RHSA-2020:2362: Moderate: Red Hat OpenShift Service Mesh security update
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.Security Fix(es): nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties (CVE-2019-10744) nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or proto payload (CVE-2020-7598) jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) grafana: information disclosure through world-readable grafana configuration files (CVE-2020-12459) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2020:2362?
The severity of RHSA-2020:2362 is classified as high due to the potential for prototype pollution vulnerabilities.
How do I fix RHSA-2020:2362?
To fix RHSA-2020:2362, update your affected packages to the provided versions: servicemesh-grafana 6.2.2-36.el8, servicemesh-grafana-prometheus 6.2.2-36.el8, and jaeger-v1.13.1.redhat7 1.el7.
Which software packages are affected by RHSA-2020:2362?
The affected software packages include servicemesh-grafana, servicemesh-grafana-prometheus, jaeger-v1.13.1.redhat7, and kiali-v1.0.11.redhat1.
When was RHSA-2020:2362 released?
RHSA-2020:2362 was released on September 15, 2020.
What are the potential impacts of RHSA-2020:2362?
The potential impacts of RHSA-2020:2362 include application instability and increased risk of exploitation due to prototype pollution.