6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
9.9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
64.8%
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. The Matrix Project is a module which handles creating Jenkins multi-configuration projects (matrix projects). Matrix Authorization allows configuring the lowest level permissions, such as starting new builds,
configuring items, or deleting them, individually.
Python-RSA is a RSA implementation in Python. It can be used as a Python
library as well as the commandline utility.
Ansible is a SSH-based configuration management, deployment, and task execution system. The openshift-ansible packages contain Ansible code and playbooks for installing and upgrading OpenShift Container Platform 3.
Security Fix(es):
jenkins: Stored XSS vulnerability in job build time trend (CVE-2020-2220)
jenkins: Stored XSS vulnerability in upstream cause (CVE-2020-2221)
jenkins: Stored XSS vulnerability in ‘keep forever’ badge icons (CVE-2020-2222)
jenkins: Stored XSS vulnerability in console links (CVE-2020-2223)
jenkins-2-plugins/matrix-project: Stored XSS vulnerability in single axis builds tooltips (CVE-2020-2224)
jenkins-2-plugins/matrix-project: Stored XSS vulnerability in multiple axis builds tooltips (CVE-2020-2225)
jenkins-2-plugins/matrix-auth: Stored XSS vulnerability in Matrix Authorization Strategy Plugin (CVE-2020-2226)
jenkins-jira-plugin: plugin information disclosure (CVE-2019-16541)
python-rsa: decryption of ciphertext leads to DoS (CVE-2020-13757)
openshift-ansible: cors allowed origin allows changing url protocol (CVE-2020-1741)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | noarch | openshift-ansible-test | < 3.11.272-1.git.0.79ab6e9.el7 | openshift-ansible-test-3.11.272-1.git.0.79ab6e9.el7.noarch.rpm |
RedHat | 7 | noarch | jenkins-2-plugins | < 3.11.1597310986-1.el7 | jenkins-2-plugins-3.11.1597310986-1.el7.noarch.rpm |
RedHat | 7 | noarch | openshift-ansible-docs | < 3.11.272-1.git.0.79ab6e9.el7 | openshift-ansible-docs-3.11.272-1.git.0.79ab6e9.el7.noarch.rpm |
RedHat | 7 | noarch | openshift-ansible-playbooks | < 3.11.272-1.git.0.79ab6e9.el7 | openshift-ansible-playbooks-3.11.272-1.git.0.79ab6e9.el7.noarch.rpm |
RedHat | 7 | noarch | openshift-ansible | < 3.11.272-1.git.0.79ab6e9.el7 | openshift-ansible-3.11.272-1.git.0.79ab6e9.el7.noarch.rpm |
RedHat | 7 | noarch | openshift-ansible-roles | < 3.11.272-1.git.0.79ab6e9.el7 | openshift-ansible-roles-3.11.272-1.git.0.79ab6e9.el7.noarch.rpm |
RedHat | 7 | noarch | python2-rsa | < 4.5-2.el7 | python2-rsa-4.5-2.el7.noarch.rpm |
RedHat | 7 | noarch | jenkins | < 2.235.2.1597220898-1.el7 | jenkins-2.235.2.1597220898-1.el7.noarch.rpm |
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
9.9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
64.8%