Bug 1850004 (CVE-2020-11023)
| Summary: | CVE-2020-11023 jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Michael Kaplan <mkaplan> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | aakkiang, abokovoy, aboyko, abrianik, adupliak, agerstmayr, ahenning, aileenc, akarol, akostadi, alegrand, amasferr, amctagga, andrew.slice, anpicker, anprice, ansmith, aoconnor, aos-bugs, apevec, aschwart, asoldano, bbaranow, bdettelb, bihu, bmaxwell, bmontgom, bniver, bodavis, boliveir, bpeterse, brian.stansberry, caswilli, cbartlet, cbuissar, cdewolf, cfeist, cfu, chazlett, cluster-maint, cmeyers, crizzo, darran.lofthouse, dbecker, dbhole, dblechte, dfediuck, dfreiber, dhanak, dkreling, dmayorov, dmetzger, doconnor, dosoudil, drichtar, drieden, drow, dsirrine, ecerquei, edewata, eedri, eglynn, eparis, erack, erooth, extras-orphan, fdelehay, fedora, fjuma, flucifre, fmariani, frenaud, ftrivino, ganandan, gblomqui, ggaughan, ggrzybek, gkimetto, gmainwar, gmalinko, gmccullo, gmeno, gotiwari, gtanzill, hhorak, hvyas, ibek, idevat, istudens, ivassile, iweiss, janstey, jburrell, jcantril, jfearn, jfrey, jhardy, jhorak, jjoyce, jkoops, jkurik, jlledo, jmagne, jmitchel, jochrist, jokerman, jorton, jpallich, jpoth, jrokos, jross, jschluet, jshepherd, jsmith.fedora, jtanner, jwendell, jweng, jwon, kakkoyun, kaycoth, kbasil, kconner, krathod, kshier, kverlaen, kyoshida, lchilton, lcosic, lewk, lgao, lhh, lpeer, lsvaty, lvaleeva, mabashia, maschmid, mbenjamin, mburns, mcooper, mcressma, mfargett, mgarciac, mgoldboi, mgoodwin, mhackett, mharmsen, michal.skrivanek, mkudlej, mlisik, mloibl, mmakovy, mnovotny, mosmerov, mperina, mpitt, mposolda, mrunge, msochure, msvehla, mvyas, nathans, nobody, nodejs-sig, notting, nstielau, nwallace, obarenbo, omachace, omajid, omular, openstack-sig, parichar, patrickm, pcp-maint, pdelbell, pdrozd, peholase, periklis, pesilva, peter.borsa, pgrist, pjindal, pkrupa, pmackay, porcelli, prisingh, pskopek, puebele, puiterwijk, python-maint, qguo, rcernich, rcritten, rdopiera, rguimara, rhcs-maint, Rhev-m-bugs, rhos-maint, rhos-maint, rmartinc, rojacob, roliveri, rowaters, rpetrell, rstancel, rstepani, rulong, saroy, sbonazzo, sclewis, security-response-team, sfeifer, sgratch, sguilhen, shawn, sherold, simaishi, skhandel, slavek.kabrda, slinaber, smaestri, smallamp, smcdonal, sostapov, sponnaga, ssilvert, sthorger, stickster, strzibny, surbania, surpatil, taherrin, tasato, tcunning, teagle, thoger, tjochec, tojeline, tom.jenkinson, tpopela, tross, tscherf, twoerner, vbellur, vereddy, vkumar, vmuzikar, wfink, yfang, yturgema |
| Target Milestone: | --- | Keywords: | Reopened, Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | jQuery 3.5.0 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in jQuery. HTML containing \<option\> elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-03-04 13:02:09 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1828636, 1850006, 1850007, 1850008, 1850009, 1850010, 1850011, 1850012, 1850013, 1850014, 1850015, 1850016, 1850017, 1850018, 1850019, 1850020, 1850021, 1850022, 1850023, 1850982, 1851251, 1851252, 1851253, 1851295, 1851296, 1852327, 1852328, 1852329, 1852330, 1852400, 1852401, 1852402, 1852403, 1859248, 1859249, 1859250, 1859251, 1859253, 1859254, 1859255, 1859291, 1859292, 1859293, 1882291, 1882292, 1882296, 1882717, 1888387, 1889869, 1910645, 1936810, 2343633, 2343634, 2344486, 2344487, 2344488, 2344489, 2344490, 2344491, 2344492, 2344493, 2344494, 2344495 | ||
| Bug Blocks: | 1850024, 2014197 | ||
|
Description
Michael Kaplan
2020-06-23 12:03:01 UTC
Created drupal7 tracking bugs for this issue: Affects: epel-all [bug 1850023] Affects: fedora-all [bug 1850013] Created js-jquery tracking bugs for this issue: Affects: epel-7 [bug 1850008] Affects: fedora-all [bug 1850015] Created js-jquery1 tracking bugs for this issue: Affects: epel-7 [bug 1850006] Affects: fedora-all [bug 1850022] Created js-jquery2 tracking bugs for this issue: Affects: fedora-all [bug 1850016] Created python-XStatic-jQuery tracking bugs for this issue: Affects: epel-7 [bug 1850007] Affects: fedora-all [bug 1850018] Affects: openstack-rdo [bug 1850011] Created python-XStatic-jquery-ui tracking bugs for this issue: Affects: epel-7 [bug 1850010] Affects: fedora-all [bug 1850017] Affects: openstack-rdo [bug 1850012] Created python-tw-jquery tracking bugs for this issue: Affects: epel-6 [bug 1850014] Created python-tw2-jquery tracking bugs for this issue: Affects: epel-6 [bug 1850021] Affects: epel-7 [bug 1850009] Affects: fedora-all [bug 1850020] Created rubygem-jquery-rails tracking bugs for this issue: Affects: fedora-all [bug 1850019] OpenShift ServiceMesh includes a vulnerable version of jquery (3.4.1) in servicemesh-grafana. [edited] Upstream fix: https://github.com/jquery/jquery/commit/966a70909019aa09632c87c0002c522fa4a1e30e In the advisory from jquery they talk about removing the regex functionality from htmlPrefilter, "The jQuery.htmlPrefilter function does not use a regex in 3.5.0 and passes the string through unchanged." Further to #comment8 grafana actually do package jquery 3.5.0, included as a patch in the RPM and hence is not affected. External References: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ Below storage products includes vulnerable version of jQuery in grafana and grafana-container: Ceph-3 grafana : jquery-3.3.1 Ceph-3 grafana-container : jquery-3.3.1 Ceph-4 grafana-container : jquery-3.3.1 Gluster grafana : jquery-3.2.1 This issue has been addressed in the following products: Red Hat Single Sign-On 7.4.1 Via RHSA-2020:2813 https://access.redhat.com/errata/RHSA-2020:2813 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-11023 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.5 Via RHSA-2020:2412 https://access.redhat.com/errata/RHSA-2020:2412 This issue has been addressed in the following products: Red Hat Virtualization Engine 4.4 Via RHSA-2020:3247 https://access.redhat.com/errata/RHSA-2020:3247 This issue has been addressed in the following products: OpenShift Service Mesh 1.1 Openshift Service Mesh 1.1 Via RHSA-2020:3369 https://access.redhat.com/errata/RHSA-2020:3369 This issue has been addressed in the following products: Red Hat Virtualization Engine 4.4 Via RHSA-2020:3807 https://access.redhat.com/errata/RHSA-2020:3807 Created pcs tracking bugs for this issue: Affects: fedora-all [bug 1882296] This issue has been addressed in the following products: A-MQ Interconnect 1.y for RHEL 7 A-MQ Interconnect 1.y for RHEL 6 A-MQ Interconnect 1.y for RHEL 8 Via RHSA-2020:4211 https://access.redhat.com/errata/RHSA-2020:4211 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.6 Via RHSA-2020:4298 https://access.redhat.com/errata/RHSA-2020:4298 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4847 https://access.redhat.com/errata/RHSA-2020:4847 This issue has been addressed in the following products: Red Hat Ansible Tower 3.7 for RHEL 7 Via RHSA-2020:5249 https://access.redhat.com/errata/RHSA-2020:5249 This issue has been addressed in the following products: Red Hat OpenStack Platform 16.1 Via RHSA-2020:5412 https://access.redhat.com/errata/RHSA-2020:5412 Statement: Red Hat Enterprise Linux version 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. However the vulnerability has not been found to be exploitable in reasonable scenarios. A future update may update JQuery to a fixed version. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-11023 This issue has been addressed in the following products: Red Hat Ansible Tower 3.6 for RHEL 7 Via RHSA-2021:0778 https://access.redhat.com/errata/RHSA-2021:0778 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:0860 https://access.redhat.com/errata/RHSA-2021:0860 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1846 https://access.redhat.com/errata/RHSA-2021:1846 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:4142 https://access.redhat.com/errata/RHSA-2021:4142 This issue has been addressed in the following products: Red Hat Virtualization Engine 4.4 Via RHSA-2022:6393 https://access.redhat.com/errata/RHSA-2022:6393 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Via RHSA-2023:0553 https://access.redhat.com/errata/RHSA-2023:0553 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Via RHSA-2023:0552 https://access.redhat.com/errata/RHSA-2023:0552 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Via RHSA-2023:0554 https://access.redhat.com/errata/RHSA-2023:0554 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2023:0556 https://access.redhat.com/errata/RHSA-2023:0556 This issue has been addressed in the following products: Red Hat OpenStack Platform 16.2 Via RHSA-2025:1070 https://access.redhat.com/errata/RHSA-2025:1070 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2025:1185 https://access.redhat.com/errata/RHSA-2025:1185 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:1210 https://access.redhat.com/errata/RHSA-2025:1210 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2025:1209 https://access.redhat.com/errata/RHSA-2025:1209 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2025:1217 https://access.redhat.com/errata/RHSA-2025:1217 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:1215 https://access.redhat.com/errata/RHSA-2025:1215 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2025:1214 https://access.redhat.com/errata/RHSA-2025:1214 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2025:1213 https://access.redhat.com/errata/RHSA-2025:1213 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2025:1216 https://access.redhat.com/errata/RHSA-2025:1216 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Telecommunications Update Service Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Via RHSA-2025:1212 https://access.redhat.com/errata/RHSA-2025:1212 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:1211 https://access.redhat.com/errata/RHSA-2025:1211 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2025:1247 https://access.redhat.com/errata/RHSA-2025:1247 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Advanced Update Support Via RHSA-2025:1256 https://access.redhat.com/errata/RHSA-2025:1256 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2025:1255 https://access.redhat.com/errata/RHSA-2025:1255 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2025:1310 https://access.redhat.com/errata/RHSA-2025:1310 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2025:1305 https://access.redhat.com/errata/RHSA-2025:1305 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:1300 https://access.redhat.com/errata/RHSA-2025:1300 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:1306 https://access.redhat.com/errata/RHSA-2025:1306 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Telecommunications Update Service Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Via RHSA-2025:1312 https://access.redhat.com/errata/RHSA-2025:1312 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2025:1308 https://access.redhat.com/errata/RHSA-2025:1308 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:1309 https://access.redhat.com/errata/RHSA-2025:1309 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:1304 https://access.redhat.com/errata/RHSA-2025:1304 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2025:1303 https://access.redhat.com/errata/RHSA-2025:1303 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:1314 https://access.redhat.com/errata/RHSA-2025:1314 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2025:1311 https://access.redhat.com/errata/RHSA-2025:1311 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:1315 https://access.redhat.com/errata/RHSA-2025:1315 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:1301 https://access.redhat.com/errata/RHSA-2025:1301 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:1329 https://access.redhat.com/errata/RHSA-2025:1329 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:1338 https://access.redhat.com/errata/RHSA-2025:1338 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:1342 https://access.redhat.com/errata/RHSA-2025:1342 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:1346 https://access.redhat.com/errata/RHSA-2025:1346 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2025:1515 https://access.redhat.com/errata/RHSA-2025:1515 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Advanced Update Support Via RHSA-2025:1514 https://access.redhat.com/errata/RHSA-2025:1514 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Advanced Update Support Via RHSA-2025:1580 https://access.redhat.com/errata/RHSA-2025:1580 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2025:1601 https://access.redhat.com/errata/RHSA-2025:1601 RHEL-7/pki-core was fixed by https://access.redhat.com/errata/RHSA-2021:0851 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Advanced Update Support Via RHSA-2025:2426 https://access.redhat.com/errata/RHSA-2025:2426 |