Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2020:3369
HistoryAug 06, 2020 - 8:06 p.m.

(RHSA-2020:3369) Moderate: Red Hat OpenShift Service Mesh security update

2020-08-0620:06:08
access.redhat.com
48
red hat
openshift service mesh
istio
cve-2020-9283
cve-2020-8203
cve-2020-11023
cve-2020-12666
cve-2020-14040
security update

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.244

Percentile

96.7%

JSON

Red Hat OpenShift Service Mesh is Red Hat’s distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.

Security Fix(es):

  • golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)

  • nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)

  • jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)

  • macaron: open redirect in the static handler (CVE-2020-12666)

  • golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8x86_64servicemesh-sidecar-injector< 1.1.6-1.el8servicemesh-sidecar-injector-1.1.6-1.el8.x86_64.rpm
RedHat8x86_64servicemesh-prometheus< 2.14.0-14.el8servicemesh-prometheus-2.14.0-14.el8.x86_64.rpm
RedHat8x86_64servicemesh-citadel< 1.1.6-1.el8servicemesh-citadel-1.1.6-1.el8.x86_64.rpm
RedHat8x86_64servicemesh-istioctl< 1.1.6-1.el8servicemesh-istioctl-1.1.6-1.el8.x86_64.rpm
RedHat8x86_64servicemesh-pilot-discovery< 1.1.6-1.el8servicemesh-pilot-discovery-1.1.6-1.el8.x86_64.rpm
RedHat8x86_64servicemesh-grafana< 6.4.3-13.el8servicemesh-grafana-6.4.3-13.el8.x86_64.rpm
RedHat8x86_64ior< 1.1.6-1.el8ior-1.1.6-1.el8.x86_64.rpm
RedHat8x86_64servicemesh-galley< 1.1.6-1.el8servicemesh-galley-1.1.6-1.el8.x86_64.rpm
RedHat8x86_64servicemesh-pilot-agent< 1.1.6-1.el8servicemesh-pilot-agent-1.1.6-1.el8.x86_64.rpm
RedHat8x86_64servicemesh< 1.1.6-1.el8servicemesh-1.1.6-1.el8.x86_64.rpm
Rows per page:
1-10 of 161

Related

nessus 33
redhat 20
cve 6
fedora 4
openvas 11
github 5
nvd 5
exploitpack 1
debian 4
cvelist 5
debiancve 5
prion 5
redhatcve 5
osv 21
gitlab 4
veracode 5
hackerone 2
ibm 18
zdt 2
cgr 2
exploitdb 2
wolfi 2
archlinux 1
checkpoint_advisories 2
githubexploit 2
ubuntucve 4
packetstorm 2
oraclelinux 4
alpinelinux 1
ics 1
almalinux 2
amazon 3
rubygems 1
rocky 1
f5 1
huntr 1
atlassian 3
joomla 1
attackerkb 1
hp 1
nessus
nessus
RHEL 7 / 8 : Red Hat OpenShift Service Mesh (RHSA-2020:3369)
2020-08-07 00:00:00
RHEL 8 : Red Hat Virtualization (RHSA-2020:3807)
2020-09-23 00:00:00
Debian DLA-2455-1 : packer security update
2020-11-19 00:00:00
redhat
redhat
(RHSA-2020:3372) Moderate: Red Hat OpenShift Service Mesh 3scale-istio-adapter-rhel8-container security update
2020-08-06 20:17:21
(RHSA-2020:3807) Moderate: Red Hat Virtualization security, bug fix, and enhancement update
2020-09-23 15:54:23
(RHSA-2020:2789) Low: OpenShift Container Platform 4.4.11 ose-baremetal-operator-container security update
2020-07-06 20:25:04
cve
cve
CVE-2020-12666
2020-05-05 22:15:13
CVE-2020-9283
2020-02-20 20:15:10
CVE-2020-8203
2020-07-15 17:15:11
fedora
fedora
[SECURITY] Fedora 32 Update: golang-gopkg-macaron-1-1.4.0-1.fc32
2021-01-01 01:25:17
[SECURITY] Fedora 32 Update: golang-1.14.6-1.fc32
2020-07-30 17:53:53
[SECURITY] Fedora 31 Update: golang-1.13.14-1.fc31
2020-07-28 15:03:46
openvas
openvas
Fedora: Security Advisory for golang-gopkg-macaron-1 (FEDORA-2020-66e6e8d027)
2021-01-11 00:00:00
Debian: Security Advisory (DLA-2453-1)
2020-11-17 00:00:00
Debian: Security Advisory (DLA-2455-1)
2020-11-19 00:00:00
github
github
gopkg.in/macaron.v1 Open Redirect vulnerability
2021-05-18 21:08:35
Improper Verification of Cryptographic Signature in golang.org/x/crypto
2021-05-18 15:29:31
Prototype Pollution in lodash
2020-07-15 19:15:48
nvd
nvd
CVE-2020-12666
2020-05-05 22:15:13
CVE-2020-8203
2020-07-15 17:15:11
CVE-2020-9283
2020-02-20 20:15:10
exploitpack
exploitpack
Go SSH servers 0.0.2 - Denial of Service (PoC)
2020-02-24 00:00:00
debian
debian
[SECURITY] [DLA 2455-1] packer security update
2020-11-18 21:02:24
[SECURITY] [DLA 2453-1] restic security update
2020-11-16 21:49:41
[SECURITY] [DLA 2608-1] jquery security update
2021-03-26 01:32:22
cvelist
cvelist
CVE-2020-9283
2020-02-20 00:00:00
CVE-2020-12666
2020-05-05 21:06:59
CVE-2020-8203
2020-07-15 16:10:27
debiancve
debiancve
CVE-2020-9283
2020-02-20 20:15:10
CVE-2020-8203
2020-07-15 17:15:11
CVE-2020-14040
2020-06-17 20:15:09
prion
prion
Open redirect
2020-05-05 22:15:00
Code injection
2020-07-15 17:15:00
Code injection
2020-02-20 20:15:00
redhatcve
redhatcve
CVE-2020-12666
2020-06-23 12:56:35
CVE-2020-9283
2021-08-15 06:09:30
CVE-2020-8203
2020-07-15 20:08:37
osv
osv
CVE-2020-12666
2020-05-05 22:15:13
Open redirect in gopkg.in/macaron.v1
2021-04-14 20:04:52
CVE-2020-8203
2020-07-15 17:15:11
gitlab
gitlab
URL Redirection to Untrusted Site (Open Redirect)
2020-05-05 00:00:00
Improper Verification of Cryptographic Signature
2020-02-20 00:00:00
Loop with Unreachable Exit Condition (Infinite Loop)
2020-06-17 00:00:00
veracode
veracode
Open Redirection
2020-05-08 06:12:07
Signature Verification With Malformed Public Keys
2020-02-21 05:23:31
Prototype Pollution
2020-04-28 09:42:14
hackerone
hackerone
Sifchain: SSH server due to Improper Signature Verification
2021-08-06 17:07:57
Node.js third-party modules: Prototype pollution attack (lodash)
2019-10-11 12:06:20
ibm
ibm
Security Bulletin: GO is is vulnerable to a denial of service on IBM Watson Machine Learning on CP4D
2021-05-03 15:17:07
Security Bulletin: A vulnerability exists in golang x/crypto (CVE-2020-9283) which is consumed by IBM CICS TX Standard
2023-02-14 21:14:53
Security Bulletin: A vulnerability exists in golang x/crypto (CVE-2020-9283) which is consumed by IBM CICS TX Advanced
2023-02-14 21:04:36
zdt
zdt
Go SSH servers 0.0.2 - Denial of Service Exploit
2020-02-24 00:00:00
jQuery 1.0.3 - Cross-Site Scripting Vulnerability
2021-04-14 00:00:00
cgr
cgr
CVE-2020-9283 vulnerabilities
2024-05-19 03:07:16
CVE-2020-14040 vulnerabilities
2024-05-19 03:07:16
exploitdb
exploitdb
Go SSH servers 0.0.2 - Denial of Service (PoC)
2020-02-24 00:00:00
jQuery 1.0.3 - Cross-Site Scripting (XSS)
2021-04-14 00:00:00
wolfi
wolfi
CVE-2020-9283 vulnerabilities
2024-09-30 09:32:54
CVE-2020-14040 vulnerabilities
2024-09-30 09:32:54
archlinux
archlinux
[ASA-202003-4] golang-golang-x-crypto: denial of service
2020-03-08 00:00:00
checkpoint_advisories
checkpoint_advisories
Google Golang Crypto Denial of Service (CVE-2020-9283)
2020-10-25 00:00:00
jQuery Cross Site Scripting (CVE-2020-11022; CVE-2020-11023)
2020-11-16 00:00:00
githubexploit
githubexploit
Exploit for Improper Verification of Cryptographic Signature in Golang Package Ssh
2020-06-02 10:55:37
Exploit for Prototype Pollution in Lodash
2020-12-01 09:45:48
ubuntucve
ubuntucve
CVE-2020-8203
2020-07-15 00:00:00
CVE-2020-9283
2020-02-20 00:00:00
CVE-2020-14040
2020-06-17 00:00:00
packetstorm
packetstorm
Go SSH 0.0.2 Denial Of Service
2020-02-23 00:00:00
jQuery 1.0.3 Cross Site Scripting
2021-04-14 00:00:00
oraclelinux
oraclelinux
ipa security and bug fix update
2021-03-19 00:00:00
bootstrap security update
2021-08-09 00:00:00
idm:DL1 and idm:client security, bug fix, and enhancement update
2021-05-25 00:00:00
alpinelinux
alpinelinux
CVE-2020-11023
2020-04-29 21:15:11
ics
ics
Sensormatic Electronics VideoEdge
2021-11-02 12:00:00
almalinux
almalinux
Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
2021-05-18 06:14:07
Low: pcs security, bug fix, and enhancement update
2021-11-09 08:21:49
amazon
amazon
Medium: ipa
2021-04-20 17:55:00
Medium: golang
2020-09-28 20:57:00
Medium: golang
2020-10-26 18:04:00
rubygems
rubygems
Potential XSS vulnerability in jQuery
2020-04-28 21:00:00
rocky
rocky
idm:DL1 and idm:client security, bug fix, and enhancement update
2021-05-18 06:14:07
f5
f5
K66544153 : jQuery vulnerability CVE-2020-11023
2020-08-03 00:00:00
huntr
huntr
Lodash 4.17.15 in use which is vulnerable to CVE-2020-8203
2023-02-20 02:52:19
atlassian
atlassian
Update jQuery to avoid CVE-2020-11022 and CVE-2020-11023
2021-02-02 09:59:24
Update jQuery to avoid CVE-2020-11022 and CVE-2020-11023
2021-02-02 09:59:24
jquery 2.2.4 XSS vulnerability
2022-08-24 14:53:45
joomla
joomla
[20200604] - Core - XSS in jQuery.htmlPrefilter
2020-04-10 00:00:00
attackerkb
attackerkb
CVE-2020-11023
2020-04-29 00:00:00
hp
hp
HPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)
2020-09-17 00:00:00

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.244

Percentile

96.7%

JSON
Related for RHSA-2020:3369
nessus33redhat20cve6fedora4openvas11github5nvd5exploitpack1debian4cvelist5debiancve5prion5redhatcve5osv21gitlab4veracode5hackerone2ibm18zdt2cgr2exploitdb2wolfi2archlinux1checkpoint_advisories2githubexploit2ubuntucve4packetstorm2oraclelinux4alpinelinux1ics1almalinux2amazon3rubygems1rocky1f51huntr1atlassian3joomla1attackerkb1hp1