{ "threat_severity" : "Moderate", "public_date" : "2020-04-23T00:00:00Z", "bugzilla" : { "description" : "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", "id" : "1828406", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1828406" }, "cvss3" : { "cvss3_base_score" : "6.1", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status" : "verified" }, "cwe" : "CWE-79", "details" : [ "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.", "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser." ], "statement" : "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.", "affected_release" : [ { "product_name" : "A-MQ Interconnect 1.y for RHEL 6", "release_date" : "2020-10-08T00:00:00Z", "advisory" : "RHSA-2020:4211", "cpe" : "cpe:/a:redhat:amq_interconnect:1::el6", "package" : "qpid-dispatch-0:1.13.0-3.el6_10" }, { "product_name" : "A-MQ Interconnect 1.y for RHEL 7", "release_date" : "2020-10-08T00:00:00Z", "advisory" : "RHSA-2020:4211", "cpe" : "cpe:/a:redhat:amq_interconnect:1::el7", "package" : "qpid-dispatch-0:1.13.0-3.el7" }, { "product_name" : "A-MQ Interconnect 1.y for RHEL 8", "release_date" : "2020-10-08T00:00:00Z", "advisory" : "RHSA-2020:4211", "cpe" : "cpe:/a:redhat:amq_interconnect:1::el8", "package" : "qpid-dispatch-0:1.13.0-3.el8" }, { "product_name" : "Openshift Service Mesh 1.0", "release_date" : "2020-06-02T00:00:00Z", "advisory" : "RHSA-2020:2362", "cpe" : "cpe:/a:redhat:service_mesh:1.0::el7", "package" : "jaeger-0:v1.13.1.redhat7-1.el7" }, { "product_name" : "Openshift Service Mesh 1.0", "release_date" : "2020-06-02T00:00:00Z", "advisory" : "RHSA-2020:2362", "cpe" : "cpe:/a:redhat:service_mesh:1.0::el7", "package" : "kiali-0:v1.0.11.redhat1-1.el7" }, { "product_name" : "OpenShift Service Mesh 1.0", "release_date" : "2020-06-02T00:00:00Z", "advisory" : "RHSA-2020:2362", "cpe" : "cpe:/a:redhat:service_mesh:1.0::el8", "package" : "servicemesh-grafana-0:6.2.2-36.el8" }, { "product_name" : "Red Hat Ansible Tower 3.6 for RHEL 7", "release_date" : "2021-03-09T00:00:00Z", "advisory" : "RHSA-2021:0778", "cpe" : "cpe:/a:redhat:ansible_tower:3.6::el7", "package" : "ansible-tower-36/ansible-tower:3.6.7-1" }, { "product_name" : "Red Hat Ansible Tower 3.7 for RHEL 7", "release_date" : "2020-11-30T00:00:00Z", "advisory" : "RHSA-2020:5249", "cpe" : "cpe:/a:redhat:ansible_tower:3.7::el7", "package" : "ansible-tower-37/ansible-tower-rhel7:3.7.4-1" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2020-09-29T00:00:00Z", "advisory" : "RHSA-2020:3936", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "ipa-0:4.6.8-5.el7" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-11-04T00:00:00Z", "advisory" : "RHSA-2020:4670", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "idm:client-8030020200923172426.05ac3f11" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-11-04T00:00:00Z", "advisory" : "RHSA-2020:4670", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "idm:DL1-8030020200923172343.9c827e52" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-11-04T00:00:00Z", "advisory" : "RHSA-2020:4847", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "pki-core:10.6-8030020200911215836.5ff1562f" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-11-04T00:00:00Z", "advisory" : "RHSA-2020:4847", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "pki-deps:10.6-8030020200527165326.30b713e6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7", "release_date" : "2023-01-31T00:00:00Z", "advisory" : "RHSA-2023:0556", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "package" : "jquery", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2023-01-31T00:00:00Z", "advisory" : "RHSA-2023:0553", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2023-01-31T00:00:00Z", "advisory" : "RHSA-2023:0554", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2023-01-31T00:00:00Z", "advisory" : "RHSA-2023:0552", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap", "impact" : "low" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "release_date" : "2020-05-28T00:00:00Z", "advisory" : "RHSA-2020:2217", "cpe" : "cpe:/a:redhat:openshift:3.11::el7", "package" : "atomic-openshift-web-console-0:3.11.219-1.git.1.9b9b889.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.5", "release_date" : "2020-07-13T00:00:00Z", "advisory" : "RHSA-2020:2412", "cpe" : "cpe:/a:redhat:openshift:4.5::el7", "package" : "openshift4/ose-console:v4.5.0-202007012112.p0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.6", "release_date" : "2020-10-27T00:00:00Z", "advisory" : "RHSA-2020:4298", "cpe" : "cpe:/a:redhat:openshift:4.6::el8", "package" : "openshift4/ose-grafana:v4.6.0-202010061132.p0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.6", "release_date" : "2020-10-27T00:00:00Z", "advisory" : "RHSA-2020:4298", "cpe" : "cpe:/a:redhat:openshift:4.6::el8", "package" : "openshift4/ose-prometheus:v4.6.0-202009290409.p0" }, { "product_name" : "Red Hat Single Sign-On 7", "release_date" : "2023-03-01T00:00:00Z", "advisory" : "RHSA-2023:1049", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7.6", "package" : "keycloak-idp-jquery" }, { "product_name" : "Red Hat Single Sign-On 7.4.1", "release_date" : "2020-07-02T00:00:00Z", "advisory" : "RHSA-2020:2813", "cpe" : "cpe:/a:redhat:jboss_single_sign_on:7.4" }, { "product_name" : "Red Hat Single Sign-On 7.6 for RHEL 7", "release_date" : "2023-03-01T00:00:00Z", "advisory" : "RHSA-2023:1043", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "package" : "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso" }, { "product_name" : "Red Hat Single Sign-On 7.6 for RHEL 8", "release_date" : "2023-03-01T00:00:00Z", "advisory" : "RHSA-2023:1044", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "package" : "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso" }, { "product_name" : "Red Hat Single Sign-On 7.6 for RHEL 9", "release_date" : "2023-03-01T00:00:00Z", "advisory" : "RHSA-2023:1045", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "package" : "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso" }, { "product_name" : "Red Hat Virtualization Engine 4.4", "release_date" : "2020-08-04T00:00:00Z", "advisory" : "RHSA-2020:3247", "cpe" : "cpe:/a:redhat:rhev_manager:4.4:el8", "package" : "ovirt-engine-ui-extensions-0:1.2.2-1.el8ev" }, { "product_name" : "Red Hat Virtualization Engine 4.4", "release_date" : "2020-09-23T00:00:00Z", "advisory" : "RHSA-2020:3807", "cpe" : "cpe:/a:redhat:rhev_manager:4.4:el8", "package" : "ovirt-web-ui-0:1.6.4-1.el8ev" }, { "product_name" : "Red Hat Virtualization Engine 4.4", "release_date" : "2022-09-08T00:00:00Z", "advisory" : "RHSA-2022:6393", "cpe" : "cpe:/a:redhat:rhev_manager:4.4:el8", "package" : "org.ovirt.engine-root-0:4.5.2.4-1" }, { "product_name" : "RHEL-8 based Middleware Containers", "release_date" : "2023-03-01T00:00:00Z", "advisory" : "RHSA-2023:1047", "cpe" : "cpe:/a:redhat:rhosemc:1.0::el8", "package" : "rh-sso-7/sso76-openshift-rhel8:7.6-20" } ], "package_state" : [ { "product_name" : "CloudForms Management Engine 5", "fix_state" : "Will not fix", "package_name" : "cfme-gemset", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5", "impact" : "moderate" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "ipa", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "pcp", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "pcs", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "python-coverage", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "python-weberror", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "cockpit", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "ipsilon", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "pcp", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "pcs", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "impact" : "low" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "pki-core", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "publican", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Will not fix", "package_name" : "python-coverage", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "cockpit", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "pcs", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "impact" : "low" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Will not fix", "package_name" : "jquery", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "fix_state" : "Will not fix", "package_name" : "openshift3/grafana", "cpe" : "cpe:/a:redhat:openshift:3.11" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "rhel8/grafana", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenStack Platform 10 (Newton)", "fix_state" : "Not affected", "package_name" : "python-XStatic-jQuery", "cpe" : "cpe:/a:redhat:openstack:10" }, { "product_name" : "Red Hat OpenStack Platform 10 (Newton)", "fix_state" : "Not affected", "package_name" : "python-XStatic-jquery-ui", "cpe" : "cpe:/a:redhat:openstack:10" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "python-XStatic-jQuery", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "python-XStatic-jquery-ui", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 15 (Stein)", "fix_state" : "Not affected", "package_name" : "python-XStatic-jQuery", "cpe" : "cpe:/a:redhat:openstack:15" }, { "product_name" : "Red Hat OpenStack Platform 15 (Stein)", "fix_state" : "Not affected", "package_name" : "python-XStatic-jquery-ui", "cpe" : "cpe:/a:redhat:openstack:15" }, { "product_name" : "Red Hat OpenStack Platform 16 (Train)", "fix_state" : "Not affected", "package_name" : "python-XStatic-jQuery", "cpe" : "cpe:/a:redhat:openstack:16" }, { "product_name" : "Red Hat OpenStack Platform 16 (Train)", "fix_state" : "Not affected", "package_name" : "python-XStatic-jquery-ui", "cpe" : "cpe:/a:redhat:openstack:16" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Not affected", "package_name" : "quay/quay-rhel8", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Satellite 5", "fix_state" : "Out of support scope", "package_name" : "jquery-ui", "cpe" : "cpe:/a:redhat:network_satellite:5", "impact" : "moderate" }, { "product_name" : "Red Hat Satellite 5", "fix_state" : "Out of support scope", "package_name" : "patternfly1", "cpe" : "cpe:/a:redhat:network_satellite:5", "impact" : "moderate" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Not affected", "package_name" : "jquery", "cpe" : "cpe:/a:redhat:satellite:6", "impact" : "low" }, { "product_name" : "Red Hat Software Collections", "fix_state" : "Will not fix", "package_name" : "python27-python-coverage", "cpe" : "cpe:/a:redhat:rhel_software_collections:3" }, { "product_name" : "Red Hat Software Collections", "fix_state" : "Will not fix", "package_name" : "python27-python-werkzeug", "cpe" : "cpe:/a:redhat:rhel_software_collections:3" }, { "product_name" : "Red Hat Software Collections", "fix_state" : "Not affected", "package_name" : "rh-python35-python-coverage", "cpe" : "cpe:/a:redhat:rhel_software_collections:3" }, { "product_name" : "Red Hat Software Collections", "fix_state" : "Not affected", "package_name" : "rh-python36-python-coverage", "cpe" : "cpe:/a:redhat:rhel_software_collections:3" }, { "product_name" : "Red Hat Software Collections", "fix_state" : "Out of support scope", "package_name" : "rh-ror42-rubygem-jquery-rails", "cpe" : "cpe:/a:redhat:rhel_software_collections:3" }, { "product_name" : "Red Hat Software Collections", "fix_state" : "Out of support scope", "package_name" : "rh-ror50-rubygem-jquery-rails", "cpe" : "cpe:/a:redhat:rhel_software_collections:3" }, { "product_name" : "Red Hat Storage 3", "fix_state" : "Will not fix", "package_name" : "pcs", "cpe" : "cpe:/a:redhat:storage:3" }, { "product_name" : "Red Hat Storage 3", "fix_state" : "Will not fix", "package_name" : "python-testtools", "cpe" : "cpe:/a:redhat:storage:3" }, { "product_name" : "Red Hat Virtualization 4", "fix_state" : "Out of support scope", "package_name" : "ovirt-engine-api-explorer", "cpe" : "cpe:/o:redhat:rhev_hypervisor:4" }, { "product_name" : "Red Hat Virtualization 4", "fix_state" : "Fix deferred", "package_name" : "ovirt-js-dependencies", "cpe" : "cpe:/o:redhat:rhev_hypervisor:4" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-11022\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11022\nhttps://github.com/advisories/GHSA-gxr4-xjj5-5px2" ], "name" : "CVE-2020-11022", "csaw" : false }