf5a4f76d8bbe1e0f15f68d55aef859b373373a4128062808792e1ef9_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:2dfaef2d69f72a3efe4ad941f29da00258a18b88aaeb3435afe4c78fceddf847_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:3987efeb2b67b08b078ede3772ea302369ef7ac7bd2f7f8830274acf96e48f26_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:87a61f2a4a1fedf6df76829ac3ada602136c3252ba8c6ca08023bd5afab165ad_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:03d6966a76dc2caf6e9cfc009342be32fa9824e6f191ce5b19fcbe5fb45c2ffb_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7abf56ac447f36f85b0c3da70cca5c85826241b2fbcef9abc7ed734cf993e574_s390x",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:eb72dbb111fb0488643bd09b451e6e884c2af236dcad2863ab5be873d50573a6_ppc64le",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:238b10259a1a84c5782f296d01ac83a5e6a80a61374567ccfeded07bca1e22c1_ppc64le",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:6247ee46a1499030df1fb53bb4bb7247cf320f69aa5df0fe0e0e1b5757348b19_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:7cc512e89aaaacde997a4908e52f33173f0f3e4178f6449572d49da8b50e10d6_s390x",
"8Base-Quay-3:quay/quay-rhel8@sha256:4964472329ea4d13842732a2de187443a1f383928041044d5621219912440d65_s390x",
"8Base-Quay-3:quay/quay-rhel8@sha256:6bfe9f567cd30744104c7481a1af5c16f5861fe5617053a66a686218e351aca5_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:e70a526be79ce6188d1bac292b28abbad9f417312d5057ad88982ca6d665b987_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11023"
},
{
"category": "external",
"summary": "RHBZ#1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2020-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T04:06:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:222ccf497cd725a8a519bf5bb70114aaaeae202ab6261773de68739f8288e5a9_s390x",
"8Base-Quay-3:quay/clair-rhel8@sha256:312ea2faf145194b69cdedfe8c889db88c3522e39b34df375b10a50b606e5f67_amd64",
"8Base-Quay-3:quay/clair-rhel8@sha256:fdd0128c0b0a6092b75ca1019a8a0acc19aba085ff52f33befdc62677f05dab8_ppc64le",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:342df26dec42be016f35f5cdea13ab67dfb431d200f96ab4073170207f916fb9_ppc64le",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:a211e80601adefb01aa19f50882bf5dddafc21bd35c47c4d4e044172bd70cbe4_s390x",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:f255b26a3e2156e2bdd1877ab2e2bf6c98e8cbafed05fa307aa8b52c04d091b1_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:10630145c20a6e142b4a49ca42990467f6378e1832985df5c9c4f1deefeb5ad0_s390x",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:6134fd306361614404008d9c8d38d41a88e5d496fe27d7e359f46d6f30fe9dc3_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:81ff35e4cc924a4136abf7299395877a784e2fa181e481efe3340712626144c3_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:55c3cfa5a04215f29b1497a84ce38bed48ec335f0c1ee14adda129e360709a15_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:7c619cc603d57e44d861856c5162e84923d87787c17613857e8d51f3ef4050c3_s390x",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:bab6d6b27ad3ed42bc816af7e5253fd9be45c13b4d272008593271e569e2c8fa_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:5f81ddef9a2437c724d293b3accd3ca0187e2c3d409257d39b7f1dbdfdb1b47e_ppc64le",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:76284d20210b23e0bd924fcd87090257896ba77a8dcdab1a01564982db444664_s390x",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:9b540206059435c7ff3ab298bec1e84d779894842b5c678a0c1773547548a1fa_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:03eee647fc3ebd47a6883b72d7000d8e6b7632ed76dd416de1ec67f36de23cb2_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:7a9781bf54a72ea7cf61965043a0fdce7c5f1e5cbd9bfbd1203c94510c4e96b8_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:c5432bdaf5a4f76d8bbe1e0f15f68d55aef859b373373a4128062808792e1ef9_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:2dfaef2d69f72a3efe4ad941f29da00258a18b88aaeb3435afe4c78fceddf847_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:3987efeb2b67b08b078ede3772ea302369ef7ac7bd2f7f8830274acf96e48f26_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:87a61f2a4a1fedf6df76829ac3ada602136c3252ba8c6ca08023bd5afab165ad_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:03d6966a76dc2caf6e9cfc009342be32fa9824e6f191ce5b19fcbe5fb45c2ffb_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7abf56ac447f36f85b0c3da70cca5c85826241b2fbcef9abc7ed734cf993e574_s390x",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:eb72dbb111fb0488643bd09b451e6e884c2af236dcad2863ab5be873d50573a6_ppc64le",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:238b10259a1a84c5782f296d01ac83a5e6a80a61374567ccfeded07bca1e22c1_ppc64le",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:6247ee46a1499030df1fb53bb4bb7247cf320f69aa5df0fe0e0e1b5757348b19_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:7cc512e89aaaacde997a4908e52f33173f0f3e4178f6449572d49da8b50e10d6_s390x",
"8Base-Quay-3:quay/quay-rhel8@sha256:4964472329ea4d13842732a2de187443a1f383928041044d5621219912440d65_s390x",
"8Base-Quay-3:quay/quay-rhel8@sha256:6bfe9f567cd30744104c7481a1af5c16f5861fe5617053a66a686218e351aca5_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:e70a526be79ce6188d1bac292b28abbad9f417312d5057ad88982ca6d665b987_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2025:1599"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:222ccf497cd725a8a519bf5bb70114aaaeae202ab6261773de68739f8288e5a9_s390x",
"8Base-Quay-3:quay/clair-rhel8@sha256:312ea2faf145194b69cdedfe8c889db88c3522e39b34df375b10a50b606e5f67_amd64",
"8Base-Quay-3:quay/clair-rhel8@sha256:fdd0128c0b0a6092b75ca1019a8a0acc19aba085ff52f33befdc62677f05dab8_ppc64le",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:342df26dec42be016f35f5cdea13ab67dfb431d200f96ab4073170207f916fb9_ppc64le",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:a211e80601adefb01aa19f50882bf5dddafc21bd35c47c4d4e044172bd70cbe4_s390x",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:f255b26a3e2156e2bdd1877ab2e2bf6c98e8cbafed05fa307aa8b52c04d091b1_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:10630145c20a6e142b4a49ca42990467f6378e1832985df5c9c4f1deefeb5ad0_s390x",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:6134fd306361614404008d9c8d38d41a88e5d496fe27d7e359f46d6f30fe9dc3_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:81ff35e4cc924a4136abf7299395877a784e2fa181e481efe3340712626144c3_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:55c3cfa5a04215f29b1497a84ce38bed48ec335f0c1ee14adda129e360709a15_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:7c619cc603d57e44d861856c5162e84923d87787c17613857e8d51f3ef4050c3_s390x",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:bab6d6b27ad3ed42bc816af7e5253fd9be45c13b4d272008593271e569e2c8fa_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:5f81ddef9a2437c724d293b3accd3ca0187e2c3d409257d39b7f1dbdfdb1b47e_ppc64le",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:76284d20210b23e0bd924fcd87090257896ba77a8dcdab1a01564982db444664_s390x",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:9b540206059435c7ff3ab298bec1e84d779894842b5c678a0c1773547548a1fa_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:03eee647fc3ebd47a6883b72d7000d8e6b7632ed76dd416de1ec67f36de23cb2_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:7a9781bf54a72ea7cf61965043a0fdce7c5f1e5cbd9bfbd1203c94510c4e96b8_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:c5432bdaf5a4f76d8bbe1e0f15f68d55aef859b373373a4128062808792e1ef9_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:2dfaef2d69f72a3efe4ad941f29da00258a18b88aaeb3435afe4c78fceddf847_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:3987efeb2b67b08b078ede3772ea302369ef7ac7bd2f7f8830274acf96e48f26_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:87a61f2a4a1fedf6df76829ac3ada602136c3252ba8c6ca08023bd5afab165ad_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:03d6966a76dc2caf6e9cfc009342be32fa9824e6f191ce5b19fcbe5fb45c2ffb_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7abf56ac447f36f85b0c3da70cca5c85826241b2fbcef9abc7ed734cf993e574_s390x",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:eb72dbb111fb0488643bd09b451e6e884c2af236dcad2863ab5be873d50573a6_ppc64le",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:238b10259a1a84c5782f296d01ac83a5e6a80a61374567ccfeded07bca1e22c1_ppc64le",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:6247ee46a1499030df1fb53bb4bb7247cf320f69aa5df0fe0e0e1b5757348b19_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:7cc512e89aaaacde997a4908e52f33173f0f3e4178f6449572d49da8b50e10d6_s390x",
"8Base-Quay-3:quay/quay-rhel8@sha256:4964472329ea4d13842732a2de187443a1f383928041044d5621219912440d65_s390x",
"8Base-Quay-3:quay/quay-rhel8@sha256:6bfe9f567cd30744104c7481a1af5c16f5861fe5617053a66a686218e351aca5_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:e70a526be79ce6188d1bac292b28abbad9f417312d5057ad88982ca6d665b987_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-Quay-3:quay/clair-rhel8@sha256:222ccf497cd725a8a519bf5bb70114aaaeae202ab6261773de68739f8288e5a9_s390x",
"8Base-Quay-3:quay/clair-rhel8@sha256:312ea2faf145194b69cdedfe8c889db88c3522e39b34df375b10a50b606e5f67_amd64",
"8Base-Quay-3:quay/clair-rhel8@sha256:fdd0128c0b0a6092b75ca1019a8a0acc19aba085ff52f33befdc62677f05dab8_ppc64le",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:342df26dec42be016f35f5cdea13ab67dfb431d200f96ab4073170207f916fb9_ppc64le",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:a211e80601adefb01aa19f50882bf5dddafc21bd35c47c4d4e044172bd70cbe4_s390x",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:f255b26a3e2156e2bdd1877ab2e2bf6c98e8cbafed05fa307aa8b52c04d091b1_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:10630145c20a6e142b4a49ca42990467f6378e1832985df5c9c4f1deefeb5ad0_s390x",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:6134fd306361614404008d9c8d38d41a88e5d496fe27d7e359f46d6f30fe9dc3_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:81ff35e4cc924a4136abf7299395877a784e2fa181e481efe3340712626144c3_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:55c3cfa5a04215f29b1497a84ce38bed48ec335f0c1ee14adda129e360709a15_ppc64le",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:7c619cc603d57e44d861856c5162e84923d87787c17613857e8d51f3ef4050c3_s390x",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:bab6d6b27ad3ed42bc816af7e5253fd9be45c13b4d272008593271e569e2c8fa_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:5f81ddef9a2437c724d293b3accd3ca0187e2c3d409257d39b7f1dbdfdb1b47e_ppc64le",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:76284d20210b23e0bd924fcd87090257896ba77a8dcdab1a01564982db444664_s390x",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:9b540206059435c7ff3ab298bec1e84d779894842b5c678a0c1773547548a1fa_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:03eee647fc3ebd47a6883b72d7000d8e6b7632ed76dd416de1ec67f36de23cb2_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:7a9781bf54a72ea7cf61965043a0fdce7c5f1e5cbd9bfbd1203c94510c4e96b8_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:c5432bdaf5a4f76d8bbe1e0f15f68d55aef859b373373a4128062808792e1ef9_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:2dfaef2d69f72a3efe4ad941f29da00258a18b88aaeb3435afe4c78fceddf847_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:3987efeb2b67b08b078ede3772ea302369ef7ac7bd2f7f8830274acf96e48f26_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:87a61f2a4a1fedf6df76829ac3ada602136c3252ba8c6ca08023bd5afab165ad_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:03d6966a76dc2caf6e9cfc009342be32fa9824e6f191ce5b19fcbe5fb45c2ffb_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7abf56ac447f36f85b0c3da70cca5c85826241b2fbcef9abc7ed734cf993e574_s390x",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:eb72dbb111fb0488643bd09b451e6e884c2af236dcad2863ab5be873d50573a6_ppc64le",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:238b10259a1a84c5782f296d01ac83a5e6a80a61374567ccfeded07bca1e22c1_ppc64le",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:6247ee46a1499030df1fb53bb4bb7247cf320f69aa5df0fe0e0e1b5757348b19_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:7cc512e89aaaacde997a4908e52f33173f0f3e4178f6449572d49da8b50e10d6_s390x",
"8Base-Quay-3:quay/quay-rhel8@sha256:4964472329ea4d13842732a2de187443a1f383928041044d5621219912440d65_s390x",
"8Base-Quay-3:quay/quay-rhel8@sha256:6bfe9f567cd30744104c7481a1af5c16f5861fe5617053a66a686218e351aca5_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:e70a526be79ce6188d1bac292b28abbad9f417312d5057ad88982ca6d665b987_ppc64le"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-01-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods"
}
]
}
RHBA-2025:1600
Vulnerability from csaf_redhat - Published: 2025-02-24 04:48 - Updated: 2026-05-25 14:23Summary
Red Hat Bug Fix Advisory: Red Hat Quay v3.10.9 bug fix release
Severity
Moderate
Notes
Topic: Red Hat Quay 3.10.9 is now available with bug fixes.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Quay 3.10.9
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in jQuery. HTML containing \<option\> elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.
6.1 (Medium)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:1557acebfe258f88c6a5890dd9b830943bf4a3be6834b0fbf0d2c9f32e40bab9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2c2ecd3f49a8645eca1c4708e3c4e0e0771734b12e33d6cd6428d8a1ccc38719_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:c20ba1c658aaf803713a50eefdc88fbefa64294287aa7474e72916a9d8000a5a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:02ca9f9006d62fd5549b7b17dff959a544d3561e19888bbadc9c83ec2366253a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:c5ba386cc65a303e5fcb76a407c5b47ec98e76b411e31f3498c3ec58d7653192_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:dc892f7daf2e323d55ab7611738cf3e66e41fed377cbfb7cbc8758df8a2d36b7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:22fcdc241bb49a88fb0384d09da023db070fae05eec6e37f7b4f52e4cdc35dab_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:437068f5ae4cd5ffc3628a08be850177e213f6e876286aab3630af9f83e3e9b1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:a078bb2fa0842ccbc40d26572f6b79beb78e9fb602c99c4bb6bca53040fce04f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:294b33b88cda984cea4e86ffa86bc56ea163c741d0c429fc95523e7ce3e289cd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:48a2e4ce23e51c3196cfaf781b4419fb0939838776df046db062a075e103410f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:757b31e1d202243bf243b5d4e6e4785b2f37a603f24f568fbb604ba5a957e78c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:3996e8ef02ed9b6cedf9bc8d6f25d3972d3558652613490013fe64b64331a22d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:937819ced9bd302aae3d048a470d50475b2e4c34347a4ff1c83843fda71ffe7f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:bd60fd0dd4339f532af75f47b2fef45f5d859bec19727a72425aae148715c4ab_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:a6980f2d188b32ab0d9f78b471ded0c2c2b1f58746a4890a880dc6b9f257a2d0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:e31825f0461cb54e6d21c36cb6bbbb8fbeb61943c459184836653a3a850a4089_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:e322a843ea4578b7c24ee6486cb8cc430db4f22588b071f99522c42d5cca29ec_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:026ffd6c71975c0e58a498508a5512979d241aaf6ae56588094c48cf78bf52d7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:64ce86fb690eef8d8a0896fa44b6292401222592ced1978ffb2450c9727fc50a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:86f789197043c3acc481883a7abe70ec22ce9e1acc98ca2dc51a97d54fb2d992_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:4e5d9a6fe8e10dacf7b65f752b5d84bec38d707cba8bd95513fe7c9de7c75c47_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:5685b4aa856ac7c2c9d434ad96fa55981f4bae45a4eaa4747b34752b4454ef49_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:d4f2c24ed74f76af477427b7bb7159d08f480fa9890cb1227307b286c9be2771_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:67737aa0e08a5d8a9ee40cc08d00c6d8211b583c5936e9a426f6a5f625b184aa_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:d2b310ddc6c5d000234c8d8ac1c9e993c2de49426c251d36077c504a51ab9460_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:e1d90bda5bed0ede104b699e42fb69eae32cd2bf786c0864626b8fbb6a311dcf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:092d1d030ba909855a3de504e0373fc9cbf6d74dd5dca3f94b151e5c3ce4d6ff_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:59bec1f6dee73acd7e2df63feb1f577dc8e9c391fe5b18b3c1535f2fa4cbbae9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:fa3ce51dede997f0b0c71bf8c26f3f97c6fd4130d47abba770d3ad122f78fe2d_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.10.9 is now available with bug fixes.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.10.9",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2025:1600",
"url": "https://access.redhat.com/errata/RHBA-2025:1600"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhba-2025_1600.json"
}
],
"title": "Red Hat Bug Fix Advisory: Red Hat Quay v3.10.9 bug fix release",
"tracking": {
"current_release_date": "2026-05-25T14:23:41+00:00",
"generator": {
"date": "2026-05-25T14:23:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHBA-2025:1600",
"initial_release_date": "2025-02-24T04:48:51+00:00",
"revision_history": [
{
"date": "2025-02-24T04:48:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-24T04:48:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-25T14:23:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Quay v3",
"product": {
"name": "Quay v3",
"product_id": "8Base-Quay-3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "quay/quay-bridge-operator-bundle@sha256:dc892f7daf2e323d55ab7611738cf3e66e41fed377cbfb7cbc8758df8a2d36b7_ppc64le",
"product": {
"name": "quay/quay-bridge-operator-bundle@sha256:dc892f7daf2e323d55ab7611738cf3e66e41fed377cbfb7cbc8758df8a2d36b7_ppc64le",
"product_id": "quay/quay-bridge-operator-bundle@sha256:dc892f7daf2e323d55ab7611738cf3e66e41fed377cbfb7cbc8758df8a2d36b7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256:dc892f7daf2e323d55ab7611738cf3e66e41fed377cbfb7cbc8758df8a2d36b7?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-bundle\u0026tag=v3.10.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-bridge-operator-rhel8@sha256:22fcdc241bb49a88fb0384d09da023db070fae05eec6e37f7b4f52e4cdc35dab_ppc64le",
"product": {
"name": "quay/quay-bridge-operator-rhel8@sha256:22fcdc241bb49a88fb0384d09da023db070fae05eec6e37f7b4f52e4cdc35dab_ppc64le",
"product_id": "quay/quay-bridge-operator-rhel8@sha256:22fcdc241bb49a88fb0384d09da023db070fae05eec6e37f7b4f52e4cdc35dab_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256:22fcdc241bb49a88fb0384d09da023db070fae05eec6e37f7b4f52e4cdc35dab?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=v3.10.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-builder-rhel8@sha256:3996e8ef02ed9b6cedf9bc8d6f25d3972d3558652613490013fe64b64331a22d_ppc64le",
"product": {
"name": "quay/quay-builder-rhel8@sha256:3996e8ef02ed9b6cedf9bc8d6f25d3972d3558652613490013fe64b64331a22d_ppc64le",
"product_id": "quay/quay-builder-rhel8@sha256:3996e8ef02ed9b6cedf9bc8d6f25d3972d3558652613490013fe64b64331a22d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256:3996e8ef02ed9b6cedf9bc8d6f25d3972d3558652613490013fe64b64331a22d?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=v3.10.9-2"
}
}
},
{
"category": "product_version",
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:757b31e1d202243bf243b5d4e6e4785b2f37a603f24f568fbb604ba5a957e78c_ppc64le",
"product": {
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:757b31e1d202243bf243b5d4e6e4785b2f37a603f24f568fbb604ba5a957e78c_ppc64le",
"product_id": "quay/quay-builder-qemu-rhcos-rhel8@sha256:757b31e1d202243bf243b5d4e6e4785b2f37a603f24f568fbb604ba5a957e78c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256:757b31e1d202243bf243b5d4e6e4785b2f37a603f24f568fbb604ba5a957e78c?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=v3.10.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/clair-rhel8@sha256:c20ba1c658aaf803713a50eefdc88fbefa64294287aa7474e72916a9d8000a5a_ppc64le",
"product": {
"name": "quay/clair-rhel8@sha256:c20ba1c658aaf803713a50eefdc88fbefa64294287aa7474e72916a9d8000a5a_ppc64le",
"product_id": "quay/clair-rhel8@sha256:c20ba1c658aaf803713a50eefdc88fbefa64294287aa7474e72916a9d8000a5a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256:c20ba1c658aaf803713a50eefdc88fbefa64294287aa7474e72916a9d8000a5a?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=v3.10.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-container-security-operator-bundle@sha256:a6980f2d188b32ab0d9f78b471ded0c2c2b1f58746a4890a880dc6b9f257a2d0_ppc64le",
"product": {
"name": "quay/quay-container-security-operator-bundle@sha256:a6980f2d188b32ab0d9f78b471ded0c2c2b1f58746a4890a880dc6b9f257a2d0_ppc64le",
"product_id": "quay/quay-container-security-operator-bundle@sha256:a6980f2d188b32ab0d9f78b471ded0c2c2b1f58746a4890a880dc6b9f257a2d0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256:a6980f2d188b32ab0d9f78b471ded0c2c2b1f58746a4890a880dc6b9f257a2d0?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=v3.10.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-container-security-operator-rhel8@sha256:64ce86fb690eef8d8a0896fa44b6292401222592ced1978ffb2450c9727fc50a_ppc64le",
"product": {
"name": "quay/quay-container-security-operator-rhel8@sha256:64ce86fb690eef8d8a0896fa44b6292401222592ced1978ffb2450c9727fc50a_ppc64le",
"product_id": "quay/quay-container-security-operator-rhel8@sha256:64ce86fb690eef8d8a0896fa44b6292401222592ced1978ffb2450c9727fc50a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256:64ce86fb690eef8d8a0896fa44b6292401222592ced1978ffb2450c9727fc50a?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=v3.10.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-operator-bundle@sha256:5685b4aa856ac7c2c9d434ad96fa55981f4bae45a4eaa4747b34752b4454ef49_ppc64le",
"product": {
"name": "quay/quay-operator-bundle@sha256:5685b4aa856ac7c2c9d434ad96fa55981f4bae45a4eaa4747b34752b4454ef49_ppc64le",
"product_id": "quay/quay-operator-bundle@sha256:5685b4aa856ac7c2c9d434ad96fa55981f4bae45a4eaa4747b34752b4454ef49_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256:5685b4aa856ac7c2c9d434ad96fa55981f4bae45a4eaa4747b34752b4454ef49?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=v3.10.9-4"
}
}
},
{
"category": "product_version",
"name": "quay/quay-operator-rhel8@sha256:d2b310ddc6c5d000234c8d8ac1c9e993c2de49426c251d36077c504a51ab9460_ppc64le",
"product": {
"name": "quay/quay-operator-rhel8@sha256:d2b310ddc6c5d000234c8d8ac1c9e993c2de49426c251d36077c504a51ab9460_ppc64le",
"product_id": "quay/quay-operator-rhel8@sha256:d2b310ddc6c5d000234c8d8ac1c9e993c2de49426c251d36077c504a51ab9460_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256:d2b310ddc6c5d000234c8d8ac1c9e993c2de49426c251d36077c504a51ab9460?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=v3.10.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-rhel8@sha256:fa3ce51dede997f0b0c71bf8c26f3f97c6fd4130d47abba770d3ad122f78fe2d_ppc64le",
"product": {
"name": "quay/quay-rhel8@sha256:fa3ce51dede997f0b0c71bf8c26f3f97c6fd4130d47abba770d3ad122f78fe2d_ppc64le",
"product_id": "quay/quay-rhel8@sha256:fa3ce51dede997f0b0c71bf8c26f3f97c6fd4130d47abba770d3ad122f78fe2d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256:fa3ce51dede997f0b0c71bf8c26f3f97c6fd4130d47abba770d3ad122f78fe2d?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=v3.10.9-2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "quay/quay-bridge-operator-bundle@sha256:c5ba386cc65a303e5fcb76a407c5b47ec98e76b411e31f3498c3ec58d7653192_amd64",
"product": {
"name": "quay/quay-bridge-operator-bundle@sha256:c5ba386cc65a303e5fcb76a407c5b47ec98e76b411e31f3498c3ec58d7653192_amd64",
"product_id": "quay/quay-bridge-operator-bundle@sha256:c5ba386cc65a303e5fcb76a407c5b47ec98e76b411e31f3498c3ec58d7653192_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256:c5ba386cc65a303e5fcb76a407c5b47ec98e76b411e31f3498c3ec58d7653192?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-bundle\u0026tag=v3.10.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-bridge-operator-rhel8@sha256:a078bb2fa0842ccbc40d26572f6b79beb78e9fb602c99c4bb6bca53040fce04f_amd64",
"product": {
"name": "quay/quay-bridge-operator-rhel8@sha256:a078bb2fa0842ccbc40d26572f6b79beb78e9fb602c99c4bb6bca53040fce04f_amd64",
"product_id": "quay/quay-bridge-operator-rhel8@sha256:a078bb2fa0842ccbc40d26572f6b79beb78e9fb602c99c4bb6bca53040fce04f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256:a078bb2fa0842ccbc40d26572f6b79beb78e9fb602c99c4bb6bca53040fce04f?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=v3.10.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-builder-rhel8@sha256:bd60fd0dd4339f532af75f47b2fef45f5d859bec19727a72425aae148715c4ab_amd64",
"product": {
"name": "quay/quay-builder-rhel8@sha256:bd60fd0dd4339f532af75f47b2fef45f5d859bec19727a72425aae148715c4ab_amd64",
"product_id": "quay/quay-builder-rhel8@sha256:bd60fd0dd4339f532af75f47b2fef45f5d859bec19727a72425aae148715c4ab_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256:bd60fd0dd4339f532af75f47b2fef45f5d859bec19727a72425aae148715c4ab?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=v3.10.9-2"
}
}
},
{
"category": "product_version",
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:294b33b88cda984cea4e86ffa86bc56ea163c741d0c429fc95523e7ce3e289cd_amd64",
"product": {
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:294b33b88cda984cea4e86ffa86bc56ea163c741d0c429fc95523e7ce3e289cd_amd64",
"product_id": "quay/quay-builder-qemu-rhcos-rhel8@sha256:294b33b88cda984cea4e86ffa86bc56ea163c741d0c429fc95523e7ce3e289cd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256:294b33b88cda984cea4e86ffa86bc56ea163c741d0c429fc95523e7ce3e289cd?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=v3.10.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/clair-rhel8@sha256:2c2ecd3f49a8645eca1c4708e3c4e0e0771734b12e33d6cd6428d8a1ccc38719_amd64",
"product": {
"name": "quay/clair-rhel8@sha256:2c2ecd3f49a8645eca1c4708e3c4e0e0771734b12e33d6cd6428d8a1ccc38719_amd64",
"product_id": "quay/clair-rhel8@sha256:2c2ecd3f49a8645eca1c4708e3c4e0e0771734b12e33d6cd6428d8a1ccc38719_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256:2c2ecd3f49a8645eca1c4708e3c4e0e0771734b12e33d6cd6428d8a1ccc38719?arch=amd64\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=v3.10.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-container-security-operator-bundle@sha256:e31825f0461cb54e6d21c36cb6bbbb8fbeb61943c459184836653a3a850a4089_amd64",
"product": {
"name": "quay/quay-container-security-operator-bundle@sha256:e31825f0461cb54e6d21c36cb6bbbb8fbeb61943c459184836653a3a850a4089_amd64",
"product_id": "quay/quay-container-security-operator-bundle@sha256:e31825f0461cb54e6d21c36cb6bbbb8fbeb61943c459184836653a3a850a4089_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256:e31825f0461cb54e6d21c36cb6bbbb8fbeb61943c459184836653a3a850a4089?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=v3.10.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-container-security-operator-rhel8@sha256:86f789197043c3acc481883a7abe70ec22ce9e1acc98ca2dc51a97d54fb2d992_amd64",
"product": {
"name": "quay/quay-container-security-operator-rhel8@sha256:86f789197043c3acc481883a7abe70ec22ce9e1acc98ca2dc51a97d54fb2d992_amd64",
"product_id": "quay/quay-container-security-operator-rhel8@sha256:86f789197043c3acc481883a7abe70ec22ce9e1acc98ca2dc51a97d54fb2d992_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256:86f789197043c3acc481883a7abe70ec22ce9e1acc98ca2dc51a97d54fb2d992?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=v3.10.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-operator-bundle@sha256:d4f2c24ed74f76af477427b7bb7159d08f480fa9890cb1227307b286c9be2771_amd64",
"product": {
"name": "quay/quay-operator-bundle@sha256:d4f2c24ed74f76af477427b7bb7159d08f480fa9890cb1227307b286c9be2771_amd64",
"product_id": "quay/quay-operator-bundle@sha256:d4f2c24ed74f76af477427b7bb7159d08f480fa9890cb1227307b286c9be2771_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256:d4f2c24ed74f76af477427b7bb7159d08f480fa9890cb1227307b286c9be2771?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=v3.10.9-4"
}
}
},
{
"category": "product_version",
"name": "quay/quay-operator-rhel8@sha256:e1d90bda5bed0ede104b699e42fb69eae32cd2bf786c0864626b8fbb6a311dcf_amd64",
"product": {
"name": "quay/quay-operator-rhel8@sha256:e1d90bda5bed0ede104b699e42fb69eae32cd2bf786c0864626b8fbb6a311dcf_amd64",
"product_id": "quay/quay-operator-rhel8@sha256:e1d90bda5bed0ede104b699e42fb69eae32cd2bf786c0864626b8fbb6a311dcf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256:e1d90bda5bed0ede104b699e42fb69eae32cd2bf786c0864626b8fbb6a311dcf?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=v3.10.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-rhel8@sha256:092d1d030ba909855a3de504e0373fc9cbf6d74dd5dca3f94b151e5c3ce4d6ff_amd64",
"product": {
"name": "quay/quay-rhel8@sha256:092d1d030ba909855a3de504e0373fc9cbf6d74dd5dca3f94b151e5c3ce4d6ff_amd64",
"product_id": "quay/quay-rhel8@sha256:092d1d030ba909855a3de504e0373fc9cbf6d74dd5dca3f94b151e5c3ce4d6ff_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256:092d1d030ba909855a3de504e0373fc9cbf6d74dd5dca3f94b151e5c3ce4d6ff?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=v3.10.9-2"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "quay/quay-bridge-operator-bundle@sha256:02ca9f9006d62fd5549b7b17dff959a544d3561e19888bbadc9c83ec2366253a_s390x",
"product": {
"name": "quay/quay-bridge-operator-bundle@sha256:02ca9f9006d62fd5549b7b17dff959a544d3561e19888bbadc9c83ec2366253a_s390x",
"product_id": "quay/quay-bridge-operator-bundle@sha256:02ca9f9006d62fd5549b7b17dff959a544d3561e19888bbadc9c83ec2366253a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256:02ca9f9006d62fd5549b7b17dff959a544d3561e19888bbadc9c83ec2366253a?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-bundle\u0026tag=v3.10.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-bridge-operator-rhel8@sha256:437068f5ae4cd5ffc3628a08be850177e213f6e876286aab3630af9f83e3e9b1_s390x",
"product": {
"name": "quay/quay-bridge-operator-rhel8@sha256:437068f5ae4cd5ffc3628a08be850177e213f6e876286aab3630af9f83e3e9b1_s390x",
"product_id": "quay/quay-bridge-operator-rhel8@sha256:437068f5ae4cd5ffc3628a08be850177e213f6e876286aab3630af9f83e3e9b1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256:437068f5ae4cd5ffc3628a08be850177e213f6e876286aab3630af9f83e3e9b1?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=v3.10.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-builder-rhel8@sha256:937819ced9bd302aae3d048a470d50475b2e4c34347a4ff1c83843fda71ffe7f_s390x",
"product": {
"name": "quay/quay-builder-rhel8@sha256:937819ced9bd302aae3d048a470d50475b2e4c34347a4ff1c83843fda71ffe7f_s390x",
"product_id": "quay/quay-builder-rhel8@sha256:937819ced9bd302aae3d048a470d50475b2e4c34347a4ff1c83843fda71ffe7f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256:937819ced9bd302aae3d048a470d50475b2e4c34347a4ff1c83843fda71ffe7f?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=v3.10.9-2"
}
}
},
{
"category": "product_version",
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:48a2e4ce23e51c3196cfaf781b4419fb0939838776df046db062a075e103410f_s390x",
"product": {
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:48a2e4ce23e51c3196cfaf781b4419fb0939838776df046db062a075e103410f_s390x",
"product_id": "quay/quay-builder-qemu-rhcos-rhel8@sha256:48a2e4ce23e51c3196cfaf781b4419fb0939838776df046db062a075e103410f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256:48a2e4ce23e51c3196cfaf781b4419fb0939838776df046db062a075e103410f?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=v3.10.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/clair-rhel8@sha256:1557acebfe258f88c6a5890dd9b830943bf4a3be6834b0fbf0d2c9f32e40bab9_s390x",
"product": {
"name": "quay/clair-rhel8@sha256:1557acebfe258f88c6a5890dd9b830943bf4a3be6834b0fbf0d2c9f32e40bab9_s390x",
"product_id": "quay/clair-rhel8@sha256:1557acebfe258f88c6a5890dd9b830943bf4a3be6834b0fbf0d2c9f32e40bab9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256:1557acebfe258f88c6a5890dd9b830943bf4a3be6834b0fbf0d2c9f32e40bab9?arch=s390x\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=v3.10.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-container-security-operator-bundle@sha256:e322a843ea4578b7c24ee6486cb8cc430db4f22588b071f99522c42d5cca29ec_s390x",
"product": {
"name": "quay/quay-container-security-operator-bundle@sha256:e322a843ea4578b7c24ee6486cb8cc430db4f22588b071f99522c42d5cca29ec_s390x",
"product_id": "quay/quay-container-security-operator-bundle@sha256:e322a843ea4578b7c24ee6486cb8cc430db4f22588b071f99522c42d5cca29ec_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256:e322a843ea4578b7c24ee6486cb8cc430db4f22588b071f99522c42d5cca29ec?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=v3.10.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-container-security-operator-rhel8@sha256:026ffd6c71975c0e58a498508a5512979d241aaf6ae56588094c48cf78bf52d7_s390x",
"product": {
"name": "quay/quay-container-security-operator-rhel8@sha256:026ffd6c71975c0e58a498508a5512979d241aaf6ae56588094c48cf78bf52d7_s390x",
"product_id": "quay/quay-container-security-operator-rhel8@sha256:026ffd6c71975c0e58a498508a5512979d241aaf6ae56588094c48cf78bf52d7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256:026ffd6c71975c0e58a498508a5512979d241aaf6ae56588094c48cf78bf52d7?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=v3.10.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-operator-bundle@sha256:4e5d9a6fe8e10dacf7b65f752b5d84bec38d707cba8bd95513fe7c9de7c75c47_s390x",
"product": {
"name": "quay/quay-operator-bundle@sha256:4e5d9a6fe8e10dacf7b65f752b5d84bec38d707cba8bd95513fe7c9de7c75c47_s390x",
"product_id": "quay/quay-operator-bundle@sha256:4e5d9a6fe8e10dacf7b65f752b5d84bec38d707cba8bd95513fe7c9de7c75c47_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256:4e5d9a6fe8e10dacf7b65f752b5d84bec38d707cba8bd95513fe7c9de7c75c47?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=v3.10.9-4"
}
}
},
{
"category": "product_version",
"name": "quay/quay-operator-rhel8@sha256:67737aa0e08a5d8a9ee40cc08d00c6d8211b583c5936e9a426f6a5f625b184aa_s390x",
"product": {
"name": "quay/quay-operator-rhel8@sha256:67737aa0e08a5d8a9ee40cc08d00c6d8211b583c5936e9a426f6a5f625b184aa_s390x",
"product_id": "quay/quay-operator-rhel8@sha256:67737aa0e08a5d8a9ee40cc08d00c6d8211b583c5936e9a426f6a5f625b184aa_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256:67737aa0e08a5d8a9ee40cc08d00c6d8211b583c5936e9a426f6a5f625b184aa?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=v3.10.9-1"
}
}
},
{
"category": "product_version",
"name": "quay/quay-rhel8@sha256:59bec1f6dee73acd7e2df63feb1f577dc8e9c391fe5b18b3c1535f2fa4cbbae9_s390x",
"product": {
"name": "quay/quay-rhel8@sha256:59bec1f6dee73acd7e2df63feb1f577dc8e9c391fe5b18b3c1535f2fa4cbbae9_s390x",
"product_id": "quay/quay-rhel8@sha256:59bec1f6dee73acd7e2df63feb1f577dc8e9c391fe5b18b3c1535f2fa4cbbae9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256:59bec1f6dee73acd7e2df63feb1f577dc8e9c391fe5b18b3c1535f2fa4cbbae9?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=v3.10.9-2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/clair-rhel8@sha256:1557acebfe258f88c6a5890dd9b830943bf4a3be6834b0fbf0d2c9f32e40bab9_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/clair-rhel8@sha256:1557acebfe258f88c6a5890dd9b830943bf4a3be6834b0fbf0d2c9f32e40bab9_s390x"
},
"product_reference": "quay/clair-rhel8@sha256:1557acebfe258f88c6a5890dd9b830943bf4a3be6834b0fbf0d2c9f32e40bab9_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/clair-rhel8@sha256:2c2ecd3f49a8645eca1c4708e3c4e0e0771734b12e33d6cd6428d8a1ccc38719_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/clair-rhel8@sha256:2c2ecd3f49a8645eca1c4708e3c4e0e0771734b12e33d6cd6428d8a1ccc38719_amd64"
},
"product_reference": "quay/clair-rhel8@sha256:2c2ecd3f49a8645eca1c4708e3c4e0e0771734b12e33d6cd6428d8a1ccc38719_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/clair-rhel8@sha256:c20ba1c658aaf803713a50eefdc88fbefa64294287aa7474e72916a9d8000a5a_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/clair-rhel8@sha256:c20ba1c658aaf803713a50eefdc88fbefa64294287aa7474e72916a9d8000a5a_ppc64le"
},
"product_reference": "quay/clair-rhel8@sha256:c20ba1c658aaf803713a50eefdc88fbefa64294287aa7474e72916a9d8000a5a_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-bridge-operator-bundle@sha256:02ca9f9006d62fd5549b7b17dff959a544d3561e19888bbadc9c83ec2366253a_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:02ca9f9006d62fd5549b7b17dff959a544d3561e19888bbadc9c83ec2366253a_s390x"
},
"product_reference": "quay/quay-bridge-operator-bundle@sha256:02ca9f9006d62fd5549b7b17dff959a544d3561e19888bbadc9c83ec2366253a_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-bridge-operator-bundle@sha256:c5ba386cc65a303e5fcb76a407c5b47ec98e76b411e31f3498c3ec58d7653192_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:c5ba386cc65a303e5fcb76a407c5b47ec98e76b411e31f3498c3ec58d7653192_amd64"
},
"product_reference": "quay/quay-bridge-operator-bundle@sha256:c5ba386cc65a303e5fcb76a407c5b47ec98e76b411e31f3498c3ec58d7653192_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-bridge-operator-bundle@sha256:dc892f7daf2e323d55ab7611738cf3e66e41fed377cbfb7cbc8758df8a2d36b7_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:dc892f7daf2e323d55ab7611738cf3e66e41fed377cbfb7cbc8758df8a2d36b7_ppc64le"
},
"product_reference": "quay/quay-bridge-operator-bundle@sha256:dc892f7daf2e323d55ab7611738cf3e66e41fed377cbfb7cbc8758df8a2d36b7_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-bridge-operator-rhel8@sha256:22fcdc241bb49a88fb0384d09da023db070fae05eec6e37f7b4f52e4cdc35dab_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:22fcdc241bb49a88fb0384d09da023db070fae05eec6e37f7b4f52e4cdc35dab_ppc64le"
},
"product_reference": "quay/quay-bridge-operator-rhel8@sha256:22fcdc241bb49a88fb0384d09da023db070fae05eec6e37f7b4f52e4cdc35dab_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-bridge-operator-rhel8@sha256:437068f5ae4cd5ffc3628a08be850177e213f6e876286aab3630af9f83e3e9b1_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:437068f5ae4cd5ffc3628a08be850177e213f6e876286aab3630af9f83e3e9b1_s390x"
},
"product_reference": "quay/quay-bridge-operator-rhel8@sha256:437068f5ae4cd5ffc3628a08be850177e213f6e876286aab3630af9f83e3e9b1_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-bridge-operator-rhel8@sha256:a078bb2fa0842ccbc40d26572f6b79beb78e9fb602c99c4bb6bca53040fce04f_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:a078bb2fa0842ccbc40d26572f6b79beb78e9fb602c99c4bb6bca53040fce04f_amd64"
},
"product_reference": "quay/quay-bridge-operator-rhel8@sha256:a078bb2fa0842ccbc40d26572f6b79beb78e9fb602c99c4bb6bca53040fce04f_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:294b33b88cda984cea4e86ffa86bc56ea163c741d0c429fc95523e7ce3e289cd_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:294b33b88cda984cea4e86ffa86bc56ea163c741d0c429fc95523e7ce3e289cd_amd64"
},
"product_reference": "quay/quay-builder-qemu-rhcos-rhel8@sha256:294b33b88cda984cea4e86ffa86bc56ea163c741d0c429fc95523e7ce3e289cd_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:48a2e4ce23e51c3196cfaf781b4419fb0939838776df046db062a075e103410f_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:48a2e4ce23e51c3196cfaf781b4419fb0939838776df046db062a075e103410f_s390x"
},
"product_reference": "quay/quay-builder-qemu-rhcos-rhel8@sha256:48a2e4ce23e51c3196cfaf781b4419fb0939838776df046db062a075e103410f_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:757b31e1d202243bf243b5d4e6e4785b2f37a603f24f568fbb604ba5a957e78c_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:757b31e1d202243bf243b5d4e6e4785b2f37a603f24f568fbb604ba5a957e78c_ppc64le"
},
"product_reference": "quay/quay-builder-qemu-rhcos-rhel8@sha256:757b31e1d202243bf243b5d4e6e4785b2f37a603f24f568fbb604ba5a957e78c_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-builder-rhel8@sha256:3996e8ef02ed9b6cedf9bc8d6f25d3972d3558652613490013fe64b64331a22d_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-builder-rhel8@sha256:3996e8ef02ed9b6cedf9bc8d6f25d3972d3558652613490013fe64b64331a22d_ppc64le"
},
"product_reference": "quay/quay-builder-rhel8@sha256:3996e8ef02ed9b6cedf9bc8d6f25d3972d3558652613490013fe64b64331a22d_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-builder-rhel8@sha256:937819ced9bd302aae3d048a470d50475b2e4c34347a4ff1c83843fda71ffe7f_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-builder-rhel8@sha256:937819ced9bd302aae3d048a470d50475b2e4c34347a4ff1c83843fda71ffe7f_s390x"
},
"product_reference": "quay/quay-builder-rhel8@sha256:937819ced9bd302aae3d048a470d50475b2e4c34347a4ff1c83843fda71ffe7f_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-builder-rhel8@sha256:bd60fd0dd4339f532af75f47b2fef45f5d859bec19727a72425aae148715c4ab_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-builder-rhel8@sha256:bd60fd0dd4339f532af75f47b2fef45f5d859bec19727a72425aae148715c4ab_amd64"
},
"product_reference": "quay/quay-builder-rhel8@sha256:bd60fd0dd4339f532af75f47b2fef45f5d859bec19727a72425aae148715c4ab_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-container-security-operator-bundle@sha256:a6980f2d188b32ab0d9f78b471ded0c2c2b1f58746a4890a880dc6b9f257a2d0_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:a6980f2d188b32ab0d9f78b471ded0c2c2b1f58746a4890a880dc6b9f257a2d0_ppc64le"
},
"product_reference": "quay/quay-container-security-operator-bundle@sha256:a6980f2d188b32ab0d9f78b471ded0c2c2b1f58746a4890a880dc6b9f257a2d0_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-container-security-operator-bundle@sha256:e31825f0461cb54e6d21c36cb6bbbb8fbeb61943c459184836653a3a850a4089_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:e31825f0461cb54e6d21c36cb6bbbb8fbeb61943c459184836653a3a850a4089_amd64"
},
"product_reference": "quay/quay-container-security-operator-bundle@sha256:e31825f0461cb54e6d21c36cb6bbbb8fbeb61943c459184836653a3a850a4089_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-container-security-operator-bundle@sha256:e322a843ea4578b7c24ee6486cb8cc430db4f22588b071f99522c42d5cca29ec_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:e322a843ea4578b7c24ee6486cb8cc430db4f22588b071f99522c42d5cca29ec_s390x"
},
"product_reference": "quay/quay-container-security-operator-bundle@sha256:e322a843ea4578b7c24ee6486cb8cc430db4f22588b071f99522c42d5cca29ec_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-container-security-operator-rhel8@sha256:026ffd6c71975c0e58a498508a5512979d241aaf6ae56588094c48cf78bf52d7_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:026ffd6c71975c0e58a498508a5512979d241aaf6ae56588094c48cf78bf52d7_s390x"
},
"product_reference": "quay/quay-container-security-operator-rhel8@sha256:026ffd6c71975c0e58a498508a5512979d241aaf6ae56588094c48cf78bf52d7_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-container-security-operator-rhel8@sha256:64ce86fb690eef8d8a0896fa44b6292401222592ced1978ffb2450c9727fc50a_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:64ce86fb690eef8d8a0896fa44b6292401222592ced1978ffb2450c9727fc50a_ppc64le"
},
"product_reference": "quay/quay-container-security-operator-rhel8@sha256:64ce86fb690eef8d8a0896fa44b6292401222592ced1978ffb2450c9727fc50a_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-container-security-operator-rhel8@sha256:86f789197043c3acc481883a7abe70ec22ce9e1acc98ca2dc51a97d54fb2d992_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:86f789197043c3acc481883a7abe70ec22ce9e1acc98ca2dc51a97d54fb2d992_amd64"
},
"product_reference": "quay/quay-container-security-operator-rhel8@sha256:86f789197043c3acc481883a7abe70ec22ce9e1acc98ca2dc51a97d54fb2d992_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-operator-bundle@sha256:4e5d9a6fe8e10dacf7b65f752b5d84bec38d707cba8bd95513fe7c9de7c75c47_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-operator-bundle@sha256:4e5d9a6fe8e10dacf7b65f752b5d84bec38d707cba8bd95513fe7c9de7c75c47_s390x"
},
"product_reference": "quay/quay-operator-bundle@sha256:4e5d9a6fe8e10dacf7b65f752b5d84bec38d707cba8bd95513fe7c9de7c75c47_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-operator-bundle@sha256:5685b4aa856ac7c2c9d434ad96fa55981f4bae45a4eaa4747b34752b4454ef49_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-operator-bundle@sha256:5685b4aa856ac7c2c9d434ad96fa55981f4bae45a4eaa4747b34752b4454ef49_ppc64le"
},
"product_reference": "quay/quay-operator-bundle@sha256:5685b4aa856ac7c2c9d434ad96fa55981f4bae45a4eaa4747b34752b4454ef49_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-operator-bundle@sha256:d4f2c24ed74f76af477427b7bb7159d08f480fa9890cb1227307b286c9be2771_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-operator-bundle@sha256:d4f2c24ed74f76af477427b7bb7159d08f480fa9890cb1227307b286c9be2771_amd64"
},
"product_reference": "quay/quay-operator-bundle@sha256:d4f2c24ed74f76af477427b7bb7159d08f480fa9890cb1227307b286c9be2771_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-operator-rhel8@sha256:67737aa0e08a5d8a9ee40cc08d00c6d8211b583c5936e9a426f6a5f625b184aa_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-operator-rhel8@sha256:67737aa0e08a5d8a9ee40cc08d00c6d8211b583c5936e9a426f6a5f625b184aa_s390x"
},
"product_reference": "quay/quay-operator-rhel8@sha256:67737aa0e08a5d8a9ee40cc08d00c6d8211b583c5936e9a426f6a5f625b184aa_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-operator-rhel8@sha256:d2b310ddc6c5d000234c8d8ac1c9e993c2de49426c251d36077c504a51ab9460_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-operator-rhel8@sha256:d2b310ddc6c5d000234c8d8ac1c9e993c2de49426c251d36077c504a51ab9460_ppc64le"
},
"product_reference": "quay/quay-operator-rhel8@sha256:d2b310ddc6c5d000234c8d8ac1c9e993c2de49426c251d36077c504a51ab9460_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-operator-rhel8@sha256:e1d90bda5bed0ede104b699e42fb69eae32cd2bf786c0864626b8fbb6a311dcf_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-operator-rhel8@sha256:e1d90bda5bed0ede104b699e42fb69eae32cd2bf786c0864626b8fbb6a311dcf_amd64"
},
"product_reference": "quay/quay-operator-rhel8@sha256:e1d90bda5bed0ede104b699e42fb69eae32cd2bf786c0864626b8fbb6a311dcf_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-rhel8@sha256:092d1d030ba909855a3de504e0373fc9cbf6d74dd5dca3f94b151e5c3ce4d6ff_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-rhel8@sha256:092d1d030ba909855a3de504e0373fc9cbf6d74dd5dca3f94b151e5c3ce4d6ff_amd64"
},
"product_reference": "quay/quay-rhel8@sha256:092d1d030ba909855a3de504e0373fc9cbf6d74dd5dca3f94b151e5c3ce4d6ff_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-rhel8@sha256:59bec1f6dee73acd7e2df63feb1f577dc8e9c391fe5b18b3c1535f2fa4cbbae9_s390x as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-rhel8@sha256:59bec1f6dee73acd7e2df63feb1f577dc8e9c391fe5b18b3c1535f2fa4cbbae9_s390x"
},
"product_reference": "quay/quay-rhel8@sha256:59bec1f6dee73acd7e2df63feb1f577dc8e9c391fe5b18b3c1535f2fa4cbbae9_s390x",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-rhel8@sha256:fa3ce51dede997f0b0c71bf8c26f3f97c6fd4130d47abba770d3ad122f78fe2d_ppc64le as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-rhel8@sha256:fa3ce51dede997f0b0c71bf8c26f3f97c6fd4130d47abba770d3ad122f78fe2d_ppc64le"
},
"product_reference": "quay/quay-rhel8@sha256:fa3ce51dede997f0b0c71bf8c26f3f97c6fd4130d47abba770d3ad122f78fe2d_ppc64le",
"relates_to_product_reference": "8Base-Quay-3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.\n\nMultiple Red Hat offerings use doxygen to build documentation. During this process an affected jquery.js file can be included in the resulting package. The \u0027gcc\u0027 and \u0027tbb\u0027 packages were potentially vulnerable via this method.\n\nOpenShift Container Platform 4 is not affected because even though it uses the \u0027gcc\u0027 component, vulnerable code is limited within the libstdc++-docs rpm package, which is not shipped.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/clair-rhel8@sha256:1557acebfe258f88c6a5890dd9b830943bf4a3be6834b0fbf0d2c9f32e40bab9_s390x",
"8Base-Quay-3:quay/clair-rhel8@sha256:2c2ecd3f49a8645eca1c4708e3c4e0e0771734b12e33d6cd6428d8a1ccc38719_amd64",
"8Base-Quay-3:quay/clair-rhel8@sha256:c20ba1c658aaf803713a50eefdc88fbefa64294287aa7474e72916a9d8000a5a_ppc64le",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:02ca9f9006d62fd5549b7b17dff959a544d3561e19888bbadc9c83ec2366253a_s390x",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:c5ba386cc65a303e5fcb76a407c5b47ec98e76b411e31f3498c3ec58d7653192_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:dc892f7daf2e323d55ab7611738cf3e66e41fed377cbfb7cbc8758df8a2d36b7_ppc64le",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:22fcdc241bb49a88fb0384d09da023db070fae05eec6e37f7b4f52e4cdc35dab_ppc64le",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:437068f5ae4cd5ffc3628a08be850177e213f6e876286aab3630af9f83e3e9b1_s390x",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:a078bb2fa0842ccbc40d26572f6b79beb78e9fb602c99c4bb6bca53040fce04f_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:294b33b88cda984cea4e86ffa86bc56ea163c741d0c429fc95523e7ce3e289cd_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:48a2e4ce23e51c3196cfaf781b4419fb0939838776df046db062a075e103410f_s390x",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:757b31e1d202243bf243b5d4e6e4785b2f37a603f24f568fbb604ba5a957e78c_ppc64le",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:3996e8ef02ed9b6cedf9bc8d6f25d3972d3558652613490013fe64b64331a22d_ppc64le",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:937819ced9bd302aae3d048a470d50475b2e4c34347a4ff1c83843fda71ffe7f_s390x",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:bd60fd0dd4339f532af75f47b2fef45f5d859bec19727a72425aae148715c4ab_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:a6980f2d188b32ab0d9f78b471ded0c2c2b1f58746a4890a880dc6b9f257a2d0_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:e31825f0461cb54e6d21c36cb6bbbb8fbeb61943c459184836653a3a850a4089_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:e322a843ea4578b7c24ee6486cb8cc430db4f22588b071f99522c42d5cca29ec_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:026ffd6c71975c0e58a498508a5512979d241aaf6ae56588094c48cf78bf52d7_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:64ce86fb690eef8d8a0896fa44b6292401222592ced1978ffb2450c9727fc50a_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:86f789197043c3acc481883a7abe70ec22ce9e1acc98ca2dc51a97d54fb2d992_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:4e5d9a6fe8e10dacf7b65f752b5d84bec38d707cba8bd95513fe7c9de7c75c47_s390x",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:5685b4aa856ac7c2c9d434ad96fa55981f4bae45a4eaa4747b34752b4454ef49_ppc64le",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:d4f2c24ed74f76af477427b7bb7159d08f480fa9890cb1227307b286c9be2771_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:67737aa0e08a5d8a9ee40cc08d00c6d8211b583c5936e9a426f6a5f625b184aa_s390x",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:d2b310ddc6c5d000234c8d8ac1c9e993c2de49426c251d36077c504a51ab9460_ppc64le",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:e1d90bda5bed0ede104b699e42fb69eae32cd2bf786c0864626b8fbb6a311dcf_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:092d1d030ba909855a3de504e0373fc9cbf6d74dd5dca3f94b151e5c3ce4d6ff_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:59bec1f6dee73acd7e2df63feb1f577dc8e9c391fe5b18b3c1535f2fa4cbbae9_s390x",
"8Base-Quay-3:quay/quay-rhel8@sha256:fa3ce51dede997f0b0c71bf8c26f3f97c6fd4130d47abba770d3ad122f78fe2d_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11023"
},
{
"category": "external",
"summary": "RHBZ#1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2020-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T04:48:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:1557acebfe258f88c6a5890dd9b830943bf4a3be6834b0fbf0d2c9f32e40bab9_s390x",
"8Base-Quay-3:quay/clair-rhel8@sha256:2c2ecd3f49a8645eca1c4708e3c4e0e0771734b12e33d6cd6428d8a1ccc38719_amd64",
"8Base-Quay-3:quay/clair-rhel8@sha256:c20ba1c658aaf803713a50eefdc88fbefa64294287aa7474e72916a9d8000a5a_ppc64le",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:02ca9f9006d62fd5549b7b17dff959a544d3561e19888bbadc9c83ec2366253a_s390x",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:c5ba386cc65a303e5fcb76a407c5b47ec98e76b411e31f3498c3ec58d7653192_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:dc892f7daf2e323d55ab7611738cf3e66e41fed377cbfb7cbc8758df8a2d36b7_ppc64le",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:22fcdc241bb49a88fb0384d09da023db070fae05eec6e37f7b4f52e4cdc35dab_ppc64le",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:437068f5ae4cd5ffc3628a08be850177e213f6e876286aab3630af9f83e3e9b1_s390x",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:a078bb2fa0842ccbc40d26572f6b79beb78e9fb602c99c4bb6bca53040fce04f_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:294b33b88cda984cea4e86ffa86bc56ea163c741d0c429fc95523e7ce3e289cd_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:48a2e4ce23e51c3196cfaf781b4419fb0939838776df046db062a075e103410f_s390x",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:757b31e1d202243bf243b5d4e6e4785b2f37a603f24f568fbb604ba5a957e78c_ppc64le",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:3996e8ef02ed9b6cedf9bc8d6f25d3972d3558652613490013fe64b64331a22d_ppc64le",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:937819ced9bd302aae3d048a470d50475b2e4c34347a4ff1c83843fda71ffe7f_s390x",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:bd60fd0dd4339f532af75f47b2fef45f5d859bec19727a72425aae148715c4ab_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:a6980f2d188b32ab0d9f78b471ded0c2c2b1f58746a4890a880dc6b9f257a2d0_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:e31825f0461cb54e6d21c36cb6bbbb8fbeb61943c459184836653a3a850a4089_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:e322a843ea4578b7c24ee6486cb8cc430db4f22588b071f99522c42d5cca29ec_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:026ffd6c71975c0e58a498508a5512979d241aaf6ae56588094c48cf78bf52d7_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:64ce86fb690eef8d8a0896fa44b6292401222592ced1978ffb2450c9727fc50a_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:86f789197043c3acc481883a7abe70ec22ce9e1acc98ca2dc51a97d54fb2d992_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:4e5d9a6fe8e10dacf7b65f752b5d84bec38d707cba8bd95513fe7c9de7c75c47_s390x",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:5685b4aa856ac7c2c9d434ad96fa55981f4bae45a4eaa4747b34752b4454ef49_ppc64le",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:d4f2c24ed74f76af477427b7bb7159d08f480fa9890cb1227307b286c9be2771_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:67737aa0e08a5d8a9ee40cc08d00c6d8211b583c5936e9a426f6a5f625b184aa_s390x",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:d2b310ddc6c5d000234c8d8ac1c9e993c2de49426c251d36077c504a51ab9460_ppc64le",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:e1d90bda5bed0ede104b699e42fb69eae32cd2bf786c0864626b8fbb6a311dcf_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:092d1d030ba909855a3de504e0373fc9cbf6d74dd5dca3f94b151e5c3ce4d6ff_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:59bec1f6dee73acd7e2df63feb1f577dc8e9c391fe5b18b3c1535f2fa4cbbae9_s390x",
"8Base-Quay-3:quay/quay-rhel8@sha256:fa3ce51dede997f0b0c71bf8c26f3f97c6fd4130d47abba770d3ad122f78fe2d_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2025:1600"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:1557acebfe258f88c6a5890dd9b830943bf4a3be6834b0fbf0d2c9f32e40bab9_s390x",
"8Base-Quay-3:quay/clair-rhel8@sha256:2c2ecd3f49a8645eca1c4708e3c4e0e0771734b12e33d6cd6428d8a1ccc38719_amd64",
"8Base-Quay-3:quay/clair-rhel8@sha256:c20ba1c658aaf803713a50eefdc88fbefa64294287aa7474e72916a9d8000a5a_ppc64le",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:02ca9f9006d62fd5549b7b17dff959a544d3561e19888bbadc9c83ec2366253a_s390x",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:c5ba386cc65a303e5fcb76a407c5b47ec98e76b411e31f3498c3ec58d7653192_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:dc892f7daf2e323d55ab7611738cf3e66e41fed377cbfb7cbc8758df8a2d36b7_ppc64le",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:22fcdc241bb49a88fb0384d09da023db070fae05eec6e37f7b4f52e4cdc35dab_ppc64le",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:437068f5ae4cd5ffc3628a08be850177e213f6e876286aab3630af9f83e3e9b1_s390x",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:a078bb2fa0842ccbc40d26572f6b79beb78e9fb602c99c4bb6bca53040fce04f_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:294b33b88cda984cea4e86ffa86bc56ea163c741d0c429fc95523e7ce3e289cd_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:48a2e4ce23e51c3196cfaf781b4419fb0939838776df046db062a075e103410f_s390x",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:757b31e1d202243bf243b5d4e6e4785b2f37a603f24f568fbb604ba5a957e78c_ppc64le",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:3996e8ef02ed9b6cedf9bc8d6f25d3972d3558652613490013fe64b64331a22d_ppc64le",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:937819ced9bd302aae3d048a470d50475b2e4c34347a4ff1c83843fda71ffe7f_s390x",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:bd60fd0dd4339f532af75f47b2fef45f5d859bec19727a72425aae148715c4ab_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:a6980f2d188b32ab0d9f78b471ded0c2c2b1f58746a4890a880dc6b9f257a2d0_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:e31825f0461cb54e6d21c36cb6bbbb8fbeb61943c459184836653a3a850a4089_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:e322a843ea4578b7c24ee6486cb8cc430db4f22588b071f99522c42d5cca29ec_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:026ffd6c71975c0e58a498508a5512979d241aaf6ae56588094c48cf78bf52d7_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:64ce86fb690eef8d8a0896fa44b6292401222592ced1978ffb2450c9727fc50a_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:86f789197043c3acc481883a7abe70ec22ce9e1acc98ca2dc51a97d54fb2d992_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:4e5d9a6fe8e10dacf7b65f752b5d84bec38d707cba8bd95513fe7c9de7c75c47_s390x",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:5685b4aa856ac7c2c9d434ad96fa55981f4bae45a4eaa4747b34752b4454ef49_ppc64le",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:d4f2c24ed74f76af477427b7bb7159d08f480fa9890cb1227307b286c9be2771_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:67737aa0e08a5d8a9ee40cc08d00c6d8211b583c5936e9a426f6a5f625b184aa_s390x",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:d2b310ddc6c5d000234c8d8ac1c9e993c2de49426c251d36077c504a51ab9460_ppc64le",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:e1d90bda5bed0ede104b699e42fb69eae32cd2bf786c0864626b8fbb6a311dcf_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:092d1d030ba909855a3de504e0373fc9cbf6d74dd5dca3f94b151e5c3ce4d6ff_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:59bec1f6dee73acd7e2df63feb1f577dc8e9c391fe5b18b3c1535f2fa4cbbae9_s390x",
"8Base-Quay-3:quay/quay-rhel8@sha256:fa3ce51dede997f0b0c71bf8c26f3f97c6fd4130d47abba770d3ad122f78fe2d_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-Quay-3:quay/clair-rhel8@sha256:1557acebfe258f88c6a5890dd9b830943bf4a3be6834b0fbf0d2c9f32e40bab9_s390x",
"8Base-Quay-3:quay/clair-rhel8@sha256:2c2ecd3f49a8645eca1c4708e3c4e0e0771734b12e33d6cd6428d8a1ccc38719_amd64",
"8Base-Quay-3:quay/clair-rhel8@sha256:c20ba1c658aaf803713a50eefdc88fbefa64294287aa7474e72916a9d8000a5a_ppc64le",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:02ca9f9006d62fd5549b7b17dff959a544d3561e19888bbadc9c83ec2366253a_s390x",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:c5ba386cc65a303e5fcb76a407c5b47ec98e76b411e31f3498c3ec58d7653192_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:dc892f7daf2e323d55ab7611738cf3e66e41fed377cbfb7cbc8758df8a2d36b7_ppc64le",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:22fcdc241bb49a88fb0384d09da023db070fae05eec6e37f7b4f52e4cdc35dab_ppc64le",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:437068f5ae4cd5ffc3628a08be850177e213f6e876286aab3630af9f83e3e9b1_s390x",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:a078bb2fa0842ccbc40d26572f6b79beb78e9fb602c99c4bb6bca53040fce04f_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:294b33b88cda984cea4e86ffa86bc56ea163c741d0c429fc95523e7ce3e289cd_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:48a2e4ce23e51c3196cfaf781b4419fb0939838776df046db062a075e103410f_s390x",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:757b31e1d202243bf243b5d4e6e4785b2f37a603f24f568fbb604ba5a957e78c_ppc64le",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:3996e8ef02ed9b6cedf9bc8d6f25d3972d3558652613490013fe64b64331a22d_ppc64le",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:937819ced9bd302aae3d048a470d50475b2e4c34347a4ff1c83843fda71ffe7f_s390x",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:bd60fd0dd4339f532af75f47b2fef45f5d859bec19727a72425aae148715c4ab_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:a6980f2d188b32ab0d9f78b471ded0c2c2b1f58746a4890a880dc6b9f257a2d0_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:e31825f0461cb54e6d21c36cb6bbbb8fbeb61943c459184836653a3a850a4089_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:e322a843ea4578b7c24ee6486cb8cc430db4f22588b071f99522c42d5cca29ec_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:026ffd6c71975c0e58a498508a5512979d241aaf6ae56588094c48cf78bf52d7_s390x",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:64ce86fb690eef8d8a0896fa44b6292401222592ced1978ffb2450c9727fc50a_ppc64le",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:86f789197043c3acc481883a7abe70ec22ce9e1acc98ca2dc51a97d54fb2d992_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:4e5d9a6fe8e10dacf7b65f752b5d84bec38d707cba8bd95513fe7c9de7c75c47_s390x",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:5685b4aa856ac7c2c9d434ad96fa55981f4bae45a4eaa4747b34752b4454ef49_ppc64le",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:d4f2c24ed74f76af477427b7bb7159d08f480fa9890cb1227307b286c9be2771_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:67737aa0e08a5d8a9ee40cc08d00c6d8211b583c5936e9a426f6a5f625b184aa_s390x",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:d2b310ddc6c5d000234c8d8ac1c9e993c2de49426c251d36077c504a51ab9460_ppc64le",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:e1d90bda5bed0ede104b699e42fb69eae32cd2bf786c0864626b8fbb6a311dcf_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:092d1d030ba909855a3de504e0373fc9cbf6d74dd5dca3f94b151e5c3ce4d6ff_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:59bec1f6dee73acd7e2df63feb1f577dc8e9c391fe5b18b3c1535f2fa4cbbae9_s390x",
"8Base-Quay-3:quay/quay-rhel8@sha256:fa3ce51dede997f0b0c71bf8c26f3f97c6fd4130d47abba770d3ad122f78fe2d_ppc64le"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-01-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods"
}
]
}
RHSA-2020:2412
Vulnerability from csaf_redhat - Published: 2020-07-13 17:22 - Updated: 2026-06-02 17:25Summary
Red Hat Security Advisory: OpenShift Container Platform 4.5 container image security update
Severity
Moderate
Notes
Topic: An update is now available for Red Hat OpenShift Container Platform 4.5.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allowed for panic (CVE-2020-9283)
* kubernetes: Denial of service in API server via crafted YAML payloads by authorized users (CVE-2019-11254)
* js-jquery: prototype pollution in object's prototype led to denial of service or remote code execution or property injection (CVE-2019-11358)
* kubernetes: node localhost services reachable via martian packets (CVE-2020-8558)
* containernetworking/plugins: IPv6 router advertisements allowed for MitM attacks on IPv4 clusters (CVE-2020-10749)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Kubernetes that allows the logging of credentials when mounting AzureFile and CephFS volumes. This flaw allows an attacker to access kubelet logs, read the credentials, and use them to access other services. The highest threat from this vulnerability is to confidentiality.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64 | — |
Threats
Impact
Moderate
The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.
6.5 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64 | — |
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64 | — |
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64 | — |
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64 | — |
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.
5.6 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64 | — |
Threats
Impact
Moderate
A flaw was found in Kubernetes that allows attackers on adjacent networks to reach services exposed on localhost ports, previously thought to be unreachable. This flaw allows an attacker to gain privileges or access confidential information for any services listening on localhost ports that are not protected by authentication.
5.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64 | — |
Threats
Impact
Moderate
A denial of service vulnerability was found in the SSH package of the golang.org/x/crypto library. An attacker could exploit this flaw by supplying crafted SSH ed25519 keys to cause a crash in applications that use this package as either an SSH client or server.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64 | — |
Threats
Impact
Low
A vulnerability was found in affected container networking implementations that allow malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending “rogue” IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.
6.0 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64 | — |
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64 | — |
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64 | — |
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64 | — |
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64 | — |
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.
6.1 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64 | — |
Threats
Impact
Moderate
A flaw was found in jQuery. HTML containing \<option\> elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.
6.1 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64 | — |
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64 | — |
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64 | — |
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64 | — |
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64 | — |
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64 | — |
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Moderate
References
51 references
Acknowledgments
the Kubernetes Product Security Committee
Palo Alto Networks
Yuval Avrahami
Ariel Zelivansky
Ericsson
János Kövér
NCC Group
Rory McCune
Etienne Champetier
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift Container Platform 4.5.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allowed for panic (CVE-2020-9283)\n\n* kubernetes: Denial of service in API server via crafted YAML payloads by authorized users (CVE-2019-11254)\n\n* js-jquery: prototype pollution in object\u0027s prototype led to denial of service or remote code execution or property injection (CVE-2019-11358)\n\n* kubernetes: node localhost services reachable via martian packets (CVE-2020-8558)\n\n* containernetworking/plugins: IPv6 router advertisements allowed for MitM attacks on IPv4 clusters (CVE-2020-10749)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* jQuery: passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:2412",
"url": "https://access.redhat.com/errata/RHSA-2020:2412"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "1804533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1804533"
},
{
"category": "external",
"summary": "1819486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819486"
},
{
"category": "external",
"summary": "1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "1833220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1833220"
},
{
"category": "external",
"summary": "1843358",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843358"
},
{
"category": "external",
"summary": "1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2412.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.5 container image security update",
"tracking": {
"current_release_date": "2026-06-02T17:25:44+00:00",
"generator": {
"date": "2026-06-02T17:25:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2020:2412",
"initial_release_date": "2020-07-13T17:22:28+00:00",
"revision_history": [
{
"date": "2020-07-13T17:22:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-07-13T17:22:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T17:25:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.5",
"product": {
"name": "Red Hat OpenShift Container Platform 4.5",
"product_id": "7Server-RH7-RHOSE-4.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.5::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64",
"product": {
"name": "openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64",
"product_id": "openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-logging-operator\u0026tag=v4.5.0-202007012112.p0"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64",
"product": {
"name": "openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64",
"product_id": "openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-multus-cni\u0026tag=v4.5.0-202007012112.p0"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64",
"product": {
"name": "openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64",
"product_id": "openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-oauth-server-rhel7\u0026tag=v4.5.0-202007012112.p0"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64",
"product": {
"name": "openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64",
"product_id": "openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-capacity\u0026tag=v4.5.0-202007012112.p0"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64",
"product": {
"name": "openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64",
"product_id": "openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-console\u0026tag=v4.5.0-202007012112.p0"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64",
"product": {
"name": "openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64",
"product_id": "openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-hyperkube\u0026tag=v4.5.0-202007100518.p0"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64",
"product": {
"name": "openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64",
"product_id": "openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-machine-approver\u0026tag=v4.5.0-202007012112.p0"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64 as a component of Red Hat OpenShift Container Platform 4.5",
"product_id": "7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64"
},
"product_reference": "openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64 as a component of Red Hat OpenShift Container Platform 4.5",
"product_id": "7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64"
},
"product_reference": "openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64 as a component of Red Hat OpenShift Container Platform 4.5",
"product_id": "7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64"
},
"product_reference": "openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64 as a component of Red Hat OpenShift Container Platform 4.5",
"product_id": "7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64"
},
"product_reference": "openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64 as a component of Red Hat OpenShift Container Platform 4.5",
"product_id": "7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64"
},
"product_reference": "openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64 as a component of Red Hat OpenShift Container Platform 4.5",
"product_id": "7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64"
},
"product_reference": "openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64 as a component of Red Hat OpenShift Container Platform 4.5",
"product_id": "7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64"
},
"product_reference": "openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-11252",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2020-07-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1860158"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Kubernetes that allows the logging of credentials when mounting AzureFile and CephFS volumes. This flaw allows an attacker to access kubelet logs, read the credentials, and use them to access other services. The highest threat from this vulnerability is to confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kubernetes: credential leak in kube-controller-manager via error messages in mount failure logs and events for AzureFile and CephFS volumes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) included the upstream patch for this flaw in the release of version 4.5. Prior versions are affected as OCP 4 supports AzureFile volumes and OCP 3 supports both AzureFile and CephFS volumes. OCP clusters not using these volume types are not vulnerable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11252"
},
{
"category": "external",
"summary": "RHBZ#1860158",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860158"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11252",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11252"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11252",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11252"
}
],
"release_date": "2020-03-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-13T17:22:28+00:00",
"details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for release 4.5.1, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.",
"product_ids": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2412"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kubernetes: credential leak in kube-controller-manager via error messages in mount failure logs and events for AzureFile and CephFS volumes"
},
{
"cve": "CVE-2019-11254",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-04-01T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1819486"
}
],
"notes": [
{
"category": "description",
"text": "The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kubernetes: Denial of service in API server via crafted YAML payloads by authorized users",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The upstream Kubernetes fix for this vulnerability is to update the version of the Go dependency, gopkg.in/yaml.v2. This issue affects OpenShift Container Platform components that use versions before 2.2.8 of gopkg.in/yaml.v2 and accept YAML payloads.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11254"
},
{
"category": "external",
"summary": "RHBZ#1819486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11254",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11254"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11254",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11254"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc",
"url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc"
}
],
"release_date": "2020-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-13T17:22:28+00:00",
"details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for release 4.5.1, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.",
"product_ids": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2412"
},
{
"category": "workaround",
"details": "Prevent unauthenticated or unauthorized access to the API server",
"product_ids": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kubernetes: Denial of service in API server via crafted YAML payloads by authorized users"
},
{
"cve": "CVE-2019-11358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1701972"
}
],
"notes": [
{
"category": "description",
"text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11358"
},
{
"category": "external",
"summary": "RHBZ#1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"category": "external",
"summary": "https://www.drupal.org/sa-core-2019-006",
"url": "https://www.drupal.org/sa-core-2019-006"
}
],
"release_date": "2019-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-13T17:22:28+00:00",
"details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for release 4.5.1, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.",
"product_ids": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2412"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection"
},
{
"acknowledgments": [
{
"names": [
"the Kubernetes Product Security Committee"
]
},
{
"names": [
"Yuval Avrahami",
"Ariel Zelivansky"
],
"organization": "Palo Alto Networks",
"summary": "Acknowledged by upstream."
},
{
"names": [
"J\u00e1nos K\u00f6v\u00e9r"
],
"organization": "Ericsson",
"summary": "Acknowledged by upstream."
},
{
"names": [
"Rory McCune"
],
"organization": "NCC Group",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-8558",
"cwe": {
"id": "CWE-300",
"name": "Channel Accessible by Non-Endpoint"
},
"discovery_date": "2020-05-29T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1843358"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Kubernetes that allows attackers on adjacent networks to reach services exposed on localhost ports, previously thought to be unreachable. This flaw allows an attacker to gain privileges or access confidential information for any services listening on localhost ports that are not protected by authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kubernetes: node localhost services reachable via martian packets",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform does not expose the API server on a localhost port without authentication. The only service exposed on a localhost port not protected by authentication is Metrics, which exposes some cluster metadata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8558"
},
{
"category": "external",
"summary": "RHBZ#1843358",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843358"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8558",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8558"
},
{
"category": "external",
"summary": "https://groups.google.com/g/kubernetes-security-announce/c/B1VegbBDMTE",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/B1VegbBDMTE"
}
],
"release_date": "2020-07-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-13T17:22:28+00:00",
"details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for release 4.5.1, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.",
"product_ids": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2412"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kubernetes: node localhost services reachable via martian packets"
},
{
"cve": "CVE-2020-9283",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2020-02-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1804533"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in the SSH package of the golang.org/x/crypto library. An attacker could exploit this flaw by supplying crafted SSH ed25519 keys to cause a crash in applications that use this package as either an SSH client or server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform uses the vulnerable library in a number of components but strictly as an SSH client. The severity of this vulnerability is reduced for clients as it requires connections to malicious SSH servers, with the maximum impact only a client crash. This vulnerability is rated Low for OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-9283"
},
{
"category": "external",
"summary": "RHBZ#1804533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1804533"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9283",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9283"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY",
"url": "https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY"
}
],
"release_date": "2020-02-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-13T17:22:28+00:00",
"details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for release 4.5.1, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.",
"product_ids": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2412"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic"
},
{
"acknowledgments": [
{
"names": [
"the Kubernetes Product Security Committee"
]
},
{
"names": [
"Etienne Champetier"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-10749",
"cwe": {
"id": "CWE-300",
"name": "Channel Accessible by Non-Endpoint"
},
"discovery_date": "2020-05-08T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1833220"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in affected container networking implementations that allow malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending \u201crogue\u201d IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform 4, the default network plugin, OpenShift SDN, and OVN Kubernetes, do not forward IPv6 traffic, making this vulnerability not exploitable. The affected code from containernetworking/plugins is however still included in these plugins, hence this vulnerability is rated Low for both OpenShift SDN and OVN-Kubernetes.\n\nIPv6 traffic is not forwarded by the OpenShift SDN in OpenShift Container Platform 3.11, making this vulnerability not exploitable. However, the affected code from containernetworking/plugins is still included in the atomic-openshift package, hence this vulnerability is rated Low for OpenShift Container Platform 3.11.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10749"
},
{
"category": "external",
"summary": "RHBZ#1833220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1833220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10749",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10749"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10749",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10749"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/BMb_6ICCfp8",
"url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/BMb_6ICCfp8"
}
],
"release_date": "2020-06-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-13T17:22:28+00:00",
"details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for release 4.5.1, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.",
"product_ids": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2412"
},
{
"category": "workaround",
"details": "Prevent untrusted, non-privileged containers from running with CAP_NET_RAW.",
"product_ids": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters"
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-04-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828406"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "RHBZ#1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
"url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2"
}
],
"release_date": "2020-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-13T17:22:28+00:00",
"details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for release 4.5.1, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.",
"product_ids": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2412"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method"
},
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.\n\nMultiple Red Hat offerings use doxygen to build documentation. During this process an affected jquery.js file can be included in the resulting package. The \u0027gcc\u0027 and \u0027tbb\u0027 packages were potentially vulnerable via this method.\n\nOpenShift Container Platform 4 is not affected because even though it uses the \u0027gcc\u0027 component, vulnerable code is limited within the libstdc++-docs rpm package, which is not shipped.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11023"
},
{
"category": "external",
"summary": "RHBZ#1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2020-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-13T17:22:28+00:00",
"details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for release 4.5.1, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.",
"product_ids": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2412"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-capacity@sha256:d5e08d20c26a06ba87da356e9d2214b3c2a9b0f95b7e38028afbd8bb48b1ca92_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-logging-operator@sha256:ba8d0825e4a292d16eae81a02bc24bb069ed547e9d1910449746cf0a643d2fe2_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-cluster-machine-approver@sha256:42c4d1b8d4597b6d36f0d38579484bfeae16bbbdcf08801405ee19e6758a361d_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-console@sha256:9b3eae3982cbfe287635f85a3eecf9aabdb233d3e6c8df725190e214d4521034_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-hyperkube@sha256:4e2b3627fe571bc63d57290cf96b914d45ebe2e0efe0b14bd3530fd34e7b288c_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-multus-cni@sha256:2a2674e5f2422cb2f1c61299cbd5a72576161d12707f86b5131e46c13d5f33e3_amd64",
"7Server-RH7-RHOSE-4.5:openshift4/ose-oauth-server-rhel7@sha256:143209653c725c16da6312e1cc7cc1a8c6ac634aee1eb6d5d52c31244cadc6df_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-01-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods"
}
]
}
RHSA-2020:2813
Vulnerability from csaf_redhat - Published: 2020-07-02 13:21 - Updated: 2026-05-25 14:23Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.4.1 security update
Severity
Important
Notes
Topic: A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.4.1 serves as a replacement for Red Hat Single Sign-On 7.4.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* keycloak: verify-token-audience support is missing in the NodeJS adapter (CVE-2020-1694)
* keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution (CVE-2020-1714)
* js-jquery: jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* js-jquery: jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)
* undertow: invalid HTTP request with large chunk size (CVE-2020-10719)
* keycloak: top-level navigations to data URLs resulting in XSS are possible (incomplete fix of CVE-2020-1697) (CVE-2020-10748)
* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)
* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)
* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)
* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Keycloak, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions.
CWE-732 - Incorrect Permission Assignment for Critical ResourceAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.4.1
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.4
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in Keycloak, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.4.1
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.4
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A "gadget" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.4.1
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.4
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.4.1
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.4
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.4.1
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.4
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.4.1
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.4
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Undertow, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.4.1
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.4
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Keycloak's data filter, where it allowed the processing of data URLs in some circumstances. This flaw allows an attacker to conduct cross-site scripting or further attacks.
6.1 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.4.1
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.4
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.4.1
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.4
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.
6.1 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.4.1
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.4
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in jQuery. HTML containing \<option\> elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.
6.1 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.4.1
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.4
|
— |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Moderate
References
62 references
Acknowledgments
Thomas Darimont
ZeddYu
Chair for Network and Data Security at Ruhr University Bochum
Lauritz Holtmann
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.4.1 serves as a replacement for Red Hat Single Sign-On 7.4.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* keycloak: verify-token-audience support is missing in the NodeJS adapter (CVE-2020-1694)\n\n* keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution (CVE-2020-1714)\n\n* js-jquery: jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* js-jquery: jQuery: passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)\n\n* undertow: invalid HTTP request with large chunk size (CVE-2020-10719)\n\n* keycloak: top-level navigations to data URLs resulting in XSS are possible (incomplete fix of CVE-2020-1697) (CVE-2020-10748)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)\n\n* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:2813",
"url": "https://access.redhat.com/errata/RHSA-2020:2813"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=core.service.rhsso\u0026version=7.4",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=core.service.rhsso\u0026version=7.4"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/"
},
{
"category": "external",
"summary": "1705975",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705975"
},
{
"category": "external",
"summary": "1790759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790759"
},
{
"category": "external",
"summary": "1816330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330"
},
{
"category": "external",
"summary": "1816332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332"
},
{
"category": "external",
"summary": "1816337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337"
},
{
"category": "external",
"summary": "1816340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340"
},
{
"category": "external",
"summary": "1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "1828459",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828459"
},
{
"category": "external",
"summary": "1836786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1836786"
},
{
"category": "external",
"summary": "1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2813.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.4.1 security update",
"tracking": {
"current_release_date": "2026-05-25T14:23:43+00:00",
"generator": {
"date": "2026-05-25T14:23:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2020:2813",
"initial_release_date": "2020-07-02T13:21:10+00:00",
"revision_history": [
{
"date": "2020-07-02T13:21:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-07-02T13:21:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-25T14:23:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Single Sign-On 7.4.1",
"product": {
"name": "Red Hat Single Sign-On 7.4.1",
"product_id": "Red Hat Single Sign-On 7.4.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_single_sign_on:7.4"
}
}
}
],
"category": "product_family",
"name": "Red Hat Single Sign-On"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-1694",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2019-12-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1790759"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: verify-token-audience support is missing in the NodeJS adapter",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1694"
},
{
"category": "external",
"summary": "RHBZ#1790759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790759"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1694",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1694"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1694",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1694"
}
],
"release_date": "2020-07-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-02T13:21:10+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Single Sign-On 7.4.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "keycloak: verify-token-audience support is missing in the NodeJS adapter"
},
{
"acknowledgments": [
{
"names": [
"Thomas Darimont"
]
}
],
"cve": "CVE-2020-1714",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-04-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1705975"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1714"
},
{
"category": "external",
"summary": "RHBZ#1705975",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705975"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1714",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1714"
}
],
"release_date": "2020-05-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-02T13:21:10+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2813"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"Red Hat Single Sign-On 7.4.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat Single Sign-On 7.4.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution"
},
{
"cve": "CVE-2020-8840",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816330"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A \"gadget\" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8840"
},
{
"category": "external",
"summary": "RHBZ#1816330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-02T13:21:10+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking"
},
{
"cve": "CVE-2020-9546",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816332"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in shaded-hikari-config",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-9546"
},
{
"category": "external",
"summary": "RHBZ#1816332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-02T13:21:10+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in shaded-hikari-config"
},
{
"cve": "CVE-2020-9547",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816337"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in ibatis-sqlmap",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-9547"
},
{
"category": "external",
"summary": "RHBZ#1816337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-02T13:21:10+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in ibatis-sqlmap"
},
{
"cve": "CVE-2020-9548",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in anteros-core",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-9548"
},
{
"category": "external",
"summary": "RHBZ#1816340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-02T13:21:10+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in anteros-core"
},
{
"acknowledgments": [
{
"names": [
"ZeddYu"
]
}
],
"cve": "CVE-2020-10719",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2020-02-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828459"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: invalid HTTP request with large chunk size",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10719"
},
{
"category": "external",
"summary": "RHBZ#1828459",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828459"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10719",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10719"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10719",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10719"
}
],
"release_date": "2020-05-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-02T13:21:10+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: invalid HTTP request with large chunk size"
},
{
"acknowledgments": [
{
"names": [
"Lauritz Holtmann"
],
"organization": "Chair for Network and Data Security at Ruhr University Bochum"
}
],
"cve": "CVE-2020-10748",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-05-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1836786"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak\u0027s data filter, where it allowed the processing of data URLs in some circumstances. This flaw allows an attacker to conduct cross-site scripting or further attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: top-level navigations to data URLs resulting in XSS are possible (incomplete fix of CVE-2020-1697)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10748"
},
{
"category": "external",
"summary": "RHBZ#1836786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1836786"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10748",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10748"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10748",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10748"
}
],
"release_date": "2020-07-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-02T13:21:10+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: top-level navigations to data URLs resulting in XSS are possible (incomplete fix of CVE-2020-1697)"
},
{
"cve": "CVE-2020-10969",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1819212"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in javax.swing.JEditorPane",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10969"
},
{
"category": "external",
"summary": "RHBZ#1819212",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819212"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10969",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10969",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10969"
}
],
"release_date": "2020-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-02T13:21:10+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2813"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Single Sign-On 7.4.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: Serialization gadgets in javax.swing.JEditorPane"
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-04-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828406"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "RHBZ#1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
"url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2"
}
],
"release_date": "2020-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-02T13:21:10+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2813"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method"
},
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.\n\nMultiple Red Hat offerings use doxygen to build documentation. During this process an affected jquery.js file can be included in the resulting package. The \u0027gcc\u0027 and \u0027tbb\u0027 packages were potentially vulnerable via this method.\n\nOpenShift Container Platform 4 is not affected because even though it uses the \u0027gcc\u0027 component, vulnerable code is limited within the libstdc++-docs rpm package, which is not shipped.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11023"
},
{
"category": "external",
"summary": "RHBZ#1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2020-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-07-02T13:21:10+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2813"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Single Sign-On 7.4.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.1"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-01-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…