Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Red Hat Ansible Tower 3.7.4-1 RHSA-2020:5249-01 Moderate: XSS In jQuery

red hat
Calendar Grey November 30, 2020
Dist Redhat Esm H88
Canonical releases a significant security patch for Ubuntu Server that addresses vulnerabilities in OpenSSL while also improving networking features.
Red Hat Ansible Tower 3.7.4-1 - RHEL7 Container 2

Solution

For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://legacy-controller-docs.ansible.com/ansible-tower/ index.html

Summary

* Fixed two jQuery vulnerabilities (CVE-2020-11022, CVE-2020-11023) * Improved Ansible Tower's web service configuration to allow for processing more simultaneous HTTP(s) requests by default * Updated several dependencies of Ansible Tower's User Interface to address (CVE-2020-7720, CVE-2020-7743, CVE-2020-7676) * Updated to the latest version of python-psutil to address CVE-2019-18874 * Added several optimizations to improve performance for a variety of high-load simultaneous job launch use cases * Fixed workflows to no longer prevent certain users from being able to edit approval nodes * Fixed confusing behavior for social auth logins across distinct browser tabs * Fixed launching of Job Templates that use prompt-at-launch Ansible Vault credentials

Topics%20covered

Topics Covered

security advisory moderate security update Red Hat XSS web service Ansible Tower jQuery

References

https://access.redhat.com/security/cve/CVE-2019-18874 https://access.redhat.com/security/cve/CVE-2020-7676 https://access.redhat.com/security/cve/CVE-2020-7720 https://access.redhat.com/security/cve/CVE-2020-7743 https://access.redhat.com/security/cve/CVE-2020-11022 https://access.redhat.com/security/cve/CVE-2020-11023 https://access.redhat.com/security/updates/classification#moderate

Package List


Advisory ID: RHSA-2020:5249-01
Product: Red Hat Ansible Tower
Advisory URL: https://access.redhat.com/errata/RHSA-2020:5249
Issue date: 2020-11-30

Topic

Red Hat Ansible Tower 3.7.4-1 - RHEL7 Container

Topics%20covered

Topics Covered

security advisory moderate security update Red Hat XSS web service Ansible Tower jQuery

Relevant Releases Architectures

Bugs Fixed

1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

1850004 - CVE-2020-11023 jquery: Passing HTML containing

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here