RLSA-2020:4847
See a problem?- Import Source
- https://storage.googleapis.com/resf-osv-data/RLSA-2020:4847.json
- JSON Data
- https://api.osv.dev/v1/vulns/RLSA-2020:4847
- Related
- Published
- 2020-11-03T12:29:58Z
- Modified
- 2023-02-02T13:10:24.226054Z
- Severity
-
- 8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L CVSS Calculator
- Summary
- Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
- Details
-
The Public Key Infrastructure (PKI) Core contains fundamental packages required by Rocky Enterprise Software Foundation Certificate System.
Security Fix(es):
jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
bootstrap: XSS in the data-target attribute (CVE-2016-10735)
bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)
pki: Dogtag's python client does not validate certificates (CVE-2020-15720)
pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page (CVE-2019-10146)
pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab (CVE-2019-10179)
pki-core: Reflected XSS in getcookies?url= endpoint in CA (CVE-2019-10221)
pki-core: KRA vulnerable to reflected XSS via the getPk12 page (CVE-2020-1721)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section.
- References
-
- https://errata.rockylinux.org/RLSA-2020:4847
- https://bugzilla.redhat.com/show_bug.cgi?id=1376706
- https://bugzilla.redhat.com/show_bug.cgi?id=1399546
- https://bugzilla.redhat.com/show_bug.cgi?id=1406505
- https://bugzilla.redhat.com/show_bug.cgi?id=1601614
- https://bugzilla.redhat.com/show_bug.cgi?id=1601617
- https://bugzilla.redhat.com/show_bug.cgi?id=1666907
- https://bugzilla.redhat.com/show_bug.cgi?id=1668097
- https://bugzilla.redhat.com/show_bug.cgi?id=1686454
- https://bugzilla.redhat.com/show_bug.cgi?id=1695901
- https://bugzilla.redhat.com/show_bug.cgi?id=1701972
- https://bugzilla.redhat.com/show_bug.cgi?id=1706521
- https://bugzilla.redhat.com/show_bug.cgi?id=1710171
- https://bugzilla.redhat.com/show_bug.cgi?id=1721684
- https://bugzilla.redhat.com/show_bug.cgi?id=1724433
- https://bugzilla.redhat.com/show_bug.cgi?id=1732565
- https://bugzilla.redhat.com/show_bug.cgi?id=1732981
- https://bugzilla.redhat.com/show_bug.cgi?id=1777579
- https://bugzilla.redhat.com/show_bug.cgi?id=1805541
- https://bugzilla.redhat.com/show_bug.cgi?id=1817247
- https://bugzilla.redhat.com/show_bug.cgi?id=1821851
- https://bugzilla.redhat.com/show_bug.cgi?id=1822246
- https://bugzilla.redhat.com/show_bug.cgi?id=1824939
- https://bugzilla.redhat.com/show_bug.cgi?id=1824948
- https://bugzilla.redhat.com/show_bug.cgi?id=1825998
- https://bugzilla.redhat.com/show_bug.cgi?id=1828406
- https://bugzilla.redhat.com/show_bug.cgi?id=1842734
- https://bugzilla.redhat.com/show_bug.cgi?id=1842736
- https://bugzilla.redhat.com/show_bug.cgi?id=1843537
- https://bugzilla.redhat.com/show_bug.cgi?id=1845447
- https://bugzilla.redhat.com/show_bug.cgi?id=1850004
- https://bugzilla.redhat.com/show_bug.cgi?id=1854043
- https://bugzilla.redhat.com/show_bug.cgi?id=1854959
- https://bugzilla.redhat.com/show_bug.cgi?id=1855273
- https://bugzilla.redhat.com/show_bug.cgi?id=1855319
- https://bugzilla.redhat.com/show_bug.cgi?id=1856368
- https://bugzilla.redhat.com/show_bug.cgi?id=1857933
- https://bugzilla.redhat.com/show_bug.cgi?id=1861911
- https://bugzilla.redhat.com/show_bug.cgi?id=1869893
- https://bugzilla.redhat.com/show_bug.cgi?id=1871064
- https://bugzilla.redhat.com/show_bug.cgi?id=1873235
- Credits
-
-
- Rocky Enterprise Software Foundation
-
- Red Hat
-
Affected packages
Rocky Linux:8 / apache-commons-collections
Package
- Name
- apache-commons-collections
- Purl
- pkg:rpm/rocky-linux/apache-commons-collections?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / apache-commons-collections
Package
- Name
- apache-commons-collections
- Purl
- pkg:rpm/rocky-linux/apache-commons-collections?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / apache-commons-lang
Package
- Name
- apache-commons-lang
- Purl
- pkg:rpm/rocky-linux/apache-commons-lang?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / apache-commons-lang
Package
- Name
- apache-commons-lang
- Purl
- pkg:rpm/rocky-linux/apache-commons-lang?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / apache-commons-net
Package
- Name
- apache-commons-net
- Purl
- pkg:rpm/rocky-linux/apache-commons-net?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / apache-commons-net
Package
- Name
- apache-commons-net
- Purl
- pkg:rpm/rocky-linux/apache-commons-net?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / bea-stax
Package
- Name
- bea-stax
- Purl
- pkg:rpm/rocky-linux/bea-stax?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / glassfish-fastinfoset
Package
- Name
- glassfish-fastinfoset
- Purl
- pkg:rpm/rocky-linux/glassfish-fastinfoset?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / glassfish-jaxb
Package
- Name
- glassfish-jaxb
- Purl
- pkg:rpm/rocky-linux/glassfish-jaxb?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / glassfish-jaxb-api
Package
- Name
- glassfish-jaxb-api
- Purl
- pkg:rpm/rocky-linux/glassfish-jaxb-api?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / jackson-annotations
Package
- Name
- jackson-annotations
- Purl
- pkg:rpm/rocky-linux/jackson-annotations?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / jackson-core
Package
- Name
- jackson-core
- Purl
- pkg:rpm/rocky-linux/jackson-core?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / jackson-databind
Package
- Name
- jackson-databind
- Purl
- pkg:rpm/rocky-linux/jackson-databind?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / jackson-jaxrs-providers
Package
- Name
- jackson-jaxrs-providers
- Purl
- pkg:rpm/rocky-linux/jackson-jaxrs-providers?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / jackson-module-jaxb-annotations
Package
- Name
- jackson-module-jaxb-annotations
- Purl
- pkg:rpm/rocky-linux/jackson-module-jaxb-annotations?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / jakarta-commons-httpclient
Package
- Name
- jakarta-commons-httpclient
- Purl
- pkg:rpm/rocky-linux/jakarta-commons-httpclient?distro=rocky-linux-8&epoch=1
Rocky Linux:8 / jakarta-commons-httpclient
Package
- Name
- jakarta-commons-httpclient
- Purl
- pkg:rpm/rocky-linux/jakarta-commons-httpclient?distro=rocky-linux-8&epoch=1
Rocky Linux:8 / javassist
Package
- Name
- javassist
- Purl
- pkg:rpm/rocky-linux/javassist?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / javassist
Package
- Name
- javassist
- Purl
- pkg:rpm/rocky-linux/javassist?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / ldapjdk
Package
- Name
- ldapjdk
- Purl
- pkg:rpm/rocky-linux/ldapjdk?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / pki-servlet-engine
Package
- Name
- pki-servlet-engine
- Purl
- pkg:rpm/rocky-linux/pki-servlet-engine?distro=rocky-linux-8-4-legacy&epoch=1
Rocky Linux:8 / python-nss
Package
- Name
- python-nss
- Purl
- pkg:rpm/rocky-linux/python-nss?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / relaxngDatatype
Package
- Name
- relaxngDatatype
- Purl
- pkg:rpm/rocky-linux/relaxngDatatype?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / resteasy
Package
- Name
- resteasy
- Purl
- pkg:rpm/rocky-linux/resteasy?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / slf4j
Package
- Name
- slf4j
- Purl
- pkg:rpm/rocky-linux/slf4j?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / slf4j
Package
- Name
- slf4j
- Purl
- pkg:rpm/rocky-linux/slf4j?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / slf4j
Package
- Name
- slf4j
- Purl
- pkg:rpm/rocky-linux/slf4j?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / stax-ex
Package
- Name
- stax-ex
- Purl
- pkg:rpm/rocky-linux/stax-ex?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / velocity
Package
- Name
- velocity
- Purl
- pkg:rpm/rocky-linux/velocity?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / velocity
Package
- Name
- velocity
- Purl
- pkg:rpm/rocky-linux/velocity?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / xalan-j2
Package
- Name
- xalan-j2
- Purl
- pkg:rpm/rocky-linux/xalan-j2?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / xalan-j2
Package
- Name
- xalan-j2
- Purl
- pkg:rpm/rocky-linux/xalan-j2?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / xerces-j2
Package
- Name
- xerces-j2
- Purl
- pkg:rpm/rocky-linux/xerces-j2?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / xerces-j2
Package
- Name
- xerces-j2
- Purl
- pkg:rpm/rocky-linux/xerces-j2?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / xml-commons-apis
Package
- Name
- xml-commons-apis
- Purl
- pkg:rpm/rocky-linux/xml-commons-apis?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / xml-commons-apis
Package
- Name
- xml-commons-apis
- Purl
- pkg:rpm/rocky-linux/xml-commons-apis?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / xml-commons-apis
Package
- Name
- xml-commons-apis
- Purl
- pkg:rpm/rocky-linux/xml-commons-apis?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / xml-commons-resolver
Package
- Name
- xml-commons-resolver
- Purl
- pkg:rpm/rocky-linux/xml-commons-resolver?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / xml-commons-resolver
Package
- Name
- xml-commons-resolver
- Purl
- pkg:rpm/rocky-linux/xml-commons-resolver?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / xmlstreambuffer
Package
- Name
- xmlstreambuffer
- Purl
- pkg:rpm/rocky-linux/xmlstreambuffer?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / xsom
Package
- Name
- xsom
- Purl
- pkg:rpm/rocky-linux/xsom?distro=rocky-linux-8&epoch=0