RHSA-2020:2861HighCVSS 8.2
Red Hat Security Advisory: Red Hat OpenShift Service Mesh 1.0 servicemesh-grafana security update
🔗 CVE IDs covered (7)
📋 Description
CVE-2019-11253 — kubernetes: YAML parsing vulnerable to "Billion Laughs" attack, allowing for remote denial of service CVE-2020-7660 — npm-serialize-javascript: allows remote attackers to inject arbitrary code via the function deleteFunctions within index.js CVE-2020-7662 — npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser CVE-2020-12052 — grafana: XSS annotation popup vulnerability CVE-2020-12245 — grafana: XSS via column.title or cellLinkTooltip CVE-2020-13379 — grafana: SSRF incorrect access control vulnerability allows unauthenticated users to make grafana send HTTP requests to any URL CVE-2020-13430 — grafana: XSS via the OpenTSDB datasource
🔗 References (10)
- selfhttps://access.redhat.com/errata/RHSA-2020:2861
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1757701
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1843640
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1844228
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1845982
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1848089
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1848108
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1848643
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2861.json