[RHSA-2020:4847] pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.
Security Fix(es):
jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
bootstrap: XSS in the data-target attribute (CVE-2016-10735)
bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)
pki: Dogtag's python client does not validate certificates (CVE-2020-15720)
pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page (CVE-2019-10146)
pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab (CVE-2019-10179)
pki-core: Reflected XSS in getcookies?url= endpoint in CA (CVE-2019-10221)
pki-core: KRA vulnerable to reflected XSS via the getPk12 page (CVE-2020-1721)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.
- ID
- RHSA-2020:4847
- Severity
- moderate
- URL
- https://access.redhat.com/errata/RHSA-2020:4847
- Published
-
2020-11-04T00:00:00
(3 years ago) - Modified
-
2020-11-04T00:00:00
(3 years ago) - Rights
- Copyright 2020 Red Hat, Inc.
- Other Advisories
-
- ALAS-2020-1352
- ALAS-2020-1353
- ALAS-2020-1422
- ALAS-2021-1472
- ALAS-2022-1627
- ALAS2-2020-1402
- ALAS2-2020-1519
- ALAS2-2021-1626
- ALAS2-2021-1630
- ALAS2-2023-1905
- ALAS2-2023-2216
- ALPINE:CVE-2015-9251
- ALPINE:CVE-2019-11358
- ALPINE:CVE-2020-11022
- ALPINE:CVE-2020-11023
- ALSA-2020:4670
- ALSA-2020:4847
- ALSA-2021:1846
- ASA-201906-2
- ASA-201910-4
- CISA-2022:0303
- DSA-4434-1
- DSA-4460-1
- DSA-4673-1
- DSA-4680-1
- DSA-4693-1
- ELSA-2020-0855
- ELSA-2020-0912
- ELSA-2020-3936
- ELSA-2020-5020
- ELSA-2021-0851
- ELSA-2021-0860
- ELSA-2021-1846
- ELSA-2021-9400
- ELSA-2021-9552
- ELSA-2022-7343
- ELSA-2022-9177
- FEDORA-2019-040857fd75
- FEDORA-2019-1a3edd7e8a
- FEDORA-2019-2a0ce0c58c
- FEDORA-2019-41d6ffd6f0
- FEDORA-2019-5f1a2cc839
- FEDORA-2019-7eaf0bbe7c
- FEDORA-2019-84a50e34a9
- FEDORA-2019-a06dffab1c
- FEDORA-2019-eba8e44ee6
- FEDORA-2019-f563e66380
- FEDORA-2020-04ac174fa9
- FEDORA-2020-0b32a59b54
- FEDORA-2020-0e42878ba7
- FEDORA-2020-11be4b36d4
- FEDORA-2020-36d2db5f51
- FEDORA-2020-7dddce530c
- FEDORA-2020-8a15713da2
- FEDORA-2020-c870aa8378
- FEDORA-2020-fbb94073a1
- FEDORA-2020-fe94df8c34
- FREEBSD:1FB13175-ED52-11EA-8B93-001B217B3468
- FREEBSD:3C5A4FE0-9EBB-11E9-9169-FCAA147E860E
- FREEBSD:416CA0F4-3FE0-11E9-BBDD-6805CA0B3D42
- FREEBSD:81FCC2F9-E15A-11E9-ABBF-800DD28B22BD
- FREEBSD:CD2DC126-CFE4-11EA-9172-4C72B94353B5
- FREEBSD:ED8D5535-CA78-11E9-980B-999FF59C22EA
- FREEBSD:FFC73E87-87F0-11E9-AD56-FCAA147E860E
- GLSA-202003-43
- GLSA-202007-03
- MAVEN:GHSA-3WQF-4X89-9G79
- MAVEN:GHSA-4P24-VMCR-4GQJ
- MAVEN:GHSA-6C3J-C64M-QHGQ
- MAVEN:GHSA-7MVR-5X2G-WFC8
- MAVEN:GHSA-9V3M-8FP8-MJ99
- MAVEN:GHSA-C9HW-WF7X-JP9J
- MAVEN:GHSA-GXR4-XJJ5-5PX2
- MAVEN:GHSA-H3CH-5PP2-VH6W
- MAVEN:GHSA-JPCQ-CGW6-V4J6
- MAVEN:GHSA-QXF4-CHVG-4R8R
- MAVEN:GHSA-RMXG-73GG-4P98
- NPM:GHSA-3WQF-4X89-9G79
- NPM:GHSA-4P24-VMCR-4GQJ
- NPM:GHSA-6C3J-C64M-QHGQ
- NPM:GHSA-7MVR-5X2G-WFC8
- NPM:GHSA-9V3M-8FP8-MJ99
- NPM:GHSA-GXR4-XJJ5-5PX2
- NPM:GHSA-JPCQ-CGW6-V4J6
- NPM:GHSA-RMXG-73GG-4P98
- openSUSE-SU-2019:1839-1
- openSUSE-SU-2019:1872-1
- openSUSE-SU-2020:0345-1
- openSUSE-SU-2020:0395-1
- openSUSE-SU-2020:0597-1
- openSUSE-SU-2020:1060-1
- openSUSE-SU-2020:1106-1
- openSUSE-SU-2020:1888-1
- RHSA-2020:0855
- RHSA-2020:0912
- RHSA-2020:3936
- RHSA-2020:4670
- RHSA-2020:5020
- RHSA-2021:0851
- RHSA-2021:0860
- RHSA-2021:1846
- RHSA-2021:4142
- RHSA-2022:7343
- RLSA-2020:4670
- RLSA-2020:4847
- RLSA-2021:1846
- RUBYSEC:BOOTSTRAP-2016-10735
- RUBYSEC:BOOTSTRAP-2018-14040
- RUBYSEC:BOOTSTRAP-2018-14042
- RUBYSEC:BOOTSTRAP-2019-8331
- RUBYSEC:BOOTSTRAP-SASS-2016-10735
- RUBYSEC:BOOTSTRAP-SASS-2018-14040
- RUBYSEC:BOOTSTRAP-SASS-2018-14042
- RUBYSEC:BOOTSTRAP-SASS-2019-8331
- RUBYSEC:JQUERY-RAILS-2015-9251
- RUBYSEC:JQUERY-RAILS-2019-11358
- RUBYSEC:JQUERY-RAILS-2020-11022
- RUBYSEC:JQUERY-RAILS-2020-11023
- RUBYSEC:TWITTER-BOOTSTRAP-RAILS-2019-8331
- SUSE-SU-2020:0598-1
- SUSE-SU-2020:0631-1
- SUSE-SU-2020:0632-1
- SUSE-SU-2020:0725-1
- SUSE-SU-2020:0737-1
- SUSE-SU-2020:0806-1
- SUSE-SU-2020:1111-1
- SUSE-SU-2020:1126-1
- SUSE-SU-2020:1272-1
- SUSE-SU-2020:2292-1
- SUSE-SU-2020:2373-1
- SUSE-SU-2020:2611-1
- SUSE-SU-2020:2650-1
- TOMCAT:CVE-2020-1935
- TOMCAT:CVE-2020-1938
- TOMCAT:CVE-2022-25762
- USN-4448-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/redhat/xsom?distro=redhat-8.1 | redhat | xsom | < 0-19.20110809svn.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
Affected | pkg:rpm/redhat/xmlstreambuffer?distro=redhat-8.2 | redhat | xmlstreambuffer | < 1.5.4-8.module+el8.2.0+5723+4574fbff | redhat-8.2 | ||
Affected | pkg:rpm/redhat/xml-commons-resolver?distro=redhat-8.1 | redhat | xml-commons-resolver | < 1.2-26.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
Affected | pkg:rpm/redhat/xml-commons-apis?distro=redhat-8.1 | redhat | xml-commons-apis | < 1.4.01-25.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
Affected | pkg:rpm/redhat/xerces-j2?distro=redhat-8.1 | redhat | xerces-j2 | < 2.11.0-34.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
Affected | pkg:rpm/redhat/xalan-j2?distro=redhat-8.1 | redhat | xalan-j2 | < 2.7.1-38.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
Affected | pkg:rpm/redhat/velocity?distro=redhat-8.1 | redhat | velocity | < 1.7-24.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
Affected | pkg:rpm/redhat/tomcatjss?distro=redhat-8.3 | redhat | tomcatjss | < 7.5.0-1.module+el8.3.0+7355+c59bcbd9 | redhat-8.3 | ||
Affected | pkg:rpm/redhat/stax-ex?distro=redhat-8.2 | redhat | stax-ex | < 1.7.7-8.module+el8.2.0+5723+4574fbff | redhat-8.2 | ||
Affected | pkg:rpm/redhat/slf4j?distro=redhat-8.1 | redhat | slf4j | < 1.7.25-4.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
Affected | pkg:rpm/redhat/slf4j-jdk14?distro=redhat-8.1 | redhat | slf4j-jdk14 | < 1.7.25-4.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
Affected | pkg:rpm/redhat/resteasy?distro=redhat-8.2 | redhat | resteasy | < 3.0.26-3.module+el8.2.0+5723+4574fbff | redhat-8.2 | ||
Affected | pkg:rpm/redhat/relaxngDatatype?distro=redhat-8.1 | redhat | relaxngDatatype | < 2011.1-7.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
Affected | pkg:rpm/redhat/python3-pki?distro=redhat-8.3 | redhat | python3-pki | < 10.9.4-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | ||
Affected | pkg:rpm/redhat/python3-nss?arch=x86_64&distro=redhat-8.1 | redhat | python3-nss | < 1.0.1-10.module+el8.1.0+3366+6dfb954c | redhat-8.1 | x86_64 | |
Affected | pkg:rpm/redhat/python3-nss?arch=s390x&distro=redhat-8.1 | redhat | python3-nss | < 1.0.1-10.module+el8.1.0+3366+6dfb954c | redhat-8.1 | s390x | |
Affected | pkg:rpm/redhat/python3-nss?arch=ppc64le&distro=redhat-8.1 | redhat | python3-nss | < 1.0.1-10.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ppc64le | |
Affected | pkg:rpm/redhat/python3-nss?arch=aarch64&distro=redhat-8.1 | redhat | python3-nss | < 1.0.1-10.module+el8.1.0+3366+6dfb954c | redhat-8.1 | aarch64 | |
Affected | pkg:rpm/redhat/python-nss-doc?arch=x86_64&distro=redhat-8.1 | redhat | python-nss-doc | < 1.0.1-10.module+el8.1.0+3366+6dfb954c | redhat-8.1 | x86_64 | |
Affected | pkg:rpm/redhat/python-nss-doc?arch=s390x&distro=redhat-8.1 | redhat | python-nss-doc | < 1.0.1-10.module+el8.1.0+3366+6dfb954c | redhat-8.1 | s390x | |
Affected | pkg:rpm/redhat/python-nss-doc?arch=ppc64le&distro=redhat-8.1 | redhat | python-nss-doc | < 1.0.1-10.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ppc64le | |
Affected | pkg:rpm/redhat/python-nss-doc?arch=aarch64&distro=redhat-8.1 | redhat | python-nss-doc | < 1.0.1-10.module+el8.1.0+3366+6dfb954c | redhat-8.1 | aarch64 | |
Affected | pkg:rpm/redhat/pki-tools?arch=x86_64&distro=redhat-8.3 | redhat | pki-tools | < 10.9.4-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | x86_64 | |
Affected | pkg:rpm/redhat/pki-tools?arch=s390x&distro=redhat-8.3 | redhat | pki-tools | < 10.9.4-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | s390x | |
Affected | pkg:rpm/redhat/pki-tools?arch=ppc64le&distro=redhat-8.3 | redhat | pki-tools | < 10.9.4-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | ppc64le | |
Affected | pkg:rpm/redhat/pki-tools?arch=aarch64&distro=redhat-8.3 | redhat | pki-tools | < 10.9.4-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | aarch64 | |
Affected | pkg:rpm/redhat/pki-symkey?arch=x86_64&distro=redhat-8.3 | redhat | pki-symkey | < 10.9.4-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | x86_64 | |
Affected | pkg:rpm/redhat/pki-symkey?arch=s390x&distro=redhat-8.3 | redhat | pki-symkey | < 10.9.4-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | s390x | |
Affected | pkg:rpm/redhat/pki-symkey?arch=ppc64le&distro=redhat-8.3 | redhat | pki-symkey | < 10.9.4-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | ppc64le | |
Affected | pkg:rpm/redhat/pki-symkey?arch=aarch64&distro=redhat-8.3 | redhat | pki-symkey | < 10.9.4-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | aarch64 | |
Affected | pkg:rpm/redhat/pki-servlet-engine?distro=redhat-8.3 | redhat | pki-servlet-engine | < 9.0.30-1.module+el8.3.0+6730+8f9c6254 | redhat-8.3 | ||
Affected | pkg:rpm/redhat/pki-servlet-4.0-api?distro=redhat-8.3 | redhat | pki-servlet-4.0-api | < 9.0.30-1.module+el8.3.0+6730+8f9c6254 | redhat-8.3 | ||
Affected | pkg:rpm/redhat/pki-server?distro=redhat-8.3 | redhat | pki-server | < 10.9.4-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | ||
Affected | pkg:rpm/redhat/pki-kra?distro=redhat-8.3 | redhat | pki-kra | < 10.9.4-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | ||
Affected | pkg:rpm/redhat/pki-ca?distro=redhat-8.3 | redhat | pki-ca | < 10.9.4-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | ||
Affected | pkg:rpm/redhat/pki-base?distro=redhat-8.3 | redhat | pki-base | < 10.9.4-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | ||
Affected | pkg:rpm/redhat/pki-base-java?distro=redhat-8.3 | redhat | pki-base-java | < 10.9.4-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | ||
Affected | pkg:rpm/redhat/ldapjdk?distro=redhat-8.3 | redhat | ldapjdk | < 4.22.0-1.module+el8.3.0+6784+6e1e4c62 | redhat-8.3 | ||
Affected | pkg:rpm/redhat/ldapjdk-javadoc?distro=redhat-8.3 | redhat | ldapjdk-javadoc | < 4.22.0-1.module+el8.3.0+6784+6e1e4c62 | redhat-8.3 | ||
Affected | pkg:rpm/redhat/jss?arch=x86_64&distro=redhat-8.3 | redhat | jss | < 4.7.3-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | x86_64 | |
Affected | pkg:rpm/redhat/jss?arch=s390x&distro=redhat-8.3 | redhat | jss | < 4.7.3-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | s390x | |
Affected | pkg:rpm/redhat/jss?arch=ppc64le&distro=redhat-8.3 | redhat | jss | < 4.7.3-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | ppc64le | |
Affected | pkg:rpm/redhat/jss?arch=aarch64&distro=redhat-8.3 | redhat | jss | < 4.7.3-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | aarch64 | |
Affected | pkg:rpm/redhat/jss-javadoc?arch=x86_64&distro=redhat-8.3 | redhat | jss-javadoc | < 4.7.3-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | x86_64 | |
Affected | pkg:rpm/redhat/jss-javadoc?arch=s390x&distro=redhat-8.3 | redhat | jss-javadoc | < 4.7.3-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | s390x | |
Affected | pkg:rpm/redhat/jss-javadoc?arch=ppc64le&distro=redhat-8.3 | redhat | jss-javadoc | < 4.7.3-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | ppc64le | |
Affected | pkg:rpm/redhat/jss-javadoc?arch=aarch64&distro=redhat-8.3 | redhat | jss-javadoc | < 4.7.3-1.module+el8.3.0+8058+d5cd4219 | redhat-8.3 | aarch64 | |
Affected | pkg:rpm/redhat/javassist?distro=redhat-8.1 | redhat | javassist | < 3.18.1-8.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
Affected | pkg:rpm/redhat/javassist-javadoc?distro=redhat-8.1 | redhat | javassist-javadoc | < 3.18.1-8.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
Affected | pkg:rpm/redhat/jakarta-commons-httpclient?distro=redhat-8.1 | redhat | jakarta-commons-httpclient | < 3.1-28.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
Affected | pkg:rpm/redhat/jackson-module-jaxb-annotations?distro=redhat-8.1 | redhat | jackson-module-jaxb-annotations | < 2.7.6-4.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
Affected | pkg:rpm/redhat/jackson-jaxrs-providers?distro=redhat-8.1 | redhat | jackson-jaxrs-providers | < 2.9.9-1.module+el8.1.0+3832+9784644d | redhat-8.1 | ||
Affected | pkg:rpm/redhat/jackson-jaxrs-json-provider?distro=redhat-8.1 | redhat | jackson-jaxrs-json-provider | < 2.9.9-1.module+el8.1.0+3832+9784644d | redhat-8.1 | ||
Affected | pkg:rpm/redhat/jackson-databind?distro=redhat-8.2 | redhat | jackson-databind | < 2.10.0-1.module+el8.2.0+5059+3eb3af25 | redhat-8.2 | ||
Affected | pkg:rpm/redhat/jackson-core?distro=redhat-8.2 | redhat | jackson-core | < 2.10.0-1.module+el8.2.0+5059+3eb3af25 | redhat-8.2 | ||
Affected | pkg:rpm/redhat/jackson-annotations?distro=redhat-8.2 | redhat | jackson-annotations | < 2.10.0-1.module+el8.2.0+5059+3eb3af25 | redhat-8.2 | ||
Affected | pkg:rpm/redhat/glassfish-jaxb-txw2?distro=redhat-8.1 | redhat | glassfish-jaxb-txw2 | < 2.2.11-11.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
Affected | pkg:rpm/redhat/glassfish-jaxb-runtime?distro=redhat-8.1 | redhat | glassfish-jaxb-runtime | < 2.2.11-11.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
Affected | pkg:rpm/redhat/glassfish-jaxb-core?distro=redhat-8.1 | redhat | glassfish-jaxb-core | < 2.2.11-11.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
Affected | pkg:rpm/redhat/glassfish-jaxb-api?distro=redhat-8.1 | redhat | glassfish-jaxb-api | < 2.2.12-8.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
Affected | pkg:rpm/redhat/glassfish-fastinfoset?distro=redhat-8.1 | redhat | glassfish-fastinfoset | < 1.2.13-9.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
Affected | pkg:rpm/redhat/bea-stax-api?distro=redhat-8.1 | redhat | bea-stax-api | < 1.2.0-16.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
Affected | pkg:rpm/redhat/apache-commons-net?distro=redhat-8.3 | redhat | apache-commons-net | < 3.6-3.module+el8.3.0+6805+72837426 | redhat-8.3 | ||
Affected | pkg:rpm/redhat/apache-commons-lang?distro=redhat-8.1 | redhat | apache-commons-lang | < 2.6-21.module+el8.1.0+3366+6dfb954c | redhat-8.1 | ||
Affected | pkg:rpm/redhat/apache-commons-collections?distro=redhat-8.1 | redhat | apache-commons-collections | < 3.2.2-10.module+el8.1.0+3366+6dfb954c | redhat-8.1 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |