rhba-2025:1597
Vulnerability from csaf_redhat
Published
2025-02-24 06:54
Modified
2025-08-07 11:27
Summary
Red Hat Bug Fix Advisory: Red Hat Quay v3.9.10 bug fix release

Notes

Topic
Red Hat Quay 3.9.10 is now available with bug fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Quay 3.9.10
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.


To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat Quay 3.9.10 is now available with bug fixes.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Quay 3.9.10",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHBA-2025:1597",
        "url": "https://access.redhat.com/errata/RHBA-2025:1597"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhba-2025_1597.json"
      }
    ],
    "title": "Red Hat Bug Fix Advisory: Red Hat Quay v3.9.10 bug fix release",
    "tracking": {
      "current_release_date": "2025-08-07T11:27:52+00:00",
      "generator": {
        "date": "2025-08-07T11:27:52+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.6"
        }
      },
      "id": "RHBA-2025:1597",
      "initial_release_date": "2025-02-24T06:54:10+00:00",
      "revision_history": [
        {
          "date": "2025-02-24T06:54:10+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-02-24T06:54:10+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-08-07T11:27:52+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Quay v3",
                "product": {
                  "name": "Quay v3",
                  "product_id": "8Base-Quay-3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:quay:3::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Quay"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "quay/quay-bridge-operator-bundle@sha256:2e29f557653b8b39d560ad20d04fa3059a82a8e7a91a38759abbf0ad5e407277_amd64",
                "product": {
                  "name": "quay/quay-bridge-operator-bundle@sha256:2e29f557653b8b39d560ad20d04fa3059a82a8e7a91a38759abbf0ad5e407277_amd64",
                  "product_id": "quay/quay-bridge-operator-bundle@sha256:2e29f557653b8b39d560ad20d04fa3059a82a8e7a91a38759abbf0ad5e407277_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-bridge-operator-bundle@sha256:2e29f557653b8b39d560ad20d04fa3059a82a8e7a91a38759abbf0ad5e407277?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-bundle\u0026tag=v3.9.10-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-bridge-operator-rhel8@sha256:98579eac921a1f826a0076bce00630df914bc828846cb266871330fb84465026_amd64",
                "product": {
                  "name": "quay/quay-bridge-operator-rhel8@sha256:98579eac921a1f826a0076bce00630df914bc828846cb266871330fb84465026_amd64",
                  "product_id": "quay/quay-bridge-operator-rhel8@sha256:98579eac921a1f826a0076bce00630df914bc828846cb266871330fb84465026_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-bridge-operator-rhel8@sha256:98579eac921a1f826a0076bce00630df914bc828846cb266871330fb84465026?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=v3.9.10-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-builder-rhel8@sha256:e7a5ff90f004faeeda52d504f7d4396e2952f5b0021c69d5176e189b25eafec0_amd64",
                "product": {
                  "name": "quay/quay-builder-rhel8@sha256:e7a5ff90f004faeeda52d504f7d4396e2952f5b0021c69d5176e189b25eafec0_amd64",
                  "product_id": "quay/quay-builder-rhel8@sha256:e7a5ff90f004faeeda52d504f7d4396e2952f5b0021c69d5176e189b25eafec0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-builder-rhel8@sha256:e7a5ff90f004faeeda52d504f7d4396e2952f5b0021c69d5176e189b25eafec0?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=v3.9.10-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:4516ea12db56b25d13631446b6d6cbd9f8feac7e4aff6eb25ac0e360e3a4fa01_amd64",
                "product": {
                  "name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:4516ea12db56b25d13631446b6d6cbd9f8feac7e4aff6eb25ac0e360e3a4fa01_amd64",
                  "product_id": "quay/quay-builder-qemu-rhcos-rhel8@sha256:4516ea12db56b25d13631446b6d6cbd9f8feac7e4aff6eb25ac0e360e3a4fa01_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256:4516ea12db56b25d13631446b6d6cbd9f8feac7e4aff6eb25ac0e360e3a4fa01?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=v3.9.10-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/clair-rhel8@sha256:be5aa55fd2dac0cf68de95b4838d9d4036a74498b0105e51700de04ea927178d_amd64",
                "product": {
                  "name": "quay/clair-rhel8@sha256:be5aa55fd2dac0cf68de95b4838d9d4036a74498b0105e51700de04ea927178d_amd64",
                  "product_id": "quay/clair-rhel8@sha256:be5aa55fd2dac0cf68de95b4838d9d4036a74498b0105e51700de04ea927178d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/clair-rhel8@sha256:be5aa55fd2dac0cf68de95b4838d9d4036a74498b0105e51700de04ea927178d?arch=amd64\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=v3.9.10-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-container-security-operator-bundle@sha256:367ea9ce8fd4214c1c88d4954501aed7573ab5d6c914815a5f16c65d14f95636_amd64",
                "product": {
                  "name": "quay/quay-container-security-operator-bundle@sha256:367ea9ce8fd4214c1c88d4954501aed7573ab5d6c914815a5f16c65d14f95636_amd64",
                  "product_id": "quay/quay-container-security-operator-bundle@sha256:367ea9ce8fd4214c1c88d4954501aed7573ab5d6c914815a5f16c65d14f95636_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-container-security-operator-bundle@sha256:367ea9ce8fd4214c1c88d4954501aed7573ab5d6c914815a5f16c65d14f95636?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=v3.9.10-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-container-security-operator-rhel8@sha256:65b1b3bd0d998b41a80b47d4ec4b2f78dea39e1e68d06c110ac39103f5f09984_amd64",
                "product": {
                  "name": "quay/quay-container-security-operator-rhel8@sha256:65b1b3bd0d998b41a80b47d4ec4b2f78dea39e1e68d06c110ac39103f5f09984_amd64",
                  "product_id": "quay/quay-container-security-operator-rhel8@sha256:65b1b3bd0d998b41a80b47d4ec4b2f78dea39e1e68d06c110ac39103f5f09984_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-container-security-operator-rhel8@sha256:65b1b3bd0d998b41a80b47d4ec4b2f78dea39e1e68d06c110ac39103f5f09984?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=v3.9.10-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-operator-bundle@sha256:923b0084f2f6c0c8e097c12fd0b381314b1f2f407ab77a49b97d837c88c8d641_amd64",
                "product": {
                  "name": "quay/quay-operator-bundle@sha256:923b0084f2f6c0c8e097c12fd0b381314b1f2f407ab77a49b97d837c88c8d641_amd64",
                  "product_id": "quay/quay-operator-bundle@sha256:923b0084f2f6c0c8e097c12fd0b381314b1f2f407ab77a49b97d837c88c8d641_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-operator-bundle@sha256:923b0084f2f6c0c8e097c12fd0b381314b1f2f407ab77a49b97d837c88c8d641?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=v3.9.10-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-operator-rhel8@sha256:4305f51c514c95b6a03b5f6390c624dfed6fed361d6e7b0e6f270912e6aeb7c8_amd64",
                "product": {
                  "name": "quay/quay-operator-rhel8@sha256:4305f51c514c95b6a03b5f6390c624dfed6fed361d6e7b0e6f270912e6aeb7c8_amd64",
                  "product_id": "quay/quay-operator-rhel8@sha256:4305f51c514c95b6a03b5f6390c624dfed6fed361d6e7b0e6f270912e6aeb7c8_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-operator-rhel8@sha256:4305f51c514c95b6a03b5f6390c624dfed6fed361d6e7b0e6f270912e6aeb7c8?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=v3.9.10-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-rhel8@sha256:222815636c389658b5692de815033013bc6cd7760a169eff664b2caabf44ec24_amd64",
                "product": {
                  "name": "quay/quay-rhel8@sha256:222815636c389658b5692de815033013bc6cd7760a169eff664b2caabf44ec24_amd64",
                  "product_id": "quay/quay-rhel8@sha256:222815636c389658b5692de815033013bc6cd7760a169eff664b2caabf44ec24_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-rhel8@sha256:222815636c389658b5692de815033013bc6cd7760a169eff664b2caabf44ec24?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=v3.9.10-7"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/clair-rhel8@sha256:be5aa55fd2dac0cf68de95b4838d9d4036a74498b0105e51700de04ea927178d_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/clair-rhel8@sha256:be5aa55fd2dac0cf68de95b4838d9d4036a74498b0105e51700de04ea927178d_amd64"
        },
        "product_reference": "quay/clair-rhel8@sha256:be5aa55fd2dac0cf68de95b4838d9d4036a74498b0105e51700de04ea927178d_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-bridge-operator-bundle@sha256:2e29f557653b8b39d560ad20d04fa3059a82a8e7a91a38759abbf0ad5e407277_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:2e29f557653b8b39d560ad20d04fa3059a82a8e7a91a38759abbf0ad5e407277_amd64"
        },
        "product_reference": "quay/quay-bridge-operator-bundle@sha256:2e29f557653b8b39d560ad20d04fa3059a82a8e7a91a38759abbf0ad5e407277_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-bridge-operator-rhel8@sha256:98579eac921a1f826a0076bce00630df914bc828846cb266871330fb84465026_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:98579eac921a1f826a0076bce00630df914bc828846cb266871330fb84465026_amd64"
        },
        "product_reference": "quay/quay-bridge-operator-rhel8@sha256:98579eac921a1f826a0076bce00630df914bc828846cb266871330fb84465026_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:4516ea12db56b25d13631446b6d6cbd9f8feac7e4aff6eb25ac0e360e3a4fa01_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:4516ea12db56b25d13631446b6d6cbd9f8feac7e4aff6eb25ac0e360e3a4fa01_amd64"
        },
        "product_reference": "quay/quay-builder-qemu-rhcos-rhel8@sha256:4516ea12db56b25d13631446b6d6cbd9f8feac7e4aff6eb25ac0e360e3a4fa01_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-builder-rhel8@sha256:e7a5ff90f004faeeda52d504f7d4396e2952f5b0021c69d5176e189b25eafec0_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-builder-rhel8@sha256:e7a5ff90f004faeeda52d504f7d4396e2952f5b0021c69d5176e189b25eafec0_amd64"
        },
        "product_reference": "quay/quay-builder-rhel8@sha256:e7a5ff90f004faeeda52d504f7d4396e2952f5b0021c69d5176e189b25eafec0_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-container-security-operator-bundle@sha256:367ea9ce8fd4214c1c88d4954501aed7573ab5d6c914815a5f16c65d14f95636_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:367ea9ce8fd4214c1c88d4954501aed7573ab5d6c914815a5f16c65d14f95636_amd64"
        },
        "product_reference": "quay/quay-container-security-operator-bundle@sha256:367ea9ce8fd4214c1c88d4954501aed7573ab5d6c914815a5f16c65d14f95636_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-container-security-operator-rhel8@sha256:65b1b3bd0d998b41a80b47d4ec4b2f78dea39e1e68d06c110ac39103f5f09984_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:65b1b3bd0d998b41a80b47d4ec4b2f78dea39e1e68d06c110ac39103f5f09984_amd64"
        },
        "product_reference": "quay/quay-container-security-operator-rhel8@sha256:65b1b3bd0d998b41a80b47d4ec4b2f78dea39e1e68d06c110ac39103f5f09984_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-operator-bundle@sha256:923b0084f2f6c0c8e097c12fd0b381314b1f2f407ab77a49b97d837c88c8d641_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-operator-bundle@sha256:923b0084f2f6c0c8e097c12fd0b381314b1f2f407ab77a49b97d837c88c8d641_amd64"
        },
        "product_reference": "quay/quay-operator-bundle@sha256:923b0084f2f6c0c8e097c12fd0b381314b1f2f407ab77a49b97d837c88c8d641_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-operator-rhel8@sha256:4305f51c514c95b6a03b5f6390c624dfed6fed361d6e7b0e6f270912e6aeb7c8_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-operator-rhel8@sha256:4305f51c514c95b6a03b5f6390c624dfed6fed361d6e7b0e6f270912e6aeb7c8_amd64"
        },
        "product_reference": "quay/quay-operator-rhel8@sha256:4305f51c514c95b6a03b5f6390c624dfed6fed361d6e7b0e6f270912e6aeb7c8_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-rhel8@sha256:222815636c389658b5692de815033013bc6cd7760a169eff664b2caabf44ec24_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-rhel8@sha256:222815636c389658b5692de815033013bc6cd7760a169eff664b2caabf44ec24_amd64"
        },
        "product_reference": "quay/quay-rhel8@sha256:222815636c389658b5692de815033013bc6cd7760a169eff664b2caabf44ec24_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-11023",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2020-06-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1850004"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.\n\nMultiple Red Hat offerings use doxygen to build documentation. During this process an affected jquery.js file can be included in the resulting package. The \u0027gcc\u0027 and \u0027tbb\u0027 packages were potentially vulnerable via this method.\n\nOpenShift Container Platform 4 is not affected because even though it uses the \u0027gcc\u0027 component, vulnerable code is limited within the libstdc++-docs rpm package, which is not shipped.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nStatic code analysis controls ensure that security flaws, including XSS vulnerabilities, are detected early in development by scanning code for improper input handling. This prevents vulnerable code from reaching production and encourages our developers to follow secure coding practices. System monitoring controls play a crucial role in detecting and responding to XSS attacks by analyzing logs, monitoring user behavior, and generating alerts for suspicious activity. Meanwhile, AWS WAF (Web Application Firewall) adds an extra layer of defense by filtering and blocking malicious input before it reaches the platform and/or application. Together, these controls create a defense-in-depth approach, reducing the risk of XSS exploitation by preventing, detecting, and mitigating attacks at multiple levels.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:be5aa55fd2dac0cf68de95b4838d9d4036a74498b0105e51700de04ea927178d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:2e29f557653b8b39d560ad20d04fa3059a82a8e7a91a38759abbf0ad5e407277_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:98579eac921a1f826a0076bce00630df914bc828846cb266871330fb84465026_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:4516ea12db56b25d13631446b6d6cbd9f8feac7e4aff6eb25ac0e360e3a4fa01_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:e7a5ff90f004faeeda52d504f7d4396e2952f5b0021c69d5176e189b25eafec0_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:367ea9ce8fd4214c1c88d4954501aed7573ab5d6c914815a5f16c65d14f95636_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:65b1b3bd0d998b41a80b47d4ec4b2f78dea39e1e68d06c110ac39103f5f09984_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:923b0084f2f6c0c8e097c12fd0b381314b1f2f407ab77a49b97d837c88c8d641_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:4305f51c514c95b6a03b5f6390c624dfed6fed361d6e7b0e6f270912e6aeb7c8_amd64",
          "8Base-Quay-3:quay/quay-rhel8@sha256:222815636c389658b5692de815033013bc6cd7760a169eff664b2caabf44ec24_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-11023"
        },
        {
          "category": "external",
          "summary": "RHBZ#1850004",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
        },
        {
          "category": "external",
          "summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
          "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2020-04-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-02-24T06:54:10+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:be5aa55fd2dac0cf68de95b4838d9d4036a74498b0105e51700de04ea927178d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:2e29f557653b8b39d560ad20d04fa3059a82a8e7a91a38759abbf0ad5e407277_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:98579eac921a1f826a0076bce00630df914bc828846cb266871330fb84465026_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:4516ea12db56b25d13631446b6d6cbd9f8feac7e4aff6eb25ac0e360e3a4fa01_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:e7a5ff90f004faeeda52d504f7d4396e2952f5b0021c69d5176e189b25eafec0_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:367ea9ce8fd4214c1c88d4954501aed7573ab5d6c914815a5f16c65d14f95636_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:65b1b3bd0d998b41a80b47d4ec4b2f78dea39e1e68d06c110ac39103f5f09984_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:923b0084f2f6c0c8e097c12fd0b381314b1f2f407ab77a49b97d837c88c8d641_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:4305f51c514c95b6a03b5f6390c624dfed6fed361d6e7b0e6f270912e6aeb7c8_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:222815636c389658b5692de815033013bc6cd7760a169eff664b2caabf44ec24_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHBA-2025:1597"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:be5aa55fd2dac0cf68de95b4838d9d4036a74498b0105e51700de04ea927178d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:2e29f557653b8b39d560ad20d04fa3059a82a8e7a91a38759abbf0ad5e407277_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:98579eac921a1f826a0076bce00630df914bc828846cb266871330fb84465026_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:4516ea12db56b25d13631446b6d6cbd9f8feac7e4aff6eb25ac0e360e3a4fa01_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:e7a5ff90f004faeeda52d504f7d4396e2952f5b0021c69d5176e189b25eafec0_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:367ea9ce8fd4214c1c88d4954501aed7573ab5d6c914815a5f16c65d14f95636_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:65b1b3bd0d998b41a80b47d4ec4b2f78dea39e1e68d06c110ac39103f5f09984_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:923b0084f2f6c0c8e097c12fd0b381314b1f2f407ab77a49b97d837c88c8d641_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:4305f51c514c95b6a03b5f6390c624dfed6fed361d6e7b0e6f270912e6aeb7c8_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:222815636c389658b5692de815033013bc6cd7760a169eff664b2caabf44ec24_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:be5aa55fd2dac0cf68de95b4838d9d4036a74498b0105e51700de04ea927178d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:2e29f557653b8b39d560ad20d04fa3059a82a8e7a91a38759abbf0ad5e407277_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:98579eac921a1f826a0076bce00630df914bc828846cb266871330fb84465026_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:4516ea12db56b25d13631446b6d6cbd9f8feac7e4aff6eb25ac0e360e3a4fa01_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:e7a5ff90f004faeeda52d504f7d4396e2952f5b0021c69d5176e189b25eafec0_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:367ea9ce8fd4214c1c88d4954501aed7573ab5d6c914815a5f16c65d14f95636_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:65b1b3bd0d998b41a80b47d4ec4b2f78dea39e1e68d06c110ac39103f5f09984_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:923b0084f2f6c0c8e097c12fd0b381314b1f2f407ab77a49b97d837c88c8d641_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:4305f51c514c95b6a03b5f6390c624dfed6fed361d6e7b0e6f270912e6aeb7c8_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:222815636c389658b5692de815033013bc6cd7760a169eff664b2caabf44ec24_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2025-01-23T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.