Red Hat Security Advisory: OpenShift Container Platform 4.6.1 image security update
🔗 CVE IDs covered (21)
📋 Description
CVE-2013-0169 — SSL/TLS: CBC padding timing attack (lucky-13) CVE-2018-18624 — grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen CVE-2019-11358 — jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection CVE-2019-16769 — npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions CVE-2020-7013 — kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) CVE-2020-7598 — nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or proto payload CVE-2020-7662 — npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser CVE-2020-8203 — nodejs-lodash: prototype pollution in zipObjectDeep function CVE-2020-8559 — kubernetes: compromised node could escalate to cluster level privileges CVE-2020-9283 — golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic CVE-2020-10715 — openshift/console: text injection on error page via crafted url CVE-2020-10743 — kibana: X-Frame-Option not set by default might lead to clickjacking CVE-2020-11022 — jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method CVE-2020-11023 — jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11110 — grafana: stored XSS CVE-2020-12052 — grafana: XSS annotation popup vulnerability CVE-2020-12245 — grafana: XSS via column.title or cellLinkTooltip CVE-2020-13822 — nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures CVE-2020-14040 — golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash CVE-2020-14336 — openshift: restricted SCC allows pods to craft custom network packets CVE-2020-15366 — nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function
🔗 References (24)
- selfhttps://access.redhat.com/errata/RHSA-2020:4298
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=907589
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1701972
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1767665
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1804533
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1813344
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1828406
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1834550
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1845982
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1848089
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1848092
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1848643
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1848647
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1849044
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1850004
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1850572
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1853652
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1857412
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1857977
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1858981
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1861044
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1874671
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4298.json