RHBA-2019:0326HighCVSS 8.8

Red Hat Bug Fix Advisory: OpenShift Container Platform 3.11 bug fix update

Published
February 20, 2019
Last Modified
June 27, 2026

🔗 CVE IDs covered (16)

📋 Description

CVE-2018-20102 — haproxy: Out-of-bounds read in dns.c:dns_validate_dns_response() allows for memory disclosure CVE-2018-20103 — haproxy: Infinite recursion via crafted packet allows stack exhaustion and denial of service CVE-2018-20615 — haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash CVE-2018-1000865 — jenkins-plugin-script-security: Sandbox Bypass in finalize methods CVE-2018-1000866 — jenkins-plugin-script-security: Sandbox Bypass in finalize methods CVE-2019-3826 — prometheus: Stored DOM cross-site scripting (XSS) attack via crafted URL CVE-2019-1003000 — jenkins-plugin-script-security: Sandbox Bypass in Script Security Plugin CVE-2019-1003001 — jenkins-plugin-workflow-cps: Sandbox Bypass in Pipeline: Groovy Plugin CVE-2019-1003002 — jenkins-plugin-pipeline-model-definition: Sandbox Bypass in Pipeline: Declarative CVE-2019-1003003 — jenkins: cookie crafted using Jenkins script console allows unauthorised access to Jenkins instance CVE-2019-1003004 — jenkins: deleting a user record will does not invalidate existing sessions CVE-2019-1003010 — jenkins-plugin-git: CSRF vulnerability in Git Plugin (SECURITY-1095) CVE-2019-1003011 — jenkins-plugin-token-macro: Recursive token expansion results in information disclosure and DoS in Token Macro Plugin (SECURITY-1102) CVE-2019-1003012 — jenkins-plugin-blueocean: Blue Ocean did not require CSRF tokens (SECURITY-1201) CVE-2019-1003013 — jenkins-plugin-blueocean: XSS vulnerability via user description in Blue Ocean (SECURITY-1204) CVE-2019-1003014 — jenkins-plugin-config-file-provider: Stored XSS vulnerability in Config File Provider Plugin (SECURITY-1253)

🔗 References (35)