[RHSA-2020:4847] pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
Severity
Moderate
Affected Packages
65
CVEs
17
The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.
Security Fix(es):
jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
bootstrap: XSS in the data-target attribute (CVE-2016-10735)
bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)
pki: Dogtag's python client does not validate certificates (CVE-2020-15720)
pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page (CVE-2019-10146)
pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab (CVE-2019-10179)
pki-core: Reflected XSS in getcookies?url= endpoint in CA (CVE-2019-10221)
pki-core: KRA vulnerable to reflected XSS via the getPk12 page (CVE-2020-1721)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.
- ID
- RHSA-2020:4847
- Severity
- moderate
- URL
- https://access.redhat.com/errata/RHSA-2020:4847
- Published
-
2020-11-04T00:00:00
(3 years ago) - Modified
-
2020-11-04T00:00:00
(3 years ago) - Rights
- Copyright 2020 Red Hat, Inc.
- Other Advisories
-
-
ALAS-2020-1352
-
ALAS-2020-1353
-
ALAS-2020-1422
-
ALAS-2021-1472
-
ALAS-2022-1627
-
ALAS2-2020-1402
-
ALAS2-2020-1519
-
ALAS2-2021-1626
-
ALAS2-2021-1630
-
ALAS2-2023-1905
-
ALAS2-2023-2216
-
ALPINE:CVE-2015-9251
-
ALPINE:CVE-2019-11358
-
ALPINE:CVE-2020-11022
-
ALPINE:CVE-2020-11023
-
ALSA-2020:4670
-
ALSA-2020:4847
-
ALSA-2021:1846
-
ASA-201906-2
-
ASA-201910-4
-
CISA-2022:0303
-
DSA-4434-1
-
DSA-4460-1
-
DSA-4673-1
-
DSA-4680-1
-
DSA-4693-1
-
ELSA-2020-0855
-
ELSA-2020-0912
-
ELSA-2020-3936
-
ELSA-2020-5020
-
ELSA-2021-0851
-
ELSA-2021-0860
-
ELSA-2021-1846
-
ELSA-2021-9400
-
ELSA-2021-9552
-
ELSA-2022-7343
-
ELSA-2022-9177
-
FEDORA-2019-040857fd75
-
FEDORA-2019-1a3edd7e8a
-
FEDORA-2019-2a0ce0c58c
-
FEDORA-2019-41d6ffd6f0
-
FEDORA-2019-5f1a2cc839
-
FEDORA-2019-7eaf0bbe7c
-
FEDORA-2019-84a50e34a9
-
FEDORA-2019-a06dffab1c
-
FEDORA-2019-eba8e44ee6
-
FEDORA-2019-f563e66380
-
FEDORA-2020-04ac174fa9
-
FEDORA-2020-0b32a59b54
-
FEDORA-2020-0e42878ba7
-
FEDORA-2020-11be4b36d4
-
FEDORA-2020-36d2db5f51
-
FEDORA-2020-7dddce530c
-
FEDORA-2020-8a15713da2
-
FEDORA-2020-c870aa8378
-
FEDORA-2020-fbb94073a1
-
FEDORA-2020-fe94df8c34
-
FREEBSD:1FB13175-ED52-11EA-8B93-001B217B3468
-
FREEBSD:3C5A4FE0-9EBB-11E9-9169-FCAA147E860E
-
FREEBSD:416CA0F4-3FE0-11E9-BBDD-6805CA0B3D42
-
FREEBSD:81FCC2F9-E15A-11E9-ABBF-800DD28B22BD
-
FREEBSD:CD2DC126-CFE4-11EA-9172-4C72B94353B5
-
FREEBSD:ED8D5535-CA78-11E9-980B-999FF59C22EA
-
FREEBSD:FFC73E87-87F0-11E9-AD56-FCAA147E860E
-
GLSA-202003-43
-
GLSA-202007-03
-
MAVEN:GHSA-3WQF-4X89-9G79
-
MAVEN:GHSA-4P24-VMCR-4GQJ
-
MAVEN:GHSA-6C3J-C64M-QHGQ
-
MAVEN:GHSA-7MVR-5X2G-WFC8
-
MAVEN:GHSA-9V3M-8FP8-MJ99
-
MAVEN:GHSA-C9HW-WF7X-JP9J
-
MAVEN:GHSA-GXR4-XJJ5-5PX2
-
MAVEN:GHSA-H3CH-5PP2-VH6W
-
MAVEN:GHSA-JPCQ-CGW6-V4J6
-
MAVEN:GHSA-QXF4-CHVG-4R8R
-
MAVEN:GHSA-RMXG-73GG-4P98
-
NPM:GHSA-3WQF-4X89-9G79
-
NPM:GHSA-4P24-VMCR-4GQJ
-
NPM:GHSA-6C3J-C64M-QHGQ
-
NPM:GHSA-7MVR-5X2G-WFC8
-
NPM:GHSA-9V3M-8FP8-MJ99
-
NPM:GHSA-GXR4-XJJ5-5PX2
-
NPM:GHSA-JPCQ-CGW6-V4J6
-
NPM:GHSA-RMXG-73GG-4P98
-
openSUSE-SU-2019:1839-1
-
openSUSE-SU-2019:1872-1
-
openSUSE-SU-2020:0345-1
-
openSUSE-SU-2020:0395-1
-
openSUSE-SU-2020:0597-1
-
openSUSE-SU-2020:1060-1
-
openSUSE-SU-2020:1106-1
-
openSUSE-SU-2020:1888-1
-
RHSA-2020:0855
-
RHSA-2020:0912
-
RHSA-2020:3936
-
RHSA-2020:4670
-
RHSA-2020:5020
-
RHSA-2021:0851
-
RHSA-2021:0860
-
RHSA-2021:1846
-
RHSA-2021:4142
-
RHSA-2022:7343
-
RLSA-2020:4670
-
RLSA-2020:4847
-
RLSA-2021:1846
-
RUBYSEC:BOOTSTRAP-2016-10735
-
RUBYSEC:BOOTSTRAP-2018-14040
-
RUBYSEC:BOOTSTRAP-2018-14042
-
RUBYSEC:BOOTSTRAP-2019-8331
-
RUBYSEC:BOOTSTRAP-SASS-2016-10735
-
RUBYSEC:BOOTSTRAP-SASS-2018-14040
-
RUBYSEC:BOOTSTRAP-SASS-2018-14042
-
RUBYSEC:BOOTSTRAP-SASS-2019-8331
-
RUBYSEC:JQUERY-RAILS-2015-9251
-
RUBYSEC:JQUERY-RAILS-2019-11358
-
RUBYSEC:JQUERY-RAILS-2020-11022
-
RUBYSEC:JQUERY-RAILS-2020-11023
-
RUBYSEC:TWITTER-BOOTSTRAP-RAILS-2019-8331
-
SUSE-SU-2020:0598-1
-
SUSE-SU-2020:0631-1
-
SUSE-SU-2020:0632-1
-
SUSE-SU-2020:0725-1
-
SUSE-SU-2020:0737-1
-
SUSE-SU-2020:0806-1
-
SUSE-SU-2020:1111-1
-
SUSE-SU-2020:1126-1
-
SUSE-SU-2020:1272-1
-
SUSE-SU-2020:2292-1
-
SUSE-SU-2020:2373-1
-
SUSE-SU-2020:2611-1
-
SUSE-SU-2020:2650-1
-
TOMCAT:CVE-2020-1935
-
TOMCAT:CVE-2020-1938
-
TOMCAT:CVE-2022-25762
-
USN-4448-1
-
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/redhat/xsom?distro=redhat-8.1 | redhat |
 xsom
|
< 0-19.20110809svn.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
| Affected | pkg:rpm/redhat/xmlstreambuffer?distro=redhat-8.2 | redhat |
xmlstreambuffer
|
< 1.5.4-8.module+el8.2.0+5723+4574fbff | redhat-8.2 | ||
| Affected | pkg:rpm/redhat/xml-commons-resolver?distro=redhat-8.1 | redhat |
xml-commons-resolver
|
< 1.2-26.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
| Affected | pkg:rpm/redhat/xml-commons-apis?distro=redhat-8.1 | redhat |
xml-commons-apis
|
< 1.4.01-25.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
| Affected | pkg:rpm/redhat/xerces-j2?distro=redhat-8.1 | redhat |
xerces-j2
|
< 2.11.0-34.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
| Affected | pkg:rpm/redhat/xalan-j2?distro=redhat-8.1 | redhat |
xalan-j2
|
< 2.7.1-38.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
| Affected | pkg:rpm/redhat/velocity?distro=redhat-8.1 | redhat |
velocity
|
< 1.7-24.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
| Affected | pkg:rpm/redhat/tomcatjss?distro=redhat-8.3 | redhat |
tomcatjss
|
< 7.5.0-1.module+el8.3.0+7355+c59bcbd9 | redhat-8.3 | ||
| Affected | pkg:rpm/redhat/stax-ex?distro=redhat-8.2 | redhat |
stax-ex
|
< 1.7.7-8.module+el8.2.0+5723+4574fbff | redhat-8.2 | ||
| Affected | pkg:rpm/redhat/slf4j?distro=redhat-8.1 | redhat |
slf4j
|
< 1.7.25-4.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
| Affected | pkg:rpm/redhat/slf4j-jdk14?distro=redhat-8.1 | redhat |
slf4j-jdk14
|
< 1.7.25-4.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
| Affected | pkg:rpm/redhat/resteasy?distro=redhat-8.2 | redhat |
resteasy
|
< 3.0.26-3.module+el8.2.0+5723+4574fbff | redhat-8.2 | ||
| Affected | pkg:rpm/redhat/relaxngDatatype?distro=redhat-8.1 | redhat |
relaxngDatatype
|
< 2011.1-7.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
| Affected | pkg:rpm/redhat/python3-pki?distro=redhat-8.3 | redhat |
python3-pki
|
< 10.9.4-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | ||
| Affected | pkg:rpm/redhat/python3-nss?arch=x86_64&distro=redhat-8.1 | redhat |
python3-nss
|
< 1.0.1-10.module+el8.1.0+3366+6dfb954c | redhat-8.1 | x86_64 | |
| Affected | pkg:rpm/redhat/python3-nss?arch=s390x&distro=redhat-8.1 | redhat |
python3-nss
|
< 1.0.1-10.module+el8.1.0+3366+6dfb954c | redhat-8.1 | s390x | |
| Affected | pkg:rpm/redhat/python3-nss?arch=ppc64le&distro=redhat-8.1 | redhat |
python3-nss
|
< 1.0.1-10.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ppc64le | |
| Affected | pkg:rpm/redhat/python3-nss?arch=aarch64&distro=redhat-8.1 | redhat |
python3-nss
|
< 1.0.1-10.module+el8.1.0+3366+6dfb954c | redhat-8.1 | aarch64 | |
| Affected | pkg:rpm/redhat/python-nss-doc?arch=x86_64&distro=redhat-8.1 | redhat |
python-nss-doc
|
< 1.0.1-10.module+el8.1.0+3366+6dfb954c | redhat-8.1 | x86_64 | |
| Affected | pkg:rpm/redhat/python-nss-doc?arch=s390x&distro=redhat-8.1 | redhat |
python-nss-doc
|
< 1.0.1-10.module+el8.1.0+3366+6dfb954c | redhat-8.1 | s390x | |
| Affected | pkg:rpm/redhat/python-nss-doc?arch=ppc64le&distro=redhat-8.1 | redhat |
python-nss-doc
|
< 1.0.1-10.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ppc64le | |
| Affected | pkg:rpm/redhat/python-nss-doc?arch=aarch64&distro=redhat-8.1 | redhat |
python-nss-doc
|
< 1.0.1-10.module+el8.1.0+3366+6dfb954c | redhat-8.1 | aarch64 | |
| Affected | pkg:rpm/redhat/pki-tools?arch=x86_64&distro=redhat-8.3 | redhat |
pki-tools
|
< 10.9.4-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | x86_64 | |
| Affected | pkg:rpm/redhat/pki-tools?arch=s390x&distro=redhat-8.3 | redhat |
pki-tools
|
< 10.9.4-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | s390x | |
| Affected | pkg:rpm/redhat/pki-tools?arch=ppc64le&distro=redhat-8.3 | redhat |
pki-tools
|
< 10.9.4-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | ppc64le | |
| Affected | pkg:rpm/redhat/pki-tools?arch=aarch64&distro=redhat-8.3 | redhat |
pki-tools
|
< 10.9.4-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | aarch64 | |
| Affected | pkg:rpm/redhat/pki-symkey?arch=x86_64&distro=redhat-8.3 | redhat |
pki-symkey
|
< 10.9.4-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | x86_64 | |
| Affected | pkg:rpm/redhat/pki-symkey?arch=s390x&distro=redhat-8.3 | redhat |
pki-symkey
|
< 10.9.4-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | s390x | |
| Affected | pkg:rpm/redhat/pki-symkey?arch=ppc64le&distro=redhat-8.3 | redhat |
pki-symkey
|
< 10.9.4-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | ppc64le | |
| Affected | pkg:rpm/redhat/pki-symkey?arch=aarch64&distro=redhat-8.3 | redhat |
pki-symkey
|
< 10.9.4-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | aarch64 | |
| Affected | pkg:rpm/redhat/pki-servlet-engine?distro=redhat-8.3 | redhat |
pki-servlet-engine
|
< 9.0.30-1.module+el8.3.0+6730+8f9c6254 | redhat-8.3 | ||
| Affected | pkg:rpm/redhat/pki-servlet-4.0-api?distro=redhat-8.3 | redhat |
pki-servlet-4.0-api
|
< 9.0.30-1.module+el8.3.0+6730+8f9c6254 | redhat-8.3 | ||
| Affected | pkg:rpm/redhat/pki-server?distro=redhat-8.3 | redhat |
pki-server
|
< 10.9.4-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | ||
| Affected | pkg:rpm/redhat/pki-kra?distro=redhat-8.3 | redhat |
pki-kra
|
< 10.9.4-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | ||
| Affected | pkg:rpm/redhat/pki-ca?distro=redhat-8.3 | redhat |
pki-ca
|
< 10.9.4-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | ||
| Affected | pkg:rpm/redhat/pki-base?distro=redhat-8.3 | redhat |
pki-base
|
< 10.9.4-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | ||
| Affected | pkg:rpm/redhat/pki-base-java?distro=redhat-8.3 | redhat |
pki-base-java
|
< 10.9.4-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | ||
| Affected | pkg:rpm/redhat/ldapjdk?distro=redhat-8.3 | redhat |
ldapjdk
|
< 4.22.0-1.module+el8.3.0+6784+6e1e4c62 | redhat-8.3 | ||
| Affected | pkg:rpm/redhat/ldapjdk-javadoc?distro=redhat-8.3 | redhat |
ldapjdk-javadoc
|
< 4.22.0-1.module+el8.3.0+6784+6e1e4c62 | redhat-8.3 | ||
| Affected | pkg:rpm/redhat/jss?arch=x86_64&distro=redhat-8.3 | redhat |
jss
|
< 4.7.3-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | x86_64 | |
| Affected | pkg:rpm/redhat/jss?arch=s390x&distro=redhat-8.3 | redhat |
jss
|
< 4.7.3-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | s390x | |
| Affected | pkg:rpm/redhat/jss?arch=ppc64le&distro=redhat-8.3 | redhat |
jss
|
< 4.7.3-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | ppc64le | |
| Affected | pkg:rpm/redhat/jss?arch=aarch64&distro=redhat-8.3 | redhat |
jss
|
< 4.7.3-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | aarch64 | |
| Affected | pkg:rpm/redhat/jss-javadoc?arch=x86_64&distro=redhat-8.3 | redhat |
jss-javadoc
|
< 4.7.3-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | x86_64 | |
| Affected | pkg:rpm/redhat/jss-javadoc?arch=s390x&distro=redhat-8.3 | redhat |
jss-javadoc
|
< 4.7.3-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | s390x | |
| Affected | pkg:rpm/redhat/jss-javadoc?arch=ppc64le&distro=redhat-8.3 | redhat |
jss-javadoc
|
< 4.7.3-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | ppc64le | |
| Affected | pkg:rpm/redhat/jss-javadoc?arch=aarch64&distro=redhat-8.3 | redhat |
jss-javadoc
|
< 4.7.3-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | aarch64 | |
| Affected | pkg:rpm/redhat/javassist?distro=redhat-8.1 | redhat |
javassist
|
< 3.18.1-8.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
| Affected | pkg:rpm/redhat/javassist-javadoc?distro=redhat-8.1 | redhat |
javassist-javadoc
|
< 3.18.1-8.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
| Affected | pkg:rpm/redhat/jakarta-commons-httpclient?distro=redhat-8.1 | redhat |
jakarta-commons-httpclient
|
< 3.1-28.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
| Affected | pkg:rpm/redhat/jackson-module-jaxb-annotations?distro=redhat-8.1 | redhat |
jackson-module-jaxb-annotations
|
< 2.7.6-4.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
| Affected | pkg:rpm/redhat/jackson-jaxrs-providers?distro=redhat-8.1 | redhat |
jackson-jaxrs-providers
|
< 2.9.9-1.module+el8.1.0+3832+9784644d | redhat-8.1 | ||
| Affected | pkg:rpm/redhat/jackson-jaxrs-json-provider?distro=redhat-8.1 | redhat |
jackson-jaxrs-json-provider
|
< 2.9.9-1.module+el8.1.0+3832+9784644d | redhat-8.1 | ||
| Affected | pkg:rpm/redhat/jackson-databind?distro=redhat-8.2 | redhat |
jackson-databind
|
< 2.10.0-1.module+el8.2.0+5059+3eb3af25 | redhat-8.2 | ||
| Affected | pkg:rpm/redhat/jackson-core?distro=redhat-8.2 | redhat |
jackson-core
|
< 2.10.0-1.module+el8.2.0+5059+3eb3af25 | redhat-8.2 | ||
| Affected | pkg:rpm/redhat/jackson-annotations?distro=redhat-8.2 | redhat |
jackson-annotations
|
< 2.10.0-1.module+el8.2.0+5059+3eb3af25 | redhat-8.2 | ||
| Affected | pkg:rpm/redhat/glassfish-jaxb-txw2?distro=redhat-8.1 | redhat |
glassfish-jaxb-txw2
|
< 2.2.11-11.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
| Affected | pkg:rpm/redhat/glassfish-jaxb-runtime?distro=redhat-8.1 | redhat |
glassfish-jaxb-runtime
|
< 2.2.11-11.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
| Affected | pkg:rpm/redhat/glassfish-jaxb-core?distro=redhat-8.1 | redhat |
glassfish-jaxb-core
|
< 2.2.11-11.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
| Affected | pkg:rpm/redhat/glassfish-jaxb-api?distro=redhat-8.1 | redhat |
glassfish-jaxb-api
|
< 2.2.12-8.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
| Affected | pkg:rpm/redhat/glassfish-fastinfoset?distro=redhat-8.1 | redhat |
glassfish-fastinfoset
|
< 1.2.13-9.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
| Affected | pkg:rpm/redhat/bea-stax-api?distro=redhat-8.1 | redhat |
bea-stax-api
|
< 1.2.0-16.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
| Affected | pkg:rpm/redhat/apache-commons-net?distro=redhat-8.3 | redhat |
apache-commons-net
|
< 3.6-3.module+el8.3.0+6805+72837426 | redhat-8.3 | ||
| Affected | pkg:rpm/redhat/apache-commons-lang?distro=redhat-8.1 | redhat |
apache-commons-lang
|
< 2.6-21.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
| Affected | pkg:rpm/redhat/apache-commons-collections?distro=redhat-8.1 | redhat |
apache-commons-collections
|
< 3.2.2-10.module+el8.1.0+3366+6dfb954c | redhat-8.1 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |