Red Hat Security Advisory: OpenShift Container Platform 4.5 container image security update
🔗 CVE IDs covered (8)
📋 Description
CVE-2019-11252 — kubernetes: credential leak in kube-controller-manager via error messages in mount failure logs and events for AzureFile and CephFS volumes CVE-2019-11254 — kubernetes: Denial of service in API server via crafted YAML payloads by authorized users CVE-2019-11358 — jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection CVE-2020-8558 — kubernetes: node localhost services reachable via martian packets CVE-2020-9283 — golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic CVE-2020-10749 — containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters CVE-2020-11022 — jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method CVE-2020-11023 — jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods
🔗 References (10)
- selfhttps://access.redhat.com/errata/RHSA-2020:2412
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1701972
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1804533
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1819486
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1828406
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1833220
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1843358
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1850004
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2412.json