Red Hat Bug Fix Advisory: OpenShift Container Platform 3.11 bug fix update
🔗 CVE IDs covered (16)
📋 Description
CVE-2018-20102 — haproxy: Out-of-bounds read in dns.c:dns_validate_dns_response() allows for memory disclosure CVE-2018-20103 — haproxy: Infinite recursion via crafted packet allows stack exhaustion and denial of service CVE-2018-20615 — haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash CVE-2018-1000865 — jenkins-plugin-script-security: Sandbox Bypass in finalize methods CVE-2018-1000866 — jenkins-plugin-script-security: Sandbox Bypass in finalize methods CVE-2019-3826 — prometheus: Stored DOM cross-site scripting (XSS) attack via crafted URL CVE-2019-1003000 — jenkins-plugin-script-security: Sandbox Bypass in Script Security Plugin CVE-2019-1003001 — jenkins-plugin-workflow-cps: Sandbox Bypass in Pipeline: Groovy Plugin CVE-2019-1003002 — jenkins-plugin-pipeline-model-definition: Sandbox Bypass in Pipeline: Declarative CVE-2019-1003003 — jenkins: cookie crafted using Jenkins script console allows unauthorised access to Jenkins instance CVE-2019-1003004 — jenkins: deleting a user record will does not invalidate existing sessions CVE-2019-1003010 — jenkins-plugin-git: CSRF vulnerability in Git Plugin (SECURITY-1095) CVE-2019-1003011 — jenkins-plugin-token-macro: Recursive token expansion results in information disclosure and DoS in Token Macro Plugin (SECURITY-1102) CVE-2019-1003012 — jenkins-plugin-blueocean: Blue Ocean did not require CSRF tokens (SECURITY-1201) CVE-2019-1003013 — jenkins-plugin-blueocean: XSS vulnerability via user description in Blue Ocean (SECURITY-1204) CVE-2019-1003014 — jenkins-plugin-config-file-provider: Stored XSS vulnerability in Config File Provider Plugin (SECURITY-1253)
🔗 References (35)
- selfhttps://access.redhat.com/errata/RHBA-2019:0326
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1506736
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1598822
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1615719
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1623338
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1634302
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1635254
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1635613
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1642379
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1642929
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1651090
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1651632
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1655183
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1657019
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1659194
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1659441
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1659653
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1659976
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1660598
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1664753
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1665235
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1666820
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1667270
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1667618
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1668412
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1668828
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1668970
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1669019
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1669194
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1669439
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1669555
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1669984
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1670551
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1673178
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2019/rhba-2019_0326.json